Last Call Review of draft-ietf-lmap-use-cases-04
review-ietf-lmap-use-cases-04-secdir-lc-tschofenig-2014-11-20-00
| Request | Review of | draft-ietf-lmap-use-cases |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2014-10-07 | |
| Requested | 2014-09-25 | |
| Authors | Marc Linsner , Philip Eardley , Trevor Burbridge , Frode Sorensen | |
| I-D last updated | 2014-11-20 | |
| Completed reviews |
Genart Last Call review of -04
by Ben Campbell
(diff)
Genart Telechat review of -05 by Ben Campbell (diff) Secdir Last Call review of -04 by Hannes Tschofenig (diff) Opsdir Last Call review of -04 by Bert Wijnen (diff) |
|
| Assignment | Reviewer | Hannes Tschofenig |
| State | Completed | |
| Request | Last Call review on draft-ietf-lmap-use-cases by Security Area Directorate Assigned | |
| Reviewed revision | 04 (document currently at 06) | |
| Result | Has issues | |
| Completed | 2014-11-20 |
review-ietf-lmap-use-cases-04-secdir-lc-tschofenig-2014-11-20-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
This document outlines two main use cases for measuring broadband
performance on a large scale.
The document is well-written and discusses security as well as privacy
concerns.
I have a few remarks regarding the text in the security consideration
section.
You introduce the terms "Measurement Agents", "Subscriber", and
"Measurement Tasks" for the first time in the security consideration
section.
I wonder whether you could describe the problems without actually having
to reference the framework document.
A few remarks regarding the listed issues:
1. a malicious party that gains control of Measurement Agents to
launch DoS attacks at a target, or to alter (perhaps subtly)
Measurement Tasks in order to compromise the end user's privacy,
the business confidentiality of the network, or the accuracy of
the measurement system.
How does the DoS attack against some other party compromise the end
user's privacy? I guess you are referring to the threat described in
Section 5.1.3 of
http://tools.ietf.org/html/rfc6973
2. a malicious party that gains control of Measurement Agents to
create a platform for pervasive monitoring [RFC7258], in order to
attack the privacy of Internet users and organisations.
You might want to explain that the developed protocol mechanism allows
data about the user's communication to be collected. This collected data
allows monitoring.
(I haven't followed the LMAP work in detail but it might be useful to
state what type of data the system is anticipated to collect. If
everything can be collected then a reference to RFC 2804 might be
appropriate.)
6. a measurement system that is vague about who is responsible for
privacy (data protection); this role is often termed the "data
controller".
I would re-write this to:
6. a measurement system that does not indicate who is responsible
for the collection/processing of personal data and who is responsible
for fulfilling the rights of users.
You could also say something about the need to
* prevent unauthorized access to collected measurement data,
* give users the ability to view collected data,
* give users the ability to exert control over sharing, and
* enforce retention periods.
Ciao
Hannes
Attachment:
signature.asc
Description:
OpenPGP digital signature