Re: [Last-Call] Secdir telechat review of draft-ietf-alto-path-vector-22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Samuel,

Thanks for the feedback. Please see our replies inline.

Best,
Kai


> -----Original Messages-----
&gt; From: "Samuel Weiler via Datatracker" <noreply@xxxxxxxx>
&gt; Sent Time: 2022-02-26 05:38:53 (Saturday)
&gt; To: secdir@xxxxxxxx
&gt; Cc: alto@xxxxxxxx, draft-ietf-alto-path-vector.all@xxxxxxxx, last-call@xxxxxxxx
&gt; Subject: Secdir telechat review of draft-ietf-alto-path-vector-22
&gt; 
&gt; Reviewer: Samuel Weiler
&gt; Review result: Not Ready
&gt; 
&gt; The security considerations text in this document has changed markedly - and
&gt; multiple times - from when I reviewed it at version -19.  I'm flagging this as
&gt; "Not Ready" mostly because I think it deserves another set of eyes (e.g. the
&gt; ADs').

Thanks for the comment. Indeed we have revised the security section but these changes are to address the DISCUSS raised in the IEST reviews. The proposed texts are mainly based on our discussions with Roman [1].

[1] https://mailarchive.ietf.org/arch/msg/alto/PSjlTNhHKGdcjIHC8XYkxdulMzU/

&gt; 
&gt; An intermediate version (-20) required the use of Digital Right Management
&gt; (DRM).  In -22, that's toned down to a recommendation.  What other non-DRM
&gt; technical solutions might help?

Thanks for the comment. The requirement on DRM is toned down based on the IESG reviews [2]. Note that we have already instructed in the document that ALTO server/client should follow the guideline in RFC 7285 to protect the confidentiality in communication. The DRM approach in this document is used for the case where an authorized client, after it retrieves the information from the ALTO server, leaks the information to an unauthorized client. We feel this problem is not specific to path vector and the use of DRM is inherited from RFC 7285.

[2] https://mailarchive.ietf.org/arch/msg/alto/Q6XiR0N9LZJxPjyJQvJEDaH_KyM/

&gt; 
&gt; It feels weird to have the the server being instructed do out-of-band things,
&gt; e.g.:
&gt; 
&gt;            The ALTO server MUST carefully verify that the deployment
&gt;            scenario satisfies the security assumptions of these methods before
&gt;            applying them to protect Path Vector services with sensitive network
&gt;            information.
&gt; 
&gt; This sounds like a requirement for the operator of the server, which the server
&gt; is in no position to enforce - and we're providing no technical measure for
&gt; enforcing.
&gt; 

We agree. It should the operator of the ALTO server who verifies the conditions. How about we use the following texts:

    The ALTO service provider MUST carefully verify that the deployment
    scenario satisfies the security assumptions of these methods before
    applying them to protect Path Vector services with sensitive network
    information.</noreply@xxxxxxxx>
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux