Re: Security for various IETF services

Scott Brim <scott.brim@gmail.com> Fri, 04 April 2014 00:35 UTC

Return-Path: <scott.brim@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C274B1A03FE for <ietf@ietfa.amsl.com>; Thu, 3 Apr 2014 17:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aeoF-2uhrAj for <ietf@ietfa.amsl.com>; Thu, 3 Apr 2014 17:35:21 -0700 (PDT)
Received: from mail-oa0-x22d.google.com (mail-oa0-x22d.google.com [IPv6:2607:f8b0:4003:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id B35661A03FB for <ietf@ietf.org>; Thu, 3 Apr 2014 17:35:21 -0700 (PDT)
Received: by mail-oa0-f45.google.com with SMTP id eb12so2862507oac.32 for <ietf@ietf.org>; Thu, 03 Apr 2014 17:35:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SQemCnfH4kMAx043A+y7R1fI8lESP5UeyOXAOPfzETI=; b=gcAGwmaTYOMmksZDegWPZ7FbuS7qq2y2RaVg7WQZfOUhz5aQsDHUO1AEz2lftyD4KO DDaKhCjSVJSRSR8ynO/9lDoMg1E0RmnsWCd6ZaF7Tl3zqT12duGczljsREQLP+sBXFwp 5lYI5ExCteWSRLoM12GNkeaxt/IgG5kz0Ije3cm5/ddl+HpdToIy6zr8Qcrmc8C+RbBy MYUcdFgs/GTLzS+8Rg8eOfzlN9qaiUM9yiRkk0NjsJt8gv38wsBL9Jyerfl5ogGCqXGv ENpR0xjpez8VorvcN9eeyYEEYTd5F93U/qx+W/gZlhTWjVEQgPO56CmUEc32cGCwp0ZA JBbw==
MIME-Version: 1.0
X-Received: by 10.60.15.38 with SMTP id u6mr13337957oec.26.1396571717293; Thu, 03 Apr 2014 17:35:17 -0700 (PDT)
Received: by 10.182.48.9 with HTTP; Thu, 3 Apr 2014 17:35:17 -0700 (PDT)
Received: by 10.182.48.9 with HTTP; Thu, 3 Apr 2014 17:35:17 -0700 (PDT)
In-Reply-To: <533D8A90.60309@cs.tcd.ie>
References: <533D8A90.60309@cs.tcd.ie>
Date: Thu, 3 Apr 2014 20:35:17 -0400
Message-ID: <CAPv4CP9eLwu8ftM=c5uEBvy3wb1J-UrRoi6NNxqA6LuJZ=LU6A@mail.gmail.com>
Subject: Re: Security for various IETF services
From: Scott Brim <scott.brim@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=089e013cc0241cdc9904f62cb199
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/HxsxJTk-MsLf0qxbOAYiqK9JtnA
Cc: IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 00:35:28 -0000

It looks like a statement of direction that's blanket
mandatory-to-implement is too much, since so many services need to be able
to run in an open mode. If there are any services that are only useful when
secured, we can trust the deployers to know that.