IETF Logo Mail Archive

Re: [Netconf]   WGLC for draft-ietf-netconf-t ls-04.txt

"tom.petch" <cfinss@dial.pipex.com> Tue, 30 September 2008 16:02 UTC

Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 064B23A6B5A; Tue, 30 Sep 2008 09:02:13 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C855C3A6AD3 for <netconf@core3.amsl.com>; Tue, 30 Sep 2008 09:02:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0pjbhc-7LbU for <netconf@core3.amsl.com>; Tue, 30 Sep 2008 09:02:11 -0700 (PDT)
Received: from mk-outboundfilter-2.mail.uk.tiscali.com (mk-outboundfilter-2.mail.uk.tiscali.com [212.74.114.38]) by core3.amsl.com (Postfix) with ESMTP id 125F128C137 for <netconf@ietf.org>; Tue, 30 Sep 2008 09:02:08 -0700 (PDT)
X-Trace: 141971093/mk-outboundfilter-2.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-temporary-group/213.116.60.250
X-SBRS: None
X-RemoteIP: 213.116.60.250
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhoFACfq4UjVdDz6/2dsb2JhbACDRTmIVrIZA4Fk
X-IronPort-AV: E=Sophos;i="4.33,338,1220223600"; d="scan'208";a="141971093"
X-IP-Direction: IN
Received: from 1cust250.tnt106.lnd4.gbr.da.uu.net (HELO allison) ([213.116.60.250]) by smtp.pipex.tiscali.co.uk with SMTP; 30 Sep 2008 17:02:19 +0100
Message-ID: <001301c9230c$7ed77940$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: badra@isima.fr, David B Harrington <dbharrington@comcast.net>
References: <50947.88.164.98.77.1222460713.squirrel@www.isima.fr><00bb01c92265$a9c7ba90$0600a8c0@china.huawei.com> <61043.88.164.98.77.1222722436.squirrel@www.isima.fr>
Date: Tue, 30 Sep 2008 15:33:47 +0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
x-mimeole: Produced By Microsoft MimeOLE V6.00.2800.1106
Cc: Â <netconf@ietf.org>
Subject: Re: [Netconf]   WGLC for draft-ietf-netconf-t ls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org

----- Original Message -----
From: <badra@isima.fr>
To: "David B HarringtonÂ" <dbharrington@comcast.net>
Cc: "Â" <netconf@ietf.org>
Sent: Monday, September 29, 2008 11:07 PM
Subject: [Netconf] RE:  WGLC for draft-ietf-netconf-t ls-04.txt


> Here is a tentative to decide what text was needed regarding ciphersuite
> support.
>
> 4. Cipher Suite Requirements
>
>      Implementation of the protocol specified in this document MAY
>      implement any TLS cipher suite that provides mutual authentication.
>
>      Implementations MUST support TLS 1.2 [RFC5246] and are REQUIRED to
>      support the mandatory to implement cipher suite, which is
>      TLS_RSA_WITH_AES_128_CBC_SHA.  This document is assumed to apply to
>      future versions of TLS, in which case the mandatory to implement
>      cipher suite for the implemented version MUST be supported.
>
>      In the case of the pre-shared key authentication (described in
>      Section 3.3), implementations are REQUIRED to support the cipher
>      suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA RFC4279].
>
> Comments?
> Best regards,
> Badra
>

I think that you need more than this, somewhere in the document, giving the
applicability of the two very different suites, when is one appropriate, when
the other.  As it stands, I get the feeling that I am being told that you really
should be using PSK but that someone, perhaps that nasty old security
directorate, has insisted we conform to BCP0061 and so have had to include the
other as well:-)

But as to what that text might look like, I am less clear.

Tom Petch

<snip>

_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email