[cicm] CICM Scope
"Novikov, Lev" <lnovikov@mitre.org> Mon, 15 August 2011 21:20 UTC
Return-Path: <lnovikov@mitre.org>
X-Original-To: cicm@ietfa.amsl.com
Delivered-To: cicm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00EF21F8D2E for <cicm@ietfa.amsl.com>; Mon, 15 Aug 2011 14:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xG3nAuJLKogm for <cicm@ietfa.amsl.com>; Mon, 15 Aug 2011 14:20:17 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id F058E21F8D2F for <cicm@ietf.org>; Mon, 15 Aug 2011 14:20:12 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1C9DA21B0EF5; Mon, 15 Aug 2011 17:20:59 -0400 (EDT)
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 1683121B02EB; Mon, 15 Aug 2011 17:20:59 -0400 (EDT)
Received: from IMCMBX3.MITRE.ORG ([129.83.29.206]) by imchub1.MITRE.ORG ([129.83.29.73]) with mapi; Mon, 15 Aug 2011 17:20:58 -0400
From: "Novikov, Lev" <lnovikov@mitre.org>
To: "CICM Discussion List (cicm@ietf.org)" <cicm@ietf.org>
Date: Mon, 15 Aug 2011 17:19:56 -0400
Thread-Topic: CICM Scope
Thread-Index: AcxbkRMh9Y390meMR22bUzEoml09qA==
Message-ID: <F9AB58FA72BAE7449E7723791F6993ED0630D5F197@IMCMBX3.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "cryptography@randombit.net" <cryptography@randombit.net>
Subject: [cicm] CICM Scope
X-BeenThere: cicm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: CICM Discussion List <cicm@ietf.org>
List-Id: CICM Discussion List <cicm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cicm>, <mailto:cicm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cicm>
List-Post: <mailto:cicm@ietf.org>
List-Help: <mailto:cicm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cicm>, <mailto:cicm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 21:20:17 -0000
(Cross-posted on the Cryptography mailing list at randombit.net) I've been doing a bit of reading based on the comments we've received. The results of the BOF at IETF 81 suggested we should broaden our scope and discuss the impact of the CICM Model, particularly Security Domain Separation, on (2 or more) existing IETF protocols. Here are the suggestions we've heard to-date (in no particular order): * IPsec (suggested by almost everyone) * TLS (via Paul Hoffman, David McGrew) * AEAD (in RFC 5116; via David McGrew) * VPN establishment crypto protocols (via Alfonso De Gregorio) * Domain Security Services (as in RFC 3183; via Alfonso De Gregorio) ** Alfonso: Can you elaborate on which protocols you had in mind regarding VPN? It seems clear that, at the very least, we should look at IPsec. Perhaps first, however, we should put together a crisper version of draft-lanz-cicm-lm "CICM Logical Model" which we can then use as the basis for analysis to address questions like: (via David McGrew) * What benefit does the CICM model provide in cases where there isn't a strict separation between security domains? * How can the CICM model operate if only one of the communicating parties uses the model? * What is the impact of having queues between plaintext and ciphertext on: - latency - jitter - retransmission timers - TCP startup time - bufferbloat * What is the impact of not providing return codes to a secure-side application sending a packet? What about "no route to host" and MTUs? * Regarding applying the CICM model to IPsec: - How would it map onto the IPsec Security Association Database? - Where do the different parts of the IPsec architecture reside? - How is information that needs to cross domains (e.g., TOS byte) handled? - How is ICMP handled? At a higher level, we could also address questions such as: * How can we further push responsibility for performing cryptography correctly into the crypto (e.g., being responsible for initialization vectors)? (via David McGrew) * How can we improve integrity guarantees between security domains or among system-level components? (via Alfonso De Gregorio) * How can we improve the practice of transmitting and storing data at mixed levels of sensitivity? (via Joe Mitola) Other ideas / questions? Are there other people / WGs we should get involved? Lev
- [cicm] CICM Scope Novikov, Lev
- Re: [cicm] CICM Scope Alfonso De Gregorio