Re: [IPsec] Charter review
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 04 November 2014 01:44 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B05451A1B55 for <ipsec@ietfa.amsl.com>; Mon, 3 Nov 2014 17:44:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hw0zF8oEdVOB for <ipsec@ietfa.amsl.com>; Mon, 3 Nov 2014 17:44:11 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4261A1B4F for <ipsec@ietf.org>; Mon, 3 Nov 2014 17:44:11 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8EC6E20028; Mon, 3 Nov 2014 20:45:47 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 34573637F4; Mon, 3 Nov 2014 20:44:10 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 237C963740; Mon, 3 Nov 2014 20:44:10 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
In-Reply-To: <CAHbuEH6OfTnizY+jVh=gOim0drtBq+XAxObq-X67A4_9o64O6A@mail.gmail.com>
References: <CAHbuEH6OfTnizY+jVh=gOim0drtBq+XAxObq-X67A4_9o64O6A@mail.gmail.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 03 Nov 2014 20:44:10 -0500
Message-ID: <933.1415065450@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/eLyMJuqdS8dCf3Iujq26Tt2ouqg
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Charter review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 01:44:13 -0000
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > The chairs provided text for an updated charter in line with the newly > adopted working group items. The recharter text has been posted and > I'd like to give the WG a little time to comment prior to adding this > to a telechat for review. > Here is a link: > http://datatracker.ietf.org/doc/charter-ietf-ipsecme/ I agree with Paul Wouters that inclusion of channel binding into the charter is probably premature, and does not really jive with opportunistic security concepts that the application should not know/care that it is private, as there should be no extra authorization implied. Channel Binding is clearly easiest to implement if you can annotate individual TCP connections with their security properties, and this is probably easiest to do if you do kernel modifications. However, the draft-ietf-btns-abstract-api (which was never published) was designed specifically so that it did not require kernel changes, and proof of concept implementation back in 2005 (ish) did not require kernel changes. Still, I think that channel binding should be left off the charter for now: mostly because I don't think that we have the right people here to actually get the work done in a way that would result in a deployed standard. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [IPsec] Charter review Paul Wouters
- [IPsec] Charter review Kathleen Moriarty
- Re: [IPsec] Charter review Paul Hoffman
- Re: [IPsec] Charter review Michael Richardson
- Re: [IPsec] Charter review Brian Weis
- Re: [IPsec] Charter review Dan Harkins
- Re: [IPsec] Charter review Paul Wouters
- Re: [IPsec] Charter review Yaron Sheffer
- Re: [IPsec] Charter review Dan Harkins