[Ecrit] Fwd: Re: DISCUSS: draft-ietf-ecrit-lost
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Wed, 05 March 2008 10:00 UTC
Return-Path: <ecrit-bounces@ietf.org>
X-Original-To: ietfarch-ecrit-archive@core3.amsl.com
Delivered-To: ietfarch-ecrit-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FF0428C763; Wed, 5 Mar 2008 02:00:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[AWL=-0.540, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnDf7qChRkKU; Wed, 5 Mar 2008 02:00:55 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6FA1528C75C; Wed, 5 Mar 2008 02:00:55 -0800 (PST)
X-Original-To: ecrit@core3.amsl.com
Delivered-To: ecrit@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 78A2E28C75D for <ecrit@core3.amsl.com>; Wed, 5 Mar 2008 02:00:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7yafMi-QRZq for <ecrit@core3.amsl.com>; Wed, 5 Mar 2008 02:00:53 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 03C5628C75B for <ecrit@ietf.org>; Wed, 5 Mar 2008 02:00:52 -0800 (PST)
Received: (qmail 25637 invoked by uid 0); 5 Mar 2008 10:00:43 -0000
Received: from 192.100.124.218 by www080.gmx.net with HTTP; Wed, 05 Mar 2008 11:00:42 +0100 (CET)
Date: Wed, 05 Mar 2008 11:00:42 +0100
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Message-ID: <20080305100042.160460@gmx.net>
MIME-Version: 1.0
To: ecrit@ietf.org
X-Authenticated: #29516787
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1/VOK1gMS/VXKLRq7wGliSJiu/s1ZtPBUAo7ZpJ1Y DJAtX6LH1Nlf11kJ2DhMOISi+GL8FE7cpgRA==
X-GMX-UID: Kwa7dJoLODB6cJkCsWVMfKI9Ji9SWlK/
Subject: [Ecrit] Fwd: Re: DISCUSS: draft-ietf-ecrit-lost
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ecrit-bounces@ietf.org
Errors-To: ecrit-bounces@ietf.org
FYI -------- Original-Nachricht -------- Datum: Tue, 4 Mar 2008 11:06:44 -0500 Von: Tim Polk <tim.polk@nist.gov> An: Ted Hardie <hardie@qualcomm.com> CC: "iesg@ietf.org" <iesg@ietf.org>, "ecrit-chairs@tools.ietf.org" <ecrit-chairs@tools.ietf.org>, "draft-ietf-ecrit-lost@tools.ietf.org" <draft-ietf-ecrit-lost@tools.ietf.org> Betreff: Re: DISCUSS: draft-ietf-ecrit-lost Ted, Thanks for the quick response. Yes, this text would work for me. Tim Polk On Mar 4, 2008, at 10:35 AM, Ted Hardie wrote: > At 12:24 PM -0800 3/3/08, Tim Polk wrote: >> Discuss: >> The introduction suggests that LoST may be appropriate for non- >> emergency services >> as well, but does not revisit that notion anywhere else in the >> document. As noted in Joe >> Salowey's secdir review, there may be different threats or >> motivations which could affect >> the applicability of LoST to such applications. From his review: >> >> 3) Use in non-ecrit cases - has much thought been given to the >> use of >> LoST in non-Ecrit cases? There may be different threats or at >> least >> motivations than those covered in draft-ietf-ecrit-security- >> threats. >> For example, in non-ecrit cases an attacker may seek monetary >> benefit >> through attacking the LoST protocol to return inaccurate service >> mapping >> information. The suggestion here is to either consider this >> case of >> non-ecrit in more detail or to state that threats outside ecrit >> cases >> may be different. >> >> At a minimum, the security considedrations section should note that >> non-emergency services may face a different set of threats. The >> requirements >> for these services should be carefully reviewed to ensure that >> LoST can be >> used to achieve the service's security requirements. > > Proposed RFC Editor note: > > OLD: > > A more detailed description of threats and security requirements > are provided in [17]. > > > NEW: > > A more detailed description of threats and security requirements > are provided in [17]. > The threats and security requirements in non-emergency service > uses of LoST may be considerably different from those described here. > For example, an attacker might seek monetary benefit by returning > service mapping information which directed users to specific service > providers. Before deploying LoST in new contexts, a thorough analysis > of the threats and requirements specific to that context should > be undertaken and decisions made on the appropriate mitigations. > > > Please let me know if this works to satisfy your concerns, > regards, > Ted Hardie > > > _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www.ietf.org/mailman/listinfo/ecrit
- [Ecrit] [Fwd: DISCUSS: draft-ietf-ecrit-lost] Hannes Tschofenig
- [Ecrit] Fwd: Re: DISCUSS: draft-ietf-ecrit-lost Hannes Tschofenig