[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt

To: ipdvb@erg.abdn.ac.uk
Subject: Re: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
From: Michael Noisternig <mnoist@cosy.sbg.ac.at>
Date: Wed, 24 Oct 2007 19:12:38 +0200
In-reply-to: <>
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Icedove 1.5.0.12 (X11/20070730)

Dear authors,

I'll take the last chance and raise my hand once more. There is only twominor issues I have with the current document.

First, I want to repeat what I asked for in a previous mail. There ismissing some additional case/motivation for ULEsec in the threatanalysis section:


What you've got is

- you want end-to-end security, and you can use it (but-last paragraphof section 3.1),

- you do not need end-to-end security (last paragraph of 3.1).

What is missing is
- you want end-to-end security, but you CANNOT use it.

Therefore I suggest to add the following paragraph at the end of section3.1:

ULE links may also be used for communications where the two end-pointsare not under central control (e.g., when browsing a public web site).In these cases, it may be impossible to enforce any end-to-end securitymechanisms. Yet, a common objective is that users can rely on securityassumptions as of wired links. ULE security could achieve this byprotecting the vulnerable (in terms of passive attacks) ULE link.

Second, I only realized this now, but you are mixing data (traffic) flowconfidentiality with data confidentiality. Data confidentiality meansprotecting the payload data, the content, against eavesdropping. Data(or traffic) _flow_ confidentiality has to do with concealing addresses,packet lengths, or frequency of communication. So identity protection isa type of data flow confidentiality, while data confidentiality willsimply do encryption of the payload. There is several instances of thismix-up:


Section 3.3, case 1, should say:

In this scenario, measures must be taken to protect the ULE payload dataand the identity of ULE Receivers.


Section 4, item 1: Data confidentiality is the major requirement...

Section 4, case 1: Data confidentiality MUST be provided...


Gorry Fairhurst wrote:


This note starts the WG two week Last-Call for comments for the WG
document named below:

Security requirements for the Unidirectional Lightweight
Encapsulation (ULE) protocol

http://www.ietf.org/internet-drafts/draft-ietf-ipdvb-sec-req-04.txt

This Last-Call will end on midnight GMT, 30th September 2007.

Members of the IETF ipdvb WG are now asked to read the above draft andsend any issues, comments, or corrections to this mailing list. The WGLC

procedure is the last chance for this working group to modify/correct

this document. This document is intended for publication as anINFORMATIONAL RFC.


Please *DO* forward any comments to the list. The document shepherd for
the process following completion of the WGLC shall be the ipdvb
Chair (Gorry Fairhurst).

Best wishes,

Gorry Fairhurst
(ipdvb WG Chair)

Follow-Ups:
- Re: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
  - From: Michael Noisternig <mnoist@cosy.sbg.ac.at>

References:
- WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
  - From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>

Prev by Date: Re: 70th IETF - Working Group/BOF Scheduling
Next by Date: Re: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
Previous by thread: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
Next by thread: Re: WG Last-Call (WGLC) for comments: draft-ietf-ipdvb-sec-req-04.txt
Index(es):
- Date
- Thread