[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New security considerations for model

I've been preparing the model document for its WG last call.  Most of the
necessary changes are quite minor, but I realized that the security
considerations section is broken.  The current text consists primarily of a
reference to the architecture document.  This is the same architecture
document that we want to revise since it's fallen out of sync with the other
docs, so it doesn't seem great to have a normative reference to it as the
answer for security considerations.

I wrote the following as a replacement for the current security
considerations section in draft-ietf-cdi-model-00. Comments are welcome.  In
the absence of comments, I'll put in this text and start the last call on
Tuesday next week.

--Mark

6. Security Considerations

   This document defines terminology and concepts for content
   internetworking.  The terminology itself does not introduce any
   security-related issues.  The implementation of content
   internetworking concepts does raise some security-related issues,
   which we identify in broad categories below.  Other CDI documents
   will address their specific security-related issues in more detail.

   Secure relationship establishment: content internetworking must
   provide means to ensure that content networks are internetworking
   only with other content networks as intended.  It must be possible to
   prevent unauthorized internetworking or spoofing of another network's
   identity.

   Secure content transfer: content internetworking must support
   content-network mechanisms that ensure content is delivered only as
   appropriate, even when the delivering network is not the originating
   network.  Content internetworking must allow for mechanisms to
   prevent theft or corruption of content.

   Secure meta-content transfer: content internetworking must support
   the movement of accurate, reliable, auditable information about costs
   and performance between content networks.  Content internetworking
   must allow for mechanisms to prevent the diversion or corruption of
   accounting data and similar meta-content.