IETF Logo Mail Archive

Re: [sasl] MOGGIES Proposed Charter

Martin Rex <mrex@sap.com> Thu, 20 May 2010 22:39 UTC

Return-Path: <mrex@sap.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACE503A696C; Thu, 20 May 2010 15:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.75
X-Spam-Level:
X-Spam-Status: No, score=-7.75 tagged_above=-999 required=5 tests=[AWL=-0.101, BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l85ChN1nN8Zd; Thu, 20 May 2010 15:39:04 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 66BF83A6A20; Thu, 20 May 2010 15:38:31 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o4KMcNZZ025561 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 May 2010 00:38:23 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201005202238.o4KMcML6028897@fs4113.wdf.sap.corp>
Subject: Re: [sasl] MOGGIES Proposed Charter
To: Nicolas.Williams@oracle.com
Date: Fri, 21 May 2010 00:38:22 +0200
In-Reply-To: <20100518191521.GL9429@oracle.com> from "Nicolas Williams" at May 18, 10 02:15:22 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: kitten@ietf.org, sasl@ietf.org, tim.polk@nist.gov
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2010 22:39:05 -0000

Nicolas Williams wrote:
> 
> 
> > * Specify an interface for reporting the security strength of
> >   GSS-API mechanism.
> 
> I'd word that differently:
> 
>  * Specify an interface for enforcing security strength of GSS-API mechanisms.
> 
> The reason is that "reporting the security strength" of something
> implies [to me] an absolute measure of security strength, and I don't
> think it's possible to design a good, _stable_, absolute measure of
> security strength.


I think that the comparable strength measured in "Bits of security"
as used by NIST SP800-57 section 5.6.1 should be sufficiently stable.

What changes over time is the amount of "strength" that one considers
secure.  

      fairly stable           gradually fading
        Bits of           characterisation of strength
        security                 
          <40                 ridiculously weak
          40                  extremely weak
          56                  very weak
          64                  weak
          80                  mediocre
          96                  fair
          112                 good
          128                 strong
         >128                 very strong


-Martin

v2.23.0 | Report a Bug | By Email