RE: Security for various IETF services
<l.wood@surrey.ac.uk> Mon, 07 April 2014 01:06 UTC
Return-Path: <l.wood@surrey.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 258CB1A055D for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 18:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Njwfq70VlFst for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 18:06:31 -0700 (PDT)
Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com [195.245.230.170]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED391A05E5 for <ietf@ietf.org>; Sun, 6 Apr 2014 18:06:30 -0700 (PDT)
Received: from [195.245.230.131:61870] by server-10.bemta-3.messagelabs.com id F5/3E-16608-01AF1435; Mon, 07 Apr 2014 01:06:24 +0000
X-Env-Sender: l.wood@surrey.ac.uk
X-Msg-Ref: server-12.tower-78.messagelabs.com!1396832784!30614184!1
X-Originating-IP: [131.227.200.39]
X-StarScan-Received:
X-StarScan-Version: 6.11.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 14673 invoked from network); 7 Apr 2014 01:06:24 -0000
Received: from exht012p.surrey.ac.uk (HELO EXHT012P.surrey.ac.uk) (131.227.200.39) by server-12.tower-78.messagelabs.com with AES128-SHA encrypted SMTP; 7 Apr 2014 01:06:24 -0000
Received: from EXMB01CMS.surrey.ac.uk ([169.254.1.150]) by EXHT012P.surrey.ac.uk ([131.227.200.39]) with mapi; Mon, 7 Apr 2014 02:06:23 +0100
From: l.wood@surrey.ac.uk
To: l.wood@surrey.ac.uk, huitema@microsoft.com, ietf@ietf.org
Date: Mon, 07 Apr 2014 02:05:43 +0100
Subject: RE: Security for various IETF services
Thread-Topic: Security for various IETF services
Thread-Index: AQHPT1jcTXDUfJOah0OH2ltCrxPwgZsEwa4AgAB5wwCAAATOIIAAE6e/gAAIaO4=
Message-ID: <290E20B455C66743BE178C5C84F1240847E779EEC6@EXMB01CMS.surrey.ac.uk>
References: <533D8A90.60309@cs.tcd.ie> <53417832.90405@cs.tcd.ie> <alpine.LRH.2.01.1404061602580.14892@egate.xpasc.com>, <ecabb0a4080548d99ab083c0ff0c27ee@BLUPR03MB424.namprd03.prod.outlook.com>, <290E20B455C66743BE178C5C84F1240847E779EEC5@EXMB01CMS.surrey.ac.uk>
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E779EEC5@EXMB01CMS.surrey.ac.uk>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/kmXGbKlqrovjXxatStZm-vQAxRA
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 01:06:35 -0000
to enlarge on that: http://www.ietf.org/proceedings/88/perpass.html no charter http://tools.ietf.org/wg/perpass not found Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@ietf.org] On Behalf Of l.wood@surrey.ac.uk [l.wood@surrey.ac.uk] Sent: 07 April 2014 01:35 To: huitema@microsoft.com; ietf@ietf.org Subject: RE: Security for various IETF services https://datatracker.ietf.org/wg/perpass/ that's a lot of drafts. and yet perpass is still not a WG with formal process and charter? Odd, that. Knee-jerk reactions are not good things. Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@ietf.org] On Behalf Of Christian Huitema [huitema@microsoft.com] Sent: 07 April 2014 00:30 To: ietf@ietf.org Subject: RE: Security for various IETF services > I agree with those who've said a threat analysis is needed before > deciding access is limited to TLS or other secure alternative. But we have that threat analysis, and the recommended mitigation is precisely "encrypt everything." The "pervasive monitoring" threat is analyzed by a number of perpass drafts, and Stephen has merely followed the conclusions of that analysis. There is no need to repeat that analysis for each and every tool that the IETF produces, and there is indeed a need for the IETF as a whole to "lead by example." -- Christian Huitema
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent