[secdir] SECDIR review of draft-ietf-trill-esadi-07
Phillip Hallam-Baker <hallam@gmail.com> Thu, 24 April 2014 15:52 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56FDB1A00E1 for <secdir@ietfa.amsl.com>; Thu, 24 Apr 2014 08:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rB3JlMZXLVR3 for <secdir@ietfa.amsl.com>; Thu, 24 Apr 2014 08:52:23 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 30EE01A02CC for <secdir@ietf.org>; Thu, 24 Apr 2014 08:52:22 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id pv20so2137165lab.24 for <secdir@ietf.org>; Thu, 24 Apr 2014 08:52:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=cyr7wxacSNJS8UlS9MN4eKNX/XhKbP0ADyv79d2rq/8=; b=mE/+FkG0c/CSjICySZ/xngUXgdDhR1z8hsv4IyVrzBLzrdvvUoyYiPEG1x8XdMxt+Y g5E5g+4PxbA96gzVL2DGEsIppTXbM5aoHMGyxQ7dVlqY//66lcRb8bfkPvzCmgGOLA8U x7AdQgG5Zm/wA596q4dvjAJI+actInWGmXZog7Oeu+F4aycS9JODnQsgyFX6ls2td9fj 7HINbeT6aJiQnVGzZo94qVT78Wex1+/1NLjX2jPsl0svOegt9p0/bFtnVO9JdLXEucWf +b40QYi65RcF7DqJwjsdE7iTOv8/Gg90AUJoJ9nz/aueRI600UREdMxEvyDzvqIpIL5Q M0IQ==
MIME-Version: 1.0
X-Received: by 10.112.241.73 with SMTP id wg9mr1680703lbc.48.1398354736527; Thu, 24 Apr 2014 08:52:16 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 24 Apr 2014 08:52:15 -0700 (PDT)
Date: Thu, 24 Apr 2014 11:52:15 -0400
Message-ID: <CAMm+LwgcA98LiubRSOgEAFSgXyWzT_rk-WyriY_SXq8AMBim3g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-trill-esadi.all@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/KWwtNS61COz6jCbrzPL3A0WIDfU
Subject: [secdir] SECDIR review of draft-ietf-trill-esadi-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 15:52:25 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is describing extensions to a routing infrastructure. As such the only security properties that are reasonably achievable without inappropriate assumptions such as trustworthy routing nodes is to assure continuity of service. We should assume that authentication and confidentiality of the message content are assured via some end-to-end means where the ends are the source and destination of the messages. [It would be rather useful if the IAB would draft a document that would state what security properties are expected at which level] ESADI does provide for improved service assurances by allowing the authentication of nodes. What is less clear is how this authentication is leveraged Section 5.1 suggests that authenticating endpoints permits higher confidence to be built up. if end nodes are authenticated to their MAC address. But this authentication only has value if there is a chain of custody authentication to the relying party. Section 6.2 describes a mechanism that might be relevant here. A pointer would be helpful. -- Website: http://hallambaker.com/
- [secdir] SECDIR review of draft-ietf-trill-esadi-… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-trill-es… Donald Eastlake