IETF Logo Mail Archive

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Paul Wouters <paul@cypherpunks.ca> Sun, 22 September 2013 01:47 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1D9011E81EC for <ietf@ietfa.amsl.com>; Sat, 21 Sep 2013 18:47:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.427
X-Spam-Level:
X-Spam-Status: No, score=-2.427 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SaG0RAjd2ZQu for <ietf@ietfa.amsl.com>; Sat, 21 Sep 2013 18:47:16 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id D33A511E81D5 for <ietf@ietf.org>; Sat, 21 Sep 2013 18:47:15 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cjBNw3PNYz3pK; Sat, 21 Sep 2013 21:47:12 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 6k2UJOtQfc2P; Sat, 21 Sep 2013 21:47:11 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Sat, 21 Sep 2013 21:47:10 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id BBC668009E; Sat, 21 Sep 2013 21:47:11 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id AE97180018; Sat, 21 Sep 2013 21:47:11 -0400 (EDT)
Date: Sat, 21 Sep 2013 21:47:11 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]
In-Reply-To: <523DD648.1030203@cs.tcd.ie>
Message-ID: <alpine.LFD.2.10.1309212141170.23494@bofh.nohats.ca>
References: <523BD51A.2080101@gmail.com> <CAKFn1SHTvE6N-=j1tFNuPjZfpK24r=Zq5paJsS6YHZRU-M86Nw@mail.gmail.com> <523DD648.1030203@cs.tcd.ie>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2013 01:47:21 -0000

On Sat, 21 Sep 2013, Stephen Farrell wrote:

> On 09/21/2013 02:42 PM, Roger Jørgensen wrote:
>> On Fri, Sep 20, 2013 at 6:54 AM, Brian E Carpenter
>> <brian.e.carpenter@gmail.com> wrote:
>>> I got my arm slightly twisted to produce the attached: a simple
>>> concatenation of some of the actionable suggestions made in the
>>> discussion of PRISM and Bruce Schneier's call for action.
>>
>> There are one thing I don't see mention in your draft, the discussion
>> that moved from ietf@ and over into lisp@ about encryption by default
>> wherever it's possible. It's one concrete action this
>> NSA/Snowden/Bruce thing has started.
>
> FWIW, I'm also maintaining a list of concrete proposals and
> relevant I-Ds that I've seen. [1] I've not noticed an I-D on
> the LISP idea though but let me know if there's one I missed.

It's a draft from 1998:

http://tools.ietf.org/html/draft-ietf-ipsec-internet-key-00

I'm considering implementing something like that for the next version of
libreswan. But if we resurrect this draft, it needs work to get modernized
or be started as a complete rewrite from scratch. For exaple, we'd have
to ensure that these connections remain sandboxed to the machine, and
that any IP assignments are not leaking outside the machine (in the
light of NAT based inner IPs, etc)

Paul

v2.23.0 | Report a Bug | By Email