Kathleen Moriarty has entered the following ballot position for draft-ietf-grow-irr-routing-policy-considerations-05: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-grow-irr-routing-policy-considerations/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I see you have some high-level considerations that could encompass the various security properties that would be expected, but would prefer to see them spelled out a bit. For instance, in the first paragraph of the security considerations section: "operators may want to be circumspect about ingesting contents from external parties" Wouldn't you want to see integrity protection so that the operators would have some level of assurance that the source is who they think it is and that the data has not been tampered. This might apply to the described examples where FTP is used to share information. Authentication would be helpful here too. Then, if automation increases, you would also want confidentiality (session encryption for privacy and security reasons). C This this is a summary of current state, this is just a comment. But I would think these properties are used in the current state - at least integrity protection and authentication. (Security's CIA principle) Thanks. _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow
