Re: [karp] [OPSEC] FW: WG LC: draft-ietf-karp-ops-model-05 to Informational

Sam Hartman <hartmans@mit.edu> Thu, 04 April 2013 22:08 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F3B121F8526 for <karp@ietfa.amsl.com>; Thu, 4 Apr 2013 15:08:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BLhO+73Bkxb for <karp@ietfa.amsl.com>; Thu, 4 Apr 2013 15:08:15 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 92EF421F93C2 for <karp@ietf.org>; Thu, 4 Apr 2013 15:08:13 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id A35A820218; Thu, 4 Apr 2013 18:06:58 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A72BE4497; Thu, 4 Apr 2013 18:08:12 -0400 (EDT)
From: Sam Hartman <hartmans@mit.edu>
To: "George\, Wes" <wesley.george@twcable.com>
References: <FCD2CF6A-993E-49EE-8888-1A5384191462@cisco.com> <E8D17DEB-2CD2-47C8-8CB7-2F47FA094E9B@cisco.com> <67832B1175062E48926BF3CB27C49B240C8C7837@xmb-aln-x12.cisco.com> <2671C6CDFBB59E47B64C10B3E0BD5923042D13FDBA@PRVPEXVS15.corp.twcable.com>
Date: Thu, 04 Apr 2013 18:08:12 -0400
In-Reply-To: <2671C6CDFBB59E47B64C10B3E0BD5923042D13FDBA@PRVPEXVS15.corp.twcable.com> (Wes George's message of "Wed, 3 Apr 2013 11:21:35 -0400")
Message-ID: <tslbo9uosoj.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "draft-ietf-karp-ops-model@tools.ietf.org" <draft-ietf-karp-ops-model@tools.ietf.org>, "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] [OPSEC] FW: WG LC: draft-ietf-karp-ops-model-05 to Informational
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 22:08:16 -0000

Hi.
With regard to  your proposed key expiration  and peer ungrouping text,
I'd like to offer my support for the ideas but ask for additional
support from the WG.
Also, any opinions on what strength language we want there?
MAY/SHOULD/MUST/MUST (BUT We KNOW YOU WON't)?

I'm tending toward SHOULD personally.

With regard to 6.1. People are doing something with administrative
passwords.
It may be good or bad, but their security already depends on it.
Does opsec have some advice in this area we can reference?