Re: [MSEC] Key Management protocol (GDOI - 6407) forward
Brian Weis <bew@cisco.com> Fri, 11 October 2013 20:58 UTC
Return-Path: <bew@cisco.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E24D11E80EC for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 13:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ef-OkVTBnW-v for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 13:58:00 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id E739F21F9BC2 for <msec@ietf.org>; Fri, 11 Oct 2013 13:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6103; q=dns/txt; s=iport; t=1381525079; x=1382734679; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=YG8JD735ISPGbui2lLjoe47qmAD09RiSpMkoF0Ii8eQ=; b=WUwhUCzgihSaPsVh4pizJOMLHYo6fBXV8THaYjF05aF0izCTxIDTrV9Y 63Y8SLleVqunwotTdy8kwCjYP7tR/YbHoj/Z1zciJcQoa2icZnsgDezCZ suMGq7EUatUPXXxXnAjAvIvIzUDulTwzARzXyINEFodhzjqK7PhtSSwlv E=;
X-IronPort-AV: E=Sophos;i="4.93,1082,1378857600"; d="scan'208";a="91947540"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 11 Oct 2013 20:57:58 +0000
Received: from dhcp-128-107-151-21.cisco.com (dhcp-128-107-151-21.cisco.com [128.107.151.21]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9BKvv5H028858 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 11 Oct 2013 20:57:57 GMT
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Brian Weis <bew@cisco.com>
In-Reply-To: <85CF9F24-C02C-491D-A000-487B7A524F97@checkpoint.com>
Date: Fri, 11 Oct 2013 13:57:59 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <5065EAC9-B10D-47AB-B2EA-96E9FBC20935@cisco.com>
References: <CB6C229361B2E34190B3BF9F6EC922224DCCB760@EXCHMBSF323.Utility.pge.com> <418E74FA535F654FAB3CAAE12902E2940156AA80@SISCO-SBS.sisconet.local> <7417090A-55F1-42ED-B051-1EB197DAAB52@checkpoint.com> <5245E431.8070208@concordia.ca> <5249980C.2090201@ieca.com> <FE7558EA-CB7F-46B9-A973-00CBB0CE167A@checkpoint.com> <5249A05F.6060207@ieca.com> <85CF9F24-C02C-491D-A000-487B7A524F97@checkpoint.com>
To: Yoav Nir <ynir@checkpoint.com>
X-Mailer: Apple Mail (2.1508)
Cc: "msec@ietf.org" <msec@ietf.org>, Jeff Gooding/SCE/EIX <Jeff.Gooding@sce.com>, Herb Falk <herb@sisconet.com>, "Maik Seewald (maseewal)" <maseewal@cisco.com>, "Andrew.Free@sce.com" <Andrew.Free@sce.com>, "Madani, Vahid" <VxM6@pge.com>, "Adamiak, Mark (GE Energy Management)" <mark.adamiak@ge.com>, Sean Turner <turners@ieca.com>, "Thanos, Daniel (GE Energy Management)" <Daniel.Thanos@ge.com>, "Novosel, Damir" <DNovosel@Quanta-Technology.com>, "Alex Apostolov (alex.apostolov@omicronusa.com)" <alex.apostolov@omicronusa.com>
Subject: Re: [MSEC] Key Management protocol (GDOI - 6407) forward
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/msec>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 20:58:13 -0000
Many thanks, Yoav & Sean. Brian On Sep 30, 2013, at 9:14 AM, Yoav Nir <ynir@checkpoint.com> wrote: > OK, I'll do it. > > At the latest, on the 20-hour journey to Vancouver. Hopefully earlier. > > Yoav > > On Sep 30, 2013, at 7:01 PM, Sean Turner <turners@ieca.com> wrote: > >> IEC is usually paired with ISO ;) There's the rub right - I read it and was like sure I take your word Brian. I think that you could treat it kind of like a secdir review and that would be sufficient for me. >> >> spt >> >> On 9/30/13 11:52 AM, Yoav Nir wrote: >>> I could, I guess. >>> >>> Does it matter if prior to reading it I have never heard of IEC 62351-9 in particular, or IEC in general? >>> >>> Yoav >>> >>> On Sep 30, 2013, at 6:26 PM, Sean Turner <turners@ieca.com> wrote: >>> >>>> For the record Brian has approached me about AD-sponsoring draft-weis-gdoi-iec62351-9-02. I don't think it's actually an update of 6407 it's more of here's how IEC 62351 would use RFC 6407. >>>> >>>> After talking with Brian in Berlin, I have but one dilemma AD-sponsoring such a draft is that it is intended for proposed standard and as best I can tell there's been one review (thanks Steffan). Knowing that the msec community in the IETF is pretty small this might be a tall order, but is there anybody else out there will to give it a review? (cough, hint) Yoav, Vincent :) >>>> >>>> spt >>>> >>>> On 9/27/13 4:01 PM, William Atwood wrote: >>>>> Actually, he is probably referring to the "6407 update draft", which is >>>>> draft-weis-gdoi-iec62351-9-02. This is an update to 6407 precisely to >>>>> serve the IEC needs. I suspect that the email is a plea for fast action >>>>> on progressing draft-weis to RFC. >>>>> >>>>> Bill >>>>> >>>>> >>>>> >>>>> On 27/09/2013 1:18 PM, Yoav Nir wrote: >>>>>> Hi >>>>>> >>>>>> Just to be clear, there is no such thing as a "draft RFC". Drafts >>>>>> become RFCs, at which point they're done. You may be referring to the >>>>>> fact that RFC 6407 is labeled "proposed standard". This is a label >>>>>> that the IETF attaches to documents for which there is relatively >>>>>> little implementation experience. The label is not automatically >>>>>> changed after a while. Even things that are widely implemented and >>>>>> used by millions such as IKEv2 (RFC 5996), IPsec (RFC 4301), TLS (RFC >>>>>> 5246), and HTTP (RFC 2616), without a doubt the most popular protocol >>>>>> on the Internet) is at "draft standard" - a classification that does >>>>>> not exist any more, but was below "full standard". >>>>>> >>>>>> I'm adding Sean Turner, the Security Area Director, because he's been >>>>>> handling many similar requests recently. >>>>>> >>>>>> Hope this helps >>>>>> >>>>>> Yoav >>>>>> >>>>>> On Sep 27, 2013, at 5:15 AM, Herb Falk <herb@sisconet.com >>>>>> <mailto:herb@sisconet.com>> <Herb@sisconet.com >>>>>> <mailto:Herb@sisconet.com>> wrote: >>>>>> >>>>>>> IEC TC57 WG10 (61850) and IEC TC57 WG15 (Security) has been >>>>>>> developing a technology/standard for use as a secure multicast for >>>>>>> its use in power grid applications using synchrophasors and other >>>>>>> technologies relevant to smartgrid deployments globally. >>>>>>> As part of the effort, some extensions to GDOI were identified. The >>>>>>> 6407 draft incorporates and improves some of the enhancements already >>>>>>> identified. IEC TC57 WG15 is waiting for the draft RFC to transition >>>>>>> to an RFC so it can be referenced as a normative standard in IEC 62351-9. >>>>>>> There are several utility vendors and utilities, in particular SCE >>>>>>> (Southern California Edison), that are awaiting this transition so >>>>>>> that their cyber security frameworks can be updated. Delays in the >>>>>>> transition from draft to RFC will delay implementation of several >>>>>>> projects and implementations. >>>>>>> Herbert Falk >>>>>>> Solutions Architect >>>>>>> SISCO, INC. >>>>>>> 6605 19 ½ Mile Rd. >>>>>>> Sterling Heights, MI 48314 >>>>>>> (586) 254-0020 x-105 >>>>>>> <image001.png> >>>>>>> "In matters of style, swim with the current; in matters of >>>>>>> principle, stand like a rock." [Thomas Jefferson] >>>>>>> NOTICE: This communication may contain privileged or other >>>>>>> confidential information. If you are not the intended recipient, or >>>>>>> believe that you have received this communication in error, please do >>>>>>> not print, copy, retransmit, disseminate, or otherwise use the >>>>>>> information. Also, please indicate to the sender that you have >>>>>>> received this communication in error, and delete the copy you >>>>>>> received. Thank you. >>>>>>> ------------------------------------------------------------------------ >>>>>>> _______________________________________________ >>>>>>> MSEC mailing list >>>>>>> MSEC@ietf.org <mailto:MSEC@ietf.org> >>>>>>> https://www.ietf.org/mailman/listinfo/msec >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> MSEC mailing list >>>>>> MSEC@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/msec >>>>> >>>>> -- >>>>> Dr. J.W. Atwood, Eng. tel: +1 (514) 848-2424 x3046 >>>>> Distinguished Professor Emeritus fax: +1 (514) 848-2830 >>>>> Department of Computer Science >>>>> and Software Engineering >>>>> Concordia University EV 3.185email:william.atwood@concordia.ca >>>>> 1455 de Maisonneuve Blvd. Westhttp://users.encs.concordia.ca/~bill >>>>> Montreal, Quebec Canada H3G 1M8 >>>>> >>>> >>>> Email secured by Check Point >>> >>> >> >> Email secured by Check Point > > _______________________________________________ > MSEC mailing list > MSEC@ietf.org > https://www.ietf.org/mailman/listinfo/msec -- Brian Weis Security, Enterprise Networking Group, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com
- [MSEC] Key Management protocol (GDOI - 6407) forw… Herb Falk <herb@sisconet.com>
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Yoav Nir
- Re: [MSEC] Key Management protocol (GDOI - 6407) … William Atwood
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Paul Lambert
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Sean Turner
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Yoav Nir
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Sean Turner
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Yoav Nir
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Sean Turner
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Brian Weis
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Brian Weis
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Paul Lambert
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Brian Weis
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Paul Lambert
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Brian Weis
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Paul Lambert
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Yoav Nir
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Sean Turner
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Yoav Nir
- Re: [MSEC] Key Management protocol (GDOI - 6407) … Herb Falk <herb@sisconet.com>