Re: [dna] next steps on draft-ietf-dna-simple

Jari Arkko <jari.arkko@piuha.net> Thu, 10 December 2009 17:10 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: dna@core3.amsl.com
Delivered-To: dna@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CDA03A6891; Thu, 10 Dec 2009 09:10:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Level:
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ZFOeeWQl96L; Thu, 10 Dec 2009 09:10:18 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id EEFAF3A6801; Thu, 10 Dec 2009 09:10:17 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 585D4D498A; Thu, 10 Dec 2009 19:10:06 +0200 (EET)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YZVogSrXPGq; Thu, 10 Dec 2009 19:10:05 +0200 (EET)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 70C1ED4989; Thu, 10 Dec 2009 19:10:05 +0200 (EET)
Message-ID: <4B212B6C.9020404@piuha.net>
Date: Thu, 10 Dec 2009 19:10:04 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Ted Lemon <mellon@fugue.com>
References: <4B0655CB.2040309@piuha.net> <4B203D25.5090409@ericsson.com> <BLU137-DS1F32A2E3E81C6B537AB94938D0@phx.gbl> <4B21272D.7060605@piuha.net> <79625CA2-73A1-487A-B156-EA36A3C8FFCB@fugue.com>
In-Reply-To: <79625CA2-73A1-487A-B156-EA36A3C8FFCB@fugue.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: DNA <dna@eng.monash.edu.au>, dna@ietf.org, IESG <iesg@ietf.org>, draft-ietf-dna-simple@tools.ietf.org
Subject: Re: [dna] next steps on draft-ietf-dna-simple
X-BeenThere: dna@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <dna.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dna>
List-Post: <mailto:dna@ietf.org>
List-Help: <mailto:dna-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 17:10:22 -0000

Thanks. This is better. Suresh, more text for you to include...

Jari

Ted Lemon wrote:
> On Dec 10, 2009, at 10:51 AM, Jari Arkko wrote:
>   
>> In particular, it MUST NOT decide it has rejoined a network known to be physically secure, and proceed to abandon cryptographic protection.
>>     
>
> I really don't like this language, because it implies that there is such a thing as a network that's physically secure, and because it suggests that there are networks on which secure protocols need not be run.   Recent history would suggest otherwise (see yesterday's articles about penetration of ATM networks, for instance).
>
> I would rather see something like this:
>
> In particular, it MUST NOT decide that it has moved from an untrusted to a trusted network, and MUST NOT make any security decisions that depend on the determination that such a transition has occurred.
>
> _______________________________________________
> dna mailing list
> dna@ietf.org
> https://www.ietf.org/mailman/listinfo/dna
>
>