[Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 22 October 2015 13:29 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ace@ietf.org
Delivered-To: ace@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0357D1A88DF; Thu, 22 Oct 2015 06:29:04 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151022132903.23826.2689.idtracker@ietfa.amsl.com>
Date: Thu, 22 Oct 2015 06:29:03 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/Bgc3Mq3vxvOLi19fVR0ckbLOkuw>
Cc: Hannes.Tschofenig@gmx.net, ace-chairs@ietf.org, ace@ietf.org, draft-ietf-ace-usecases@ietf.org
Subject: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 13:29:04 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-ace-usecases-09: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ace-usecases/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Excellent and well written document, thanks. I think there are five things you could usefully add, see below. That said, I agree that this cannot and should not try to be fully complete so I won't argue (much:-) if you prefer to omit these. We/you can figure out what if any text to add I'm sure, but I'm happy to chat about that. 1. Software update is really needed and often missing and usually hard. There's at least a need to authenticate and authorize new firmware, when there is any update. That may not be the same as authorizing a new config. 2. Alice buys a new device, and would like to know if it is calling home or what it is doing before she configures it, or perhaps before she accepts it in her network. Even if she accepts it, she may want to be able to monitor the data it is sending "home" e.g. to ensure her TV is not sending data when she inserts a USB stick, if that is undesired. 3. Device fingerprinting is a threat that ought be considered by solution developers, especially if there is no reliable software update. Probably the best to be done is to try to make it hard for unauthorized parties to fingerprint a device, but that's also hard. 4. Commercial Devices will be end-of-lifed by vendors, and yet Alice still needs to be able to use, and perhaos to update, the device. That calls for some kind of authorization handover which is not quite the same as a change of ownership. 5. Penetration testing will happen and devices should not barf even then. Maybe that's a security consideration worth a mention. See also the secdir review. [1] It'd be good to see a response to that. [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06101.html
- [Ace] Stephen Farrell's Yes on draft-ietf-ace-use… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Carsten Bormann
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kumar, Sandeep
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Carsten Bormann
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stefanie Gerdes
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty