RE: [node req] Question on Security considerations.
john.loughney@nokia.com Sat, 14 February 2004 17:54 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA25238 for <ipv6-archive@odin.ietf.org>; Sat, 14 Feb 2004 12:54:43 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1As3zc-0006rf-K3 for ipv6-archive@odin.ietf.org; Sat, 14 Feb 2004 12:54:16 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i1EHsGfI026381 for ipv6-archive@odin.ietf.org; Sat, 14 Feb 2004 12:54:16 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1As3zc-0006rQ-EM for ipv6-web-archive@optimus.ietf.org; Sat, 14 Feb 2004 12:54:16 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA25192 for <ipv6-web-archive@ietf.org>; Sat, 14 Feb 2004 12:54:13 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1As3za-0005HR-00 for ipv6-web-archive@ietf.org; Sat, 14 Feb 2004 12:54:14 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1As3yb-0005AH-00 for ipv6-web-archive@ietf.org; Sat, 14 Feb 2004 12:53:13 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1As3y3-00053x-00 for ipv6-web-archive@ietf.org; Sat, 14 Feb 2004 12:52:39 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1As3xR-0006Rs-RA; Sat, 14 Feb 2004 12:52:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1As3xJ-0006RS-8Y for ipv6@optimus.ietf.org; Sat, 14 Feb 2004 12:51:53 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA25073 for <ipv6@ietf.org>; Sat, 14 Feb 2004 12:51:49 -0500 (EST)
From: john.loughney@nokia.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1As3xH-00050F-00 for ipv6@ietf.org; Sat, 14 Feb 2004 12:51:51 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1As3wM-0004x6-00 for ipv6@ietf.org; Sat, 14 Feb 2004 12:50:55 -0500
Received: from mgw-x1.nokia.com ([131.228.20.21]) by ietf-mx with esmtp (Exim 4.12) id 1As3ve-0004u0-00 for ipv6@ietf.org; Sat, 14 Feb 2004 12:50:10 -0500
Received: from esvir05nok.ntc.nokia.com (esvir05nokt.ntc.nokia.com [172.21.143.37]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i1EHo4307520 for <ipv6@ietf.org>; Sat, 14 Feb 2004 19:50:04 +0200 (EET)
Received: from esebh004.NOE.Nokia.com (unverified) by esvir05nok.ntc.nokia.com (Content Technologies SMTPRS 4.2.5) with ESMTP id <T67c1fcd775ac158f25606@esvir05nok.ntc.nokia.com>; Sat, 14 Feb 2004 19:50:04 +0200
Received: from esebh005.NOE.Nokia.com ([172.21.138.86]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Sat, 14 Feb 2004 19:50:04 +0200
Received: from esebe023.NOE.Nokia.com ([172.21.138.115]) by esebh005.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Sat, 14 Feb 2004 19:50:03 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [node req] Question on Security considerations.
Date: Sat, 14 Feb 2004 19:50:03 +0200
Message-ID: <DADF50F5EC506B41A0F375ABEB3206360143B65B@esebe023.ntc.nokia.com>
Thread-Topic: [node req] Question on Security considerations.
Thread-Index: AcPyfkFPybbwamstRk2D0yzhwZDGbwApI5wg
To: housley@vigilsec.com, ipv6@ietf.org
Cc: smb@research.att.com
X-OriginalArrivalTime: 14 Feb 2004 17:50:03.0711 (UTC) FILETIME=[F983D4F0:01C3F322]
Content-Transfer-Encoding: quoted-printable
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.3 required=5.0 tests=AWL, NO_REAL_NAME autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Hi Russ, > Please take a look at these two documents: > draft-ietf-ipsec-ikev2-algorithms-04.txt > draft-ietf-ipsec-esp-ah-algorithms-01.txt Thanks for the pointers. These look reasonable to add to the Node Req document. Does anyone have problems with me putting these as requirements in the Security section? John > At 03:07 PM 2/13/2004 +0200, john.loughney@nokia.com wrote: > >Hi all, > > > >The Security AD commented the following: > > > > > For Section 8, RFCs 2401, 2402, and 2406 are currently > being revised by > > > the IPsec group; that should be mentioned. > > > >This is no problem. > > > > > The crypto algorithm requirements should be better aligned with > > > recommendations from the IPsec wg. There's a draft that > lists 3DES as > > > SHOULD, not MAY. > > > >Would it be appropriate to mention something like: > > > > The Security Area RECOMMENDS the use of 3DES. > > > > > I think that IKEv? should be a SHOULD, not a MAY. While > the IESG hasn't > > > yet seen draft-bellovin-mandate-keymgmt, it will soon and > it describes > > > automated key management as a "strong SHOULD". That's > certainly the > > > consensus in the security area. > > > >I think that the WG has gone through this several times, and > SHOULD has > >always seemed problematic for some uses. Does anyone have > any suggestions? > > > > > More generically, I don't think that this WG should > standardize weaker > > > security requirements than the security area thinks are > appropriate, > > > without strong justification. (Stronger requirements are > fine -- they > > > may have a different operational environment, or a > different threat > > > model.) > > > >My general comment is that if this document can point to > existing RFCs > >for the security requirements, then I am happy to mandate whatever > >the pointers suggest (hint to the security area, provide pointers and > >I will include them). > > > >thanks, > >John > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- [node req] Question on Security considerations. john.loughney
- Re: [node req] Question on Security consideration… Russ Housley
- RE: [node req] Question on Security consideration… john.loughney