IETF Logo Mail Archive

Re: Split the IANA functions?

Stephen Kent <kent@bbn.com> Tue, 07 January 2014 18:40 UTC

Return-Path: <kent@bbn.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79F731AE104 for <ietf@ietfa.amsl.com>; Tue, 7 Jan 2014 10:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Level:
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ToB2YP5Jnkzk for <ietf@ietfa.amsl.com>; Tue, 7 Jan 2014 10:40:48 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id AFFAB1AE069 for <ietf@ietf.org>; Tue, 7 Jan 2014 10:40:48 -0800 (PST)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50607) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1W0bZv-000B6g-D6 for ietf@ietf.org; Tue, 07 Jan 2014 13:40:39 -0500
Message-ID: <52CC4A27.3090208@bbn.com>
Date: Tue, 07 Jan 2014 13:40:39 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Split the IANA functions?
References: <CAMm+LwinAb6+7BoMzwBWyu63vofndxK9VY6DSNN0Ykza4SxuMQ@mail.gmail.com> <52CB0010.5010407@gmail.com> <CAMm+LwhN8+z9q4KQXVY9bWA6TAqxx1=Qg0OUfK=VGCSDg5uWEA@mail.gmail.com> <DD618936-0D13-41F1-8D89-2E3171D864B5@istaff.org> <52CB31F4.3090703@cs.tcd.ie> <52CB987A.20300@cisco.com>
In-Reply-To: <52CB987A.20300@cisco.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 18:40:50 -0000

Eliot,
>
> Why do we state that confidentiality is important to pursue in our
> protocols?  That is a political decision made by the community.  We then
> layer on top of that decision technical requirements.  IMHO it's a very
> important and good political decision.
Confidentiality is not an IETF-specific notion.  Long ago (mid-80's) the
ISO published a doc, ISO 7498-2, which describes security services and
mechanisms. That doc defines confidentiality as a security service, and
encryption as a mechanism that can be used to implement the service.

The same doc defines authentication, (data) integrity, access control
and other security services, with several variants of each service to
be more precise. It also includes a description of numerous security
mechanisms.  While 7498-2 is not perfect, it does demonstrate that a
large community (after all, it's an ISO doc) viewed these services as
generally desirable characteristics for communication systems. Thus
when the IETF says (as we did long ago in 3552) that confidentiality
(and authentication and integrity) are good things, we are consistent
with long-established principles that extend far beyond our standards
environment.

I see the political aspect of our current discussion as how we choose to
make tradeoffs between the security and privacy aspects of our protocols,
vs. other aspects of protocol design and network operation. Stephen's
doc does not address these tradeoffs in any detail. So, if we avoid terms
(near the end of the doc) that might appear to establish the rules for
evaluating these tradeoffs, we can make a statement that is not perceived
as political. Most means of effecting PM are attacks, as per 3552. This
ought not be viewed as a debate relative to our previous docs. I'd
prefer if this doc noted that, and explained what aspects of PM don't
neatly fall under the old threat model, thus providing a motivation for
a new threat model.  That way this doc can be seen a a simple statement of
the consensus from Vancouver, and an indication that the IETF has plans
to address concerns about PM, as established by the consensus.

Steve

v2.23.0 | Report a Bug | By Email