IETF Logo Mail Archive

Re: [Netconf] WGLC??for??draft-ietf-netconf-tls-04.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 30 September 2008 17:34 UTC

Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@lists.ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 77D6D3A6BBE; Tue, 30 Sep 2008 10:34:21 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACCE73A6BBE for <netconf@core3.amsl.com>; Tue, 30 Sep 2008 10:34:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qz4wJhAF+Zvt for <netconf@core3.amsl.com>; Tue, 30 Sep 2008 10:34:20 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id B51353A6AD3 for <netconf@ietf.org>; Tue, 30 Sep 2008 10:34:12 -0700 (PDT)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id 8B60FC004F; Tue, 30 Sep 2008 19:33:56 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id CYOfj8FOz3-v; Tue, 30 Sep 2008 19:33:49 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id CA692C0023; Tue, 30 Sep 2008 19:33:49 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 217DB7D6C77; Tue, 30 Sep 2008 19:33:50 +0200 (CEST)
Date: Tue, 30 Sep 2008 19:33:50 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: badra@isima.fr
Message-ID: <20080930173350.GA25831@elstar.local>
Mail-Followup-To: badra@isima.fr, "tom.petch?" <cfinss@dial.pipex.com>, ? <netconf@ietf.org>
References: <61043.88.164.98.77.1222722436.squirrel@www.isima.fr> <001301c9230c$7ed77940$0601a8c0@allison> <54288.88.164.98.77.1222791769.squirrel@www.isima.fr>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54288.88.164.98.77.1222791769.squirrel@www.isima.fr>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: ? <netconf@ietf.org>
Subject: Re: [Netconf] WGLC??for??draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org

On Tue, Sep 30, 2008 at 06:22:49PM +0200, badra@isima.fr wrote:
 
> I think the "applicability" or the benefits of using pre-shared key based
> authentication have been explained in the Introduction of [RFC4279]. To
> recall of them, would be sufficient to insert the following text at the
> end of the first paragraph of Section 3? (The use of PSK is a MAY, not a
> SHOULD)
> 
> "The benefits of pre-shared symmetric-key vs. public-/private-key pair
> based authentication for the key exchange in TLS have been explained in
> the Introduction of [RFC4279]".

If you add an explicit pointer to the benefits of PSKs by pointing to
the Introduction of RFC 4279, then I like to request that you also add
an explicit pointer to the applicability statement contained in
section 1.1 of RFC 4279. The text starts as follows:

   The ciphersuites defined in this document are intended for a rather
   limited set of applications, usually involving only a very small
   number of clients and servers.  Even in such environments, other
   alternatives may be more appropriate.

I assume we have agreement that PSKs following RFC 4279 are on
optional to implement feature and my preference would be to trust
implementors that they go and read RFC 4279 and then decide wether
PSKs are in their interest or not without highlighting any benefits
of drawbacks in the NETCONF transport mapping itself.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email