Re: Security for various IETF services

Ted Lemon <ted.lemon@nominum.com> Mon, 07 April 2014 14:57 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C98AD1A0786; Mon, 7 Apr 2014 07:57:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9m28uXTvjadM; Mon, 7 Apr 2014 07:57:01 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) by ietfa.amsl.com (Postfix) with ESMTP id A663F1A0797; Mon, 7 Apr 2014 07:56:06 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 175F51B80C2; Mon, 7 Apr 2014 07:56:01 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id EA7DD190043; Mon, 7 Apr 2014 07:56:00 -0700 (PDT)
Received: from [10.0.10.40] (192.168.1.10) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.158.1; Mon, 7 Apr 2014 07:56:00 -0700
Content-Type: text/plain; charset="windows-1252"
MIME-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: Security for various IETF services
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <5342B26B.5020704@gmail.com>
Date: Mon, 7 Apr 2014 10:55:57 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <4C322461-8FF5-4376-92AE-27DCF7A45720@nominum.com>
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com> <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com> <53427277.30707@cisco.com> <B275762E-3A1A-44A3-80BE-67F4C8B115B2@trammell.ch> <53428593.3020707@cs.tcd.ie> <A33A3F1E-8F6D-4BD9-8D1B-B24FBCD74D8D@nominum.com> <5342B26B.5020704@gmail.com>
To: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
X-Mailer: Apple Mail (2.1874)
X-Originating-IP: [192.168.1.10]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/iJ2ZiYNnxKcPzdTESVHAl8OMcmY
Cc: IETF-Discussion <ietf@ietf.org>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, Stewart Bryant <stbryant@cisco.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 14:57:06 -0000

On Apr 7, 2014, at 10:12 AM, Spencer Dawkins <spencerdawkins.ietf@gmail.com> wrote:
> We could find out something, without making Stewart run a state-of-the-art secure environment on his IoT device to FTP Internet Drafts.

Well, e.g. allowing client certs for authentication without requiring them would certainly be interesting.   And we certainly should make sure that authentication credentials are never accidentally sent in the clear—the web server shouldn't even propose authentication other than over a secure link.   Not sure we can do that with FTP.