Re: Security for various IETF services

Stewart Bryant <stbryant@cisco.com> Mon, 07 April 2014 09:52 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 758C01A06E7 for <ietf@ietfa.amsl.com>; Mon, 7 Apr 2014 02:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.511
X-Spam-Level:
X-Spam-Status: No, score=-9.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJ0GdJBnfHiJ for <ietf@ietfa.amsl.com>; Mon, 7 Apr 2014 02:51:58 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) by ietfa.amsl.com (Postfix) with ESMTP id CA1C11A06DD for <ietf@ietf.org>; Mon, 7 Apr 2014 02:51:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=628; q=dns/txt; s=iport; t=1396864312; x=1398073912; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=J+KBjsgLZaRsiboMzoLGPB1P6Z4jBoymO4LpVkcs/6g=; b=OY7ItCgwWEKq9i5pAslgYEs4wiFUSzYPfMqwrnIc1WjsKn6wMx96t2hh eUvhcEwlYxtUuF4uTXD2rxIUXzmjOHcTYhb3BGbi2XFog9RHxbhH4c6Dg nCCnfdoUI02C0ZOHd/NON/TZcY8RLRJAEOdqxh8vbsjPgRFt0WWYJUG8j 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhgFAF90QlOtJssU/2dsb2JhbABZDoJ4wh6DDoEiFnSCJQEBAQQ4QAEQCxgJFg8JAwIBAgFFBgEMAQcBAYd1rwOcQBeOI04HhDgBA5hbhlGLboJwQQ
X-IronPort-AV: E=Sophos;i="4.97,809,1389744000"; d="scan'208";a="9743912"
Received: from aer-core-3.cisco.com ([173.38.203.20]) by aer-iport-3.cisco.com with ESMTP; 07 Apr 2014 09:51:51 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s379pUJs008122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Apr 2014 09:51:30 GMT
Received: from [127.0.0.1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id s379pT7X029176; Mon, 7 Apr 2014 10:51:29 +0100 (BST)
Message-ID: <53427521.5070909@cisco.com>
Date: Mon, 07 Apr 2014 10:51:29 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Randy Bush <randy@psg.com>, Lloyd Wood <L.Wood@surrey.ac.uk>
Subject: Re: Security for various IETF services
References: <533D8A90.60309@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E779EEB6@EXMB01CMS.surrey.ac.uk> <p06240601cf639cb2113b@[99.111.97.136]> <F8AEEDAE-C8BB-4979-8122-1110DFF62770@cisco.com> <m2mwg1voe3.wl%randy@psg.com>
In-Reply-To: <m2mwg1voe3.wl%randy@psg.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/mOif2L04NuKA9YmeTiRkiFw1uBE
Cc: IETF Disgust <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 09:52:02 -0000

On 04/04/2014 03:07, Randy Bush wrote:
>> "because we blew it way back when, by designing a completely insecure
>> and un-private internet"
>> That was not a mistake. That is what made adoption possible.
> this is not clear.  though, certainly, crypto would have had serious
> performance impact in the ealy '80s.  then again, if at 9600 baud, you
> can afford a bit of processing on the ends. :)
Randy

It is incorrect to assume that those considerations no longer apply. The
engineering and economics still apply, but to much smaller, cheaper,
lower power, and potentially far more ubiquitous, devices.

Stewart