Re: Split the IANA functions?
Stephen Kent <kent@bbn.com> Tue, 07 January 2014 18:40 UTC
Return-Path: <kent@bbn.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79F731AE104 for <ietf@ietfa.amsl.com>; Tue, 7 Jan 2014 10:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Level:
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ToB2YP5Jnkzk for <ietf@ietfa.amsl.com>; Tue, 7 Jan 2014 10:40:48 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id AFFAB1AE069 for <ietf@ietf.org>; Tue, 7 Jan 2014 10:40:48 -0800 (PST)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50607) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1W0bZv-000B6g-D6 for ietf@ietf.org; Tue, 07 Jan 2014 13:40:39 -0500
Message-ID: <52CC4A27.3090208@bbn.com>
Date: Tue, 07 Jan 2014 13:40:39 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Split the IANA functions?
References: <CAMm+LwinAb6+7BoMzwBWyu63vofndxK9VY6DSNN0Ykza4SxuMQ@mail.gmail.com> <52CB0010.5010407@gmail.com> <CAMm+LwhN8+z9q4KQXVY9bWA6TAqxx1=Qg0OUfK=VGCSDg5uWEA@mail.gmail.com> <DD618936-0D13-41F1-8D89-2E3171D864B5@istaff.org> <52CB31F4.3090703@cs.tcd.ie> <52CB987A.20300@cisco.com>
In-Reply-To: <52CB987A.20300@cisco.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 18:40:50 -0000
Eliot, > > Why do we state that confidentiality is important to pursue in our > protocols? That is a political decision made by the community. We then > layer on top of that decision technical requirements. IMHO it's a very > important and good political decision. Confidentiality is not an IETF-specific notion. Long ago (mid-80's) the ISO published a doc, ISO 7498-2, which describes security services and mechanisms. That doc defines confidentiality as a security service, and encryption as a mechanism that can be used to implement the service. The same doc defines authentication, (data) integrity, access control and other security services, with several variants of each service to be more precise. It also includes a description of numerous security mechanisms. While 7498-2 is not perfect, it does demonstrate that a large community (after all, it's an ISO doc) viewed these services as generally desirable characteristics for communication systems. Thus when the IETF says (as we did long ago in 3552) that confidentiality (and authentication and integrity) are good things, we are consistent with long-established principles that extend far beyond our standards environment. I see the political aspect of our current discussion as how we choose to make tradeoffs between the security and privacy aspects of our protocols, vs. other aspects of protocol design and network operation. Stephen's doc does not address these tradeoffs in any detail. So, if we avoid terms (near the end of the doc) that might appear to establish the rules for evaluating these tradeoffs, we can make a statement that is not perceived as political. Most means of effecting PM are attacks, as per 3552. This ought not be viewed as a debate relative to our previous docs. I'd prefer if this doc noted that, and explained what aspects of PM don't neatly fall under the old threat model, thus providing a motivation for a new threat model. That way this doc can be seen a a simple statement of the consensus from Vancouver, and an indication that the IETF has plans to address concerns about PM, as established by the consensus. Steve
- Split the IANA functions? Phillip Hallam-Baker
- Re: Split the IANA functions? Brian E Carpenter
- Re: Split the IANA functions? Phillip Hallam-Baker
- Re: Split the IANA functions? John Curran
- Re: Split the IANA functions? Stephen Farrell
- Re: Split the IANA functions? Phillip Hallam-Baker
- RE: Split the IANA functions? l.wood
- Re: Split the IANA functions? Abdussalam Baryun
- Re: Split the IANA functions? John Curran
- Re: Split the IANA functions? John Curran
- Re: Split the IANA functions? Brian E Carpenter
- Re: Split the IANA functions? Eliot Lear
- Re: Split the IANA functions? Dave Crocker
- Re: Split the IANA functions? Abdussalam Baryun
- Re: Split the IANA functions? Phillip Hallam-Baker
- Re: Split the IANA functions? Andrew Sullivan
- Re: Split the IANA functions? Eliot Lear
- Re: Split the IANA functions? Patrik Fältström
- Re: Split the IANA functions? avri doria
- Re: Split the IANA functions? Dave Crocker
- Re: Split the IANA functions? Phillip Hallam-Baker
- Re: Split the IANA functions? Andrew Sullivan
- Re: Split the IANA functions? David Conrad
- Re: Split the IANA functions? Stephen Kent
- DNS heirarchy, multiple roots, etc [was Re: Split… Thomas Narten
- Re: DNS heirarchy, multiple roots, etc [was Re: S… Patrik Fältström
- Re: DNS heirarchy, multiple roots, etc [was Re: S… John C Klensin
- Re: DNS heirarchy, multiple roots, etc [was Re: S… Phillip Hallam-Baker
- Re: DNS heirarchy, multiple roots, etc [was Re: S… Suzanne Woolf
- Re: Split the IANA functions? manning bill
- Re: Split the IANA functions? Andrew Sullivan
- Re: Split the IANA functions? Robert Elz
- DNS design (was: Re: Split the IANA functions?) John C Klensin
- Re: DNS design (was: Re: Split the IANA functions… Phillip Hallam-Baker
- Re: DNS design Eliot Lear
- Multiple Namespaces Re: Split the IANA functions? Olafur Gudmundsson
- Re: DNS design John C Klensin
- Re: Multiple Namespaces Re: Split the IANA functi… Brian E Carpenter
- Re: Multiple Namespaces Re: Split the IANA functi… David Conrad
- Re: Multiple Namespaces Re: Split the IANA functi… Paul Hoffman
- Re: Multiple Namespaces Re: Split the IANA functi… Dave Crocker
- Re: Multiple Namespaces Re: Split the IANA functi… Phillip Hallam-Baker
- Re: DNS design George Michaelson