Deb Cooley has entered the following ballot position for draft-ietf-anima-brski-cloud-16: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-cloud/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- In the security considerations section, please state what the consequences are for the issues listed. For example: --- Section 8.1, para 1: So what? Is there an issue with a Pledge connecting to the Internet before being enrolled? [hint: yes, there is] --- Section 8.1, para 2: While a Pledge should check for firmware updates, validation and transfer of those updates needs to happen in a secure fashion - usually this means source integrity (did the f/w come from the correct place), firmware integrity (is the f/w load the same?), and possibly confidentiality. A sentence to make this more obvious would be good. --- Section 8.2: While reading this long section, I see a recommendation near the bottom. Perhaps reorganizing this section so the recommendation is closer to the top. The goal here is to reduce security issues due to compromised trust anchors (i.e. keep the list small). The second goal is to reduce the issues with requiring an update to the trust store list (properly validating the service). ---- One comment in particular, in para 2, while it might be easier, using one of the WebPKI trust stores will result in many trust anchors that are not applicable. --- Section 8.3: What are the consequences of accepting a redirect when validation fails? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Mike Ounsworth for their (multiple) secdir reviews. Section 4.2, step 6: What/where is this: {pledge-certificate-identity-considerations} ? Section 8.4: What/where is this: {bootstrap-via-cloud-registrar-and-owner-est-service} ? _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
