IETF Logo Mail Archive

Re: [Dime] unexpected consequence of deprecating E2E security in RFC 3588 bis

jouni korhonen <jouni.nospam@gmail.com> Wed, 03 October 2012 08:43 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EF9021F8489 for <dime@ietfa.amsl.com>; Wed, 3 Oct 2012 01:43:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.576
X-Spam-Level:
X-Spam-Status: No, score=-3.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZ4j9NHQPDuh for <dime@ietfa.amsl.com>; Wed, 3 Oct 2012 01:43:42 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id BE4CF21F84A1 for <dime@ietf.org>; Wed, 3 Oct 2012 01:43:41 -0700 (PDT)
Received: by weyu46 with SMTP id u46so4561105wey.31 for <dime@ietf.org>; Wed, 03 Oct 2012 01:43:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=gn5oVaMU+cJhk+CuFDplXRVKxXwfBiYmPcU/69/PKCs=; b=xtwv3UvzxBAVV46M3sp4MyhRMbFsq/9na93kGaT5eOusL4eXm1wi9O9j2LY8qCQLxq DZzjfOuR03U9nn5od475CK3gwtZGN22qZvzRZoadIsr8ErNq3dnyi+FLBNaYoLhDaj7p vB4YW/E8i5PyptvDAiadksw45gDdj47w2IxrZyQJq80qbZF8HhM33pjIyIALqZBePuNx 1V1jpme7G5DrptDiNjvdHf9qPN06k7MglEisZcqeo1UD3+3m7lF65vI7P9CQKTrETCZI Dgrk8tEBSF9TLuVCGdu4n6lLgktjFyv2tl8r6fVG1rsJNB+ngo1Qukh0l1xBFya8Szc5 OY3A==
Received: by 10.180.76.69 with SMTP id i5mr3335773wiw.9.1349253820845; Wed, 03 Oct 2012 01:43:40 -0700 (PDT)
Received: from ?IPv6:2001:6e8:2100:100:223:32ff:fec9:7938? ([2001:6e8:2100:100:223:32ff:fec9:7938]) by mx.google.com with ESMTPS id hv8sm30147221wib.0.2012.10.03.01.43.37 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 03 Oct 2012 01:43:39 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="iso-8859-1"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <1836CE1BA4F81F46921CA0334F7E4274583132FE03@HE113456.emea1.cds.t-internal.com>
Date: Wed, 03 Oct 2012 11:43:35 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3C908D20-2417-42B4-876A-C1743BA1F94F@gmail.com>
References: <5062DD0C.2080300@gmail.com> <27169_1348684002_506348E2_27169_14408_1_6B7134B31289DC4FAF731D844122B36E074A1A@PEXCVZYM13.corporate.adroot.infra.ftgroup> <5063CEC3.9080305@gmail.com> <1836CE1BA4F81F46921CA0334F7E4274583123AEA0@HE113456.emea1.cds.t-internal.com> <5064329D.40203@gmail.com> <20096_1348913297_5066C891_20096_2169_1_6B7134B31289DC4FAF731D844122B36E0758C4@PEXCVZYM13.corporate.adroot.infra.ftgroup> <5066CB47.1070807@gmail.com> <19603_1348915144_5066CFC8_19603_1305_1_6B7134B31289DC4FAF731D844122B36E0758E2@PEXCVZYM13.corporate.adroot.infra.ftgroup>, <5066EA99.3020801@gmail.com> <26184_1349003712_506829C0_26184_9758_1_tTKzDPgZM1TV@TJw0VVKN> <50684D98.8010400@cs.tcd.ie> <1836CE1BA4F81F46921CA0334F7E4274583132FE03@HE113456.emea1.cds.t-internal.com>
To: dieter.jacobsohn@telekom.de
X-Mailer: Apple Mail (2.1084)
Cc: draft-ietf-dime-rfc3588bis@tools.ietf.org, Stefan.Schroeder06@telekom.de, dime@ietf.org, turners@ieca.com, stephen.farrell@cs.tcd.ie
Subject: Re: [Dime] unexpected consequence of deprecating E2E security in RFC 3588 bis
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2012 08:43:43 -0000

On Oct 2, 2012, at 1:40 PM, <dieter.jacobsohn@telekom.de> <dieter.jacobsohn@telekom.de> wrote:

> Hello all
> a question for me is also what exactly do we mean by:
> 
>> "MUST NOT be sent via intermediate nodes unless there is end-to-end 
>> security between the originator and recipient "
> 
> Which kind of e2e security? There is no such thing in Diameter right now, or did I miss something?

There is no such thing.. But we have the lack of it reflected in our charter.
Two meetings ago we had some discussion around the topic during the WG meeting.

> We can only do e2e security by hop-by-hop security (IPsec or TLS), if there is NO intermediate (Diameter) node.
> So, either we have e2e security, then there is no intermediate node - or we have intermediate nodes, then there can't be e2e security. 

As for now, you can go around this for coming applications by application
specific means; like defining AVPs that inherently only carry encrypted
payload etc.

- Jouni



> 
> 
> Best regards
> Dieter Jacobsohn
> 
> 
> Deutsche Telekom AG
> Group Technology
> Dieter Jacobsohn
> Landgrabenweg 151, 53227 Bonn
> +49 228 936-18445 (Tel.)
> +49 391 5801 46624 (Fax)
> +49 171 2088 710 (Mobil)
> E-Mail: dieter.jacobsohn@telekom.de
> www.telekom.com    
> 
> Erleben, was verbindet.  
> 
> Deutsche Telekom AG
> Aufsichtsrat: Prof. Dr. Ulrich Lehner (Vorsitzender)
> Vorstand: René Obermann (Vorsitzender),
> Dr. Manfred Balz, Reinhard Clemens, Niek Jan van Damme,
> Timotheus Höttges, Claudia Nemat,  Prof. Dr. Marion Schick
> Handelsregister: Amtsgericht Bonn HRB 6794
> Sitz der Gesellschaft Bonn
> USt-IdNr. DE 123475223
> 
> Große Veränderungen fangen klein an - Ressourcen schonen und nicht jede E-Mail drucken. 
> 
> 
> _______________________________________________
> DiME mailing list
> DiME@ietf.org
> https://www.ietf.org/mailman/listinfo/dime

v2.23.0 | Report a Bug | By Email