Last Call Review of draft-hoffman-tao-as-web-page-
review-hoffman-tao-as-web-page-secdir-lc-yu-2012-07-13-00

Request Review of draft-hoffman-tao-as-web-page
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-07-13
Requested 2012-06-19
Other Reviews Genart Last Call review of - by Roni Even (diff)
Review State Completed
Reviewer Tom Yu
Review review-hoffman-tao-as-web-page-secdir-lc-yu-2012-07-13
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03404.html
Review result Ready
Draft last updated 2012-07-13
Review closed: 2012-07-13

Review
review-hoffman-tao-as-web-page-secdir-lc-yu-2012-07-13

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The Security Considerations section says

   The Tao is available over TLS at <

https://www.ietf.org/tao.html

>.

This statement seems to imply that protecting the integrity of the Tao
while transmitting it to a reader is important.  The public nature of
the Tao implies that the confidentiality of this channel is also not a
significant concern.  It seems odd to make a statement about the
integrity of the channel between the reader and the www.ietf.org web
server, while saying nothing about the channel that the Tao editor
uses.  It is likely that an attack on the integrity of the editing
channel will have a far greater impact than an attack on the integrity
of the reading channel.

On the other hand, malicious manipulation of the Tao will probably at
worst mislead newcomers about the workings of the IETF, because the
formal process specifications for the IETF are BCP RFCs.
Additionally, if the editor of the Tao can only edit a proposed text,
rather than the officially published version, the IESG can presumably
discover any malicious alterations of the proposed text prior to
approving it.  It seems reasonable to assume that any process that the
IETF Secretariat uses to publish the proposed text after its IESG
approval is no less secure than the processes for publishing other
official information on the IETF web site.