Re: [MSEC] Key Management protocol (GDOI - 6407) forward

Brian Weis <bew@cisco.com> Fri, 11 October 2013 20:58 UTC

Return-Path: <bew@cisco.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E24D11E80EC for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 13:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ef-OkVTBnW-v for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 13:58:00 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id E739F21F9BC2 for <msec@ietf.org>; Fri, 11 Oct 2013 13:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6103; q=dns/txt; s=iport; t=1381525079; x=1382734679; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=YG8JD735ISPGbui2lLjoe47qmAD09RiSpMkoF0Ii8eQ=; b=WUwhUCzgihSaPsVh4pizJOMLHYo6fBXV8THaYjF05aF0izCTxIDTrV9Y 63Y8SLleVqunwotTdy8kwCjYP7tR/YbHoj/Z1zciJcQoa2icZnsgDezCZ suMGq7EUatUPXXxXnAjAvIvIzUDulTwzARzXyINEFodhzjqK7PhtSSwlv E=;
X-IronPort-AV: E=Sophos;i="4.93,1082,1378857600"; d="scan'208";a="91947540"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 11 Oct 2013 20:57:58 +0000
Received: from dhcp-128-107-151-21.cisco.com (dhcp-128-107-151-21.cisco.com [128.107.151.21]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9BKvv5H028858 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 11 Oct 2013 20:57:57 GMT
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Brian Weis <bew@cisco.com>
In-Reply-To: <85CF9F24-C02C-491D-A000-487B7A524F97@checkpoint.com>
Date: Fri, 11 Oct 2013 13:57:59 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <5065EAC9-B10D-47AB-B2EA-96E9FBC20935@cisco.com>
References: <CB6C229361B2E34190B3BF9F6EC922224DCCB760@EXCHMBSF323.Utility.pge.com> <418E74FA535F654FAB3CAAE12902E2940156AA80@SISCO-SBS.sisconet.local> <7417090A-55F1-42ED-B051-1EB197DAAB52@checkpoint.com> <5245E431.8070208@concordia.ca> <5249980C.2090201@ieca.com> <FE7558EA-CB7F-46B9-A973-00CBB0CE167A@checkpoint.com> <5249A05F.6060207@ieca.com> <85CF9F24-C02C-491D-A000-487B7A524F97@checkpoint.com>
To: Yoav Nir <ynir@checkpoint.com>
X-Mailer: Apple Mail (2.1508)
Cc: "msec@ietf.org" <msec@ietf.org>, Jeff Gooding/SCE/EIX <Jeff.Gooding@sce.com>, Herb Falk <herb@sisconet.com>, "Maik Seewald \(maseewal\)" <maseewal@cisco.com>, "Andrew.Free@sce.com" <Andrew.Free@sce.com>, "Madani, Vahid" <VxM6@pge.com>, "Adamiak, Mark \(GE Energy Management\)" <mark.adamiak@ge.com>, Sean Turner <turners@ieca.com>, "Thanos, Daniel \(GE Energy Management\)" <Daniel.Thanos@ge.com>, "Novosel, Damir" <DNovosel@Quanta-Technology.com>, "Alex Apostolov \(alex.apostolov@omicronusa.com\)" <alex.apostolov@omicronusa.com>
Subject: Re: [MSEC] Key Management protocol (GDOI - 6407) forward
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/msec>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 20:58:13 -0000

Many thanks, Yoav & Sean.

Brian
 
On Sep 30, 2013, at 9:14 AM, Yoav Nir <ynir@checkpoint.com>; wrote:

> OK, I'll do it. 
> 
> At the latest, on the 20-hour journey to Vancouver. Hopefully earlier.
> 
> Yoav
> 
> On Sep 30, 2013, at 7:01 PM, Sean Turner <turners@ieca.com>; wrote:
> 
>> IEC is usually paired with ISO ;)  There's the rub right - I read it and was like sure I take your word Brian.  I think that you could treat it kind of like a secdir review and that would be sufficient for me.
>> 
>> spt
>> 
>> On 9/30/13 11:52 AM, Yoav Nir wrote:
>>> I could, I guess.
>>> 
>>> Does it matter if prior to reading it I have never heard of IEC 62351-9 in particular, or IEC in general?
>>> 
>>> Yoav
>>> 
>>> On Sep 30, 2013, at 6:26 PM, Sean Turner <turners@ieca.com>; wrote:
>>> 
>>>> For the record Brian has approached me about AD-sponsoring draft-weis-gdoi-iec62351-9-02.  I don't think it's actually an update of 6407 it's more of here's how IEC 62351 would use RFC 6407.
>>>> 
>>>> After talking with Brian in Berlin, I have but one dilemma AD-sponsoring such a draft is that it is intended for proposed standard and as best I can tell there's been one review (thanks Steffan).  Knowing that the msec community in the IETF is pretty small this might be a tall order, but is there anybody else out there will to give it a review?  (cough, hint) Yoav, Vincent :)
>>>> 
>>>> spt
>>>> 
>>>> On 9/27/13 4:01 PM, William Atwood wrote:
>>>>> Actually, he is probably referring to the "6407 update draft", which is
>>>>> draft-weis-gdoi-iec62351-9-02.  This is an update to 6407 precisely to
>>>>> serve the IEC needs.  I suspect that the email is a plea for fast action
>>>>> on progressing draft-weis to RFC.
>>>>> 
>>>>>  Bill
>>>>> 
>>>>> 
>>>>> 
>>>>> On 27/09/2013 1:18 PM, Yoav Nir wrote:
>>>>>> Hi
>>>>>> 
>>>>>> Just to be clear, there is no such thing as a "draft RFC". Drafts
>>>>>> become RFCs, at which point they're done. You may be referring to the
>>>>>> fact that RFC 6407 is labeled "proposed standard". This is a label
>>>>>> that the IETF attaches to documents for which there is relatively
>>>>>> little implementation experience. The label is not automatically
>>>>>> changed after a while. Even things that are widely implemented and
>>>>>> used by millions such as IKEv2 (RFC 5996), IPsec (RFC 4301), TLS (RFC
>>>>>> 5246), and HTTP (RFC 2616), without a doubt the most popular protocol
>>>>>> on the Internet) is at "draft standard" - a classification that does
>>>>>> not exist any more, but was below "full standard".
>>>>>> 
>>>>>> I'm adding Sean Turner, the Security Area Director, because he's been
>>>>>> handling many similar requests recently.
>>>>>> 
>>>>>> Hope this helps
>>>>>> 
>>>>>> Yoav
>>>>>> 
>>>>>> On Sep 27, 2013, at 5:15 AM, Herb Falk <herb@sisconet.com
>>>>>> <mailto:herb@sisconet.com>> <Herb@sisconet.com
>>>>>> <mailto:Herb@sisconet.com>> wrote:
>>>>>> 
>>>>>>> IEC TC57 WG10 (61850) and IEC TC57 WG15 (Security) has been
>>>>>>> developing a technology/standard for use as a secure multicast for
>>>>>>> its use in power grid applications using synchrophasors and other
>>>>>>> technologies relevant to smartgrid deployments globally.
>>>>>>> As part of the effort, some extensions to GDOI were identified. The
>>>>>>> 6407 draft incorporates and improves some of the enhancements already
>>>>>>> identified.  IEC TC57 WG15 is waiting for the draft RFC to transition
>>>>>>> to an RFC so it can be referenced as a normative standard in IEC 62351-9.
>>>>>>> There are several utility vendors and utilities, in particular SCE
>>>>>>> (Southern California Edison), that are awaiting this transition so
>>>>>>> that their cyber security frameworks can be updated.  Delays in the
>>>>>>> transition from draft to RFC will delay implementation of several
>>>>>>> projects and implementations.
>>>>>>> Herbert Falk
>>>>>>> Solutions Architect
>>>>>>> SISCO, INC.
>>>>>>> 6605 19 ½ Mile Rd.
>>>>>>> Sterling Heights, MI 48314
>>>>>>> (586) 254-0020 x-105
>>>>>>> <image001.png>
>>>>>>> "In matters of style, swim with the current;   in matters of
>>>>>>> principle, stand like a rock." [Thomas Jefferson]
>>>>>>> NOTICE: This communication may contain privileged or other
>>>>>>> confidential information. If you are not the intended recipient, or
>>>>>>> believe that you have received this communication in error, please do
>>>>>>> not print, copy, retransmit,  disseminate, or otherwise use the
>>>>>>> information. Also,  please indicate to the sender that you have
>>>>>>> received this communication in error, and delete the copy you
>>>>>>> received. Thank you.
>>>>>>> ------------------------------------------------------------------------
>>>>>>> _______________________________________________
>>>>>>> MSEC mailing list
>>>>>>> MSEC@ietf.org <mailto:MSEC@ietf.org>
>>>>>>> https://www.ietf.org/mailman/listinfo/msec
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> MSEC mailing list
>>>>>> MSEC@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/msec
>>>>> 
>>>>> --
>>>>> Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
>>>>> Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
>>>>> Department of Computer Science
>>>>>   and Software Engineering
>>>>> Concordia University EV 3.185email:william.atwood@concordia.ca
>>>>> 1455 de Maisonneuve Blvd. Westhttp://users.encs.concordia.ca/~bill
>>>>> Montreal, Quebec Canada H3G 1M8
>>>>> 
>>>> 
>>>> Email secured by Check Point
>>> 
>>> 
>> 
>> Email secured by Check Point
> 
> _______________________________________________
> MSEC mailing list
> MSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/msec

-- 
Brian Weis
Security, Enterprise Networking Group, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com