Re: Security for various IETF services

Stewart Bryant <stbryant@cisco.com> Mon, 07 April 2014 14:25 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B42A41A079F; Mon, 7 Apr 2014 07:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.511
X-Spam-Level:
X-Spam-Status: No, score=-9.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8Kg5ie3T83n; Mon, 7 Apr 2014 07:25:23 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id 4972E1A045A; Mon, 7 Apr 2014 07:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=565; q=dns/txt; s=iport; t=1396880713; x=1398090313; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=ZL+MmQ/hUbZq4qK32Im00lJLNdUF0LkYFgeXjtBYs9k=; b=QBja5QVFaeCwXtgbB2VVnCZt0mxtb4ky1m63FhulEumLVLGGLoc3u09q gu/+ktSE2gf1Wups052ZXUtDYjHRWKXy/jjybVJrRc77WVhcvecVtgLTT dl892WJMu1AALfrFNzBRIC2JGNP8gk7grejW9eCqusWN1Eek0/8XV/Gbc o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgkFAGG0QlOtJssG/2dsb2JhbABZgwbCHoMOgSIWdIIlAQEBBDhAARALGAkWDwkDAgECAUUGAQwBBwEBh3WvL5wlF45xB4Q4AQOYW5I/gzE
X-IronPort-AV: E=Sophos;i="4.97,810,1389744000"; d="scan'208";a="14536419"
Received: from aer-core-1.cisco.com ([173.38.203.6]) by aer-iport-1.cisco.com with ESMTP; 07 Apr 2014 14:25:12 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s37EP1GI019265 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Apr 2014 14:25:01 GMT
Received: from STBRYANT-M-R010.CISCO.COM (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id s37EOvhF015251; Mon, 7 Apr 2014 15:24:58 +0100 (BST)
Message-ID: <5342B539.6030604@cisco.com>
Date: Mon, 07 Apr 2014 15:24:57 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>, Ted Lemon <ted.lemon@nominum.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: Security for various IETF services
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com> <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com> <53427277.30707@cisco.com> <B275762E-3A1A-44A3-80BE-67F4C8B115B2@trammell.ch> <53428593.3020707@cs.tcd.ie> <A33A3F1E-8F6D-4BD9-8D1B-B24FBCD74D8D@nominum.com> <DC23F34E807E77F8C4C095C3@JcK-HP8200.jck.com>
In-Reply-To: <DC23F34E807E77F8C4C095C3@JcK-HP8200.jck.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/2ywhbjAEcKojRiSWkwm7-rFGgDA
Cc: Tim Bray <tbray@textuality.com>, IETF-Discussion <ietf@ietf.org>, The IESG <iesg@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 14:25:29 -0000

On 07/04/2014 15:02, John C Klensin wrote:
> As to the core proposal, unlike SM, I would like to see each new 
> application that someone proposes to be accessible through "secure" 
> means only discussed one at a time.
I concur with John.
> My fear of the whole Prepass effort was that it would be used in "we 
> approved that, therefore we can and should do this without further 
> discussion" arguments. I just thought it would take a few years to get 
> to that point.
That was the root of my object to the publication of the Attack RFC.

- Stewart