Hi,
I think the security considerations section in draft-ietf-alto-protocol-14
is indeed a big mess. I mean nothing what's written there is really
wrong but it does not seem to be the result of a systematic analysis
what our relevant threats and countermeasures are.
We should try to give this section a systematic structure, probably
based on the basic protection goals of almost any networked system.
My proposal is:
13. Security Considerations
13.1. Authenticity and Integrity of ALTO queries and responses
13.1.1. Threat scenarios
13.1.2. High-level discussion of scenarios and protection mechanisms
13.1.3. Recommendations for configuration of specific protection mechanisms
in the protocol
13.2. Confidentiality of ALTO queries and responses
13.2.1. Threat scenarios
13.2.2. High-level discussion of scenarios and protection mechanisms
13.2.3. Recommendations for configuration of specific protection mechanisms
in the protocol
13.3. Availability of the ALTO service
13.3.1. Threat scenarios
13.3.2. High-level discussion of scenarios and protection mechanisms
13.3.3. Recommendations for configuration of specific protection mechanisms
in the protocol
For authenticity/integrity threat scenarios we already have some text in
RFC 5693, Sec. 6 that could be cited or copied and refined.
For confidentiality threat scenarios and discussion we have a rather
extensive analysis in RFC 6708, Sec 5.2 that should be just cited.
Just my $0.02
Sebastian
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
