IETF Logo Mail Archive

Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

"Alvaro Retana (aretana)" <aretana@cisco.com> Mon, 11 September 2017 22:14 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EADE6132D89; Mon, 11 Sep 2017 15:14:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D84wINQQuFPi; Mon, 11 Sep 2017 15:14:26 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17BD2126B71; Mon, 11 Sep 2017 15:14:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3256; q=dns/txt; s=iport; t=1505168066; x=1506377666; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=GbU4oQ3Oyj6G4kH6udYE1x1aGlshnM6K8YdhwOqH2gY=; b=TOihaAC98JbYdP6F0Rc7+S5paCusqVE6+N3Rzi7QeYyOcYeBhITV7qmR hDaDJZcmjf3V6nvtK3vC59nwEMT8pqo1D7A/EZGgxn8ZIjIJ+m4Cy5v+J 8Xzw2LK9P8tuMmcuS9U+LPcirWaPOn17+eQ7vgb7mBAT290aJtQlxsiWK Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ALAwD5CbdZ/4kNJK1UCRkBAQEBAQEBAQEBAQcBAQEBAYNbgVInB4NwmkSKLpABCoU+AhqECVcBAgEBAQEBAmsohRkGIxFFEAIBCBoCJgICAh8RFRACBAENBYoZAxWrCYInhzQNg28BAQEBAQEBAQEBAQEBAQEBAQEBAQEdgQ6CHYICgVCCDguCcoJYgXWDPTCCMQEEigaOLogEPAKPWYR2knGMU4grAhEZAYE4AVeBDXcVXAGFBRyBZ3aJe4EPAQEB
X-IronPort-AV: E=Sophos;i="5.42,380,1500940800"; d="scan'208";a="1513112"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 11 Sep 2017 22:14:25 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8BMEP8U027605 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 11 Sep 2017 22:14:25 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 11 Sep 2017 17:14:24 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1263.000; Mon, 11 Sep 2017 17:14:24 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: Spencer Dawkins <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "ideas-chairs@ietf.org" <ideas-chairs@ietf.org>, "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
Thread-Index: AQHTK0tTGAquvPuZ9UezZyZyt3mQ2A==
Date: Mon, 11 Sep 2017 22:14:24 +0000
Message-ID: <8402A18E-1905-424C-8DF2-A0038D1C6413@cisco.com>
References: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com>
In-Reply-To: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.25.0.170815
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.4]
Content-Type: text/plain; charset="utf-8"
Content-ID: <486EA29433CCA749BE7233A14BBE6614@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/nwYK1_Q0IyqxK6T2KjFHvXYqipk>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2017 22:14:28 -0000

Spencer:

Hi!

The support documents are listed as examples, and the current intent is not to publish them.

I fully expect the Framework to have appropriate Security Considerations (i.e. not a section saying that other documents will consider security) so that every future document doesn’t have to re-examine, at least the general portion.  Other documents may obviously contain specific considerations applicable to them (for extensions, protocols, etc.).

If you want to, I can add a line pointing explicitly at general security implications of GRIDS as part of the items that should be considered when developing the framework.

Thanks!

Alvaro.

On 9/8/17, 6:01 PM, "Spencer Dawkins" <spencerdawkins.ietf@gmail.com> wrote:

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

If only "Yes, but ..." was a position I could select ...

I'm really glad to see this going forward - enough to ballot "Yes".

This looks like a framework that could be used in a number of use cases, and my
"Yes, but ..." is that it's not clear to me, how much analysis of ID/Loc
separation security implications that some folks downstream are going to have
to do, when using this framework.

I'm remembering an exchange with a document editor on the last telechat that
could be summarized as "we didn't do the work on general security implications
of X, so each usage of X has to do that work itself, rather than pointing to
previous work". OK, if that's where we are, but IDEAS hasn't already done the
same thing (yet).

I'm looking at deliverables like "Requirements for identity authentication and
authorization service (for GRIDS)" and "Threat model document", so I know
there's SOMEthing in there, but I don't know what else might be required, if
someone wanted to think about the general security implications of GRIDS, and I
note that those deliverables are listed as living drafts or wiki entries, which
doesn't sound like anything GRIDS framework usages would be able to point to,
when they need to look at security implications.

Is a look at general security implications, in a form that specific framework
usages can point to, on the table for IDEAS?

(It doesn't have to be, for me to ballot Yes, but I did have to ask, right?)

v2.23.0 | Report a Bug | By Email