Re: Security for various IETF services

Randall Gellens <randy@qti.qualcomm.com> Thu, 03 April 2014 23:55 UTC

Return-Path: <randy@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED7B1A03B1 for <ietf@ietfa.amsl.com>; Thu, 3 Apr 2014 16:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I5jVZ-jTy06p for <ietf@ietfa.amsl.com>; Thu, 3 Apr 2014 16:55:13 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by ietfa.amsl.com (Postfix) with ESMTP id A414A1A03AA for <ietf@ietf.org>; Thu, 3 Apr 2014 16:55:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1396569309; x=1428105309; h=message-id:in-reply-to:references:date:to:from:subject: cc:mime-version; bh=C6Y/HbUfNBjBuMaC015sq3DhAOlaXv+Ohhnw7MqmRCA=; b=iNQQEdvCNpwIKeY8g6b4iO2HTB+dwRN8rYaNhSX8SgJRlb8mGMkOVTi/ oOrOwflARhpaTJ1ixMlR4bFP+1FWGaeLQ8URNXXPKTjQccolVKnSEjk6Z 5xQscF5wP9hQ3EfpWrZO5qy0YrKyeU1M9neCeIoa4L9Bl8amIE9ArbH5E I=;
X-IronPort-AV: E=McAfee;i="5400,1158,7397"; a="26523538"
Received: from ironmsg04-r.qualcomm.com ([172.30.46.18]) by wolverine01.qualcomm.com with ESMTP; 03 Apr 2014 16:55:09 -0700
X-IronPort-AV: E=Sophos;i="4.97,791,1389772800"; d="scan'208";a="710144091"
Received: from nasanexhc04.na.qualcomm.com ([172.30.48.17]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 03 Apr 2014 16:55:09 -0700
Received: from [99.111.97.136] (172.30.48.1) by qcmail1.qualcomm.com (172.30.48.17) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 3 Apr 2014 16:55:08 -0700
Message-ID: <p06240604cf63a4b0f0c5@[99.111.97.136]>
In-Reply-To: <F8AEEDAE-C8BB-4979-8122-1110DFF62770@cisco.com>
References: <533D8A90.60309@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E779EEB6@EXMB01CMS.surrey.ac.uk> <p06240601cf639cb2113b@[99.111.97.136]> <F8AEEDAE-C8BB-4979-8122-1110DFF62770@cisco.com>
X-Mailer: Eudora for Mac OS X
Date: Thu, 3 Apr 2014 16:55:04 -0700
To: "Fred Baker (fred)" <fred@cisco.com>
From: Randall Gellens <randy@qti.qualcomm.com>
Subject: Re: Security for various IETF services
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Random-Sig-Tag: 1.0b28
X-Originating-IP: [172.30.48.1]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/gCRhS8R4X19B5hocqsJk2Lkdowo
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 23:55:18 -0000

At 11:40 PM +0000 4/3/14, Fred Baker (fred) wrote:

>  In view of recent issues in TurkTelecom and Indosat, it seems like 
> the simplest reason would be to ensure that data putatively 
> obtained from the IETF would in fact be obtained from the IETF.

Would this be met by allowing access using protocols where server 
certificates are sent, rather than requiring it?  You can't force 
anyone to verify a server certificate or to do a good job if they 
try, so why force them to take a certificate?

-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
If the employees come first, then they are happy. A motivated
employee treats the customer well. The customer is happy so they
keep coming back, which pleases the shareholders.  It's not one of
the enduring Green mysteries of all time, it is just the way it
works.       --Herb Kelleher, Southwest Airlines CEO, 1994