Re: Security for various IETF services
t.p. <daedulus@btconnect.com> Fri, 04 April 2014 09:36 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D8A31A0442 for <ietf@ietfa.amsl.com>; Fri, 4 Apr 2014 02:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.501
X-Spam-Level:
X-Spam-Status: No, score=-0.501 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ver-2n8ZFjtw for <ietf@ietfa.amsl.com>; Fri, 4 Apr 2014 02:35:56 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0082.outbound.protection.outlook.com [213.199.154.82]) by ietfa.amsl.com (Postfix) with ESMTP id EE2E31A0429 for <ietf@ietf.org>; Fri, 4 Apr 2014 02:35:55 -0700 (PDT)
Received: from AMXPRD0310HT005.eurprd03.prod.outlook.com (157.56.248.133) by DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153) with Microsoft SMTP Server (TLS) id 15.0.908.10; Fri, 4 Apr 2014 09:35:50 +0000
Message-ID: <01ec01cf4fe9$0a4e1f60$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: stephen.farrell@cs.tcd.ie, ietf@ietf.org, Randall Gellens <randy@qti.qualcomm.com>
References: <533D8A90.60309@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E779EEB6@EXMB01CMS.surrey.ac.uk> <p06240601cf639cb2113b@[99.111.97.136]>
Subject: Re: Security for various IETF services
Date: Fri, 04 Apr 2014 09:48:32 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.248.133]
X-ClientProxiedBy: DBXPR07CA020.eurprd07.prod.outlook.com (10.141.8.178) To DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153)
X-Forefront-PRVS: 01713B2841
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(13464003)(189002)(199002)(377454003)(77982001)(20776003)(47776003)(47446002)(74502001)(31966008)(59766001)(84392001)(74366001)(23756003)(85852003)(93516002)(65816001)(93136001)(44716002)(19580405001)(74662001)(63696002)(79102001)(54316002)(94946001)(94316002)(92726001)(56776001)(86362001)(93916002)(19580395003)(83322001)(56816005)(47976001)(47736001)(33646001)(80022001)(92566001)(89996001)(51856001)(87976001)(66066001)(95416001)(4396001)(88136002)(50466002)(74706001)(61296002)(53806001)(69226001)(87286001)(90146001)(85306002)(42186004)(44736004)(97336001)(62966002)(97186001)(76786001)(76482001)(76796001)(80976001)(98676001)(77096001)(81542001)(50986001)(87266001)(50226001)(83072002)(62236002)(95666003)(14496001)(46102001)(99396002)(49866001)(74876001)(81342001)(77156001)(74416001)(7726001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB252; H:AMXPRD0310HT005.eurprd03.prod.outlook.com; FPR:DA48F255.A538D4DA.FCF32D8B.90F7E960.2036B; MLV:nov; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (: btconnect.com does not designate permitted sender hosts)
X-OriginatorOrg: btconnect.com
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/nalh4OrScBO7rId5j-BIFpNDFAI
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 09:36:00 -0000
----- Original Message ----- From: "Randall Gellens" <randy@qti.qualcomm.com> To: <l.wood@surrey.ac.uk>; <stephen.farrell@cs.tcd.ie>; <ietf@ietf.org> Sent: Friday, April 04, 2014 12:24 AM Subject: RE: Security for various IETF services > My reaction is also to ask "Why?" Security and privacy involve > trade-offs where various costs (including operational difficulty) are > weighed against the benefits, such as protecting information from > unauthorized disclosure or modification. So, I'd suggest that a > blanket statement isn't a good idea, but rather, a service-by-service > decision should be made. For example, XMPP and document submission > may justify requiring encryption while email and document retrieval > might not. Yes, it is a trade off, a more secure service, for some meaning of security, but a worse service for some users or usages. Setting up a TLS session takes time; I notice every time I access e-mail, ever since my ISP required the use of TLS. It is only a few seconds, but it means that I batch my usage rather than doing it promptly, and every so often forget and shut down without having sent a message in reply. And certainly with that e-mail access, it is forever tearing down the TLS session and creating a new one, e.g. between sending e-mail on an account and receiving it from the same account, so one (unmet) requirement is that having gone to the cost of setting up a session, it stays up and is reused. And then there is CRL checking. I would assume that that would be recommended as part of a secure system, yet with the IETF website, that hangs the session. The CRL is downloaded and ...... hours later, the web page has yet to display. There is something weird about the IETF's use of certificates which other websites do not share. Surmountable no doubt but it means that a secure service is a worse service than that obtainable via HTTP. And what threat is this trying to counter? a corrupted DNS directing me to a phishing website of a foreign power? Tom Petch > -- > Randall Gellens
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent