Re: [OPSEC] additional documents needing a home...
Joel Jaeggli <joelja@bogus.com> Sat, 04 October 2008 02:26 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 855D03A684D; Fri, 3 Oct 2008 19:26:37 -0700 (PDT)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D78923A684D for <opsec@core3.amsl.com>; Fri, 3 Oct 2008 19:26:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usruXOXa5V-A for <opsec@core3.amsl.com>; Fri, 3 Oct 2008 19:26:34 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id C98B83A6B6C for <opsec@ietf.org>; Fri, 3 Oct 2008 19:26:28 -0700 (PDT)
Received: from [192.168.1.117] (c-24-130-16-195.hsd1.ca.comcast.net [24.130.16.195]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id m942QpXL024390 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 4 Oct 2008 02:26:54 GMT (envelope-from joelja@bogus.com)
Message-ID: <48E6D46B.7020401@bogus.com>
Date: Fri, 03 Oct 2008 19:26:51 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.16 (X11/20080723)
MIME-Version: 1.0
To: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
References: <92c950310808250646t50c00ce0w8a778dc19c08188b@mail.gmail.com> <77ead0ec0809302014p336614afp433ea8de040713c5@mail.gmail.com> <6D26D1FE43A66F439F8109CDD424196501ED2F61@INEXC1U01.in.lucent.com>
In-Reply-To: <6D26D1FE43A66F439F8109CDD424196501ED2F61@INEXC1U01.in.lucent.com>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.93.3/8372/Thu Oct 2 15:21:47 2008 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec@ietf.org
Subject: Re: [OPSEC] additional documents needing a home...
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
Bhatia, Manav (Manav) wrote: > > I support draft-manral-rpsec-existing-crypto-05 and I think OPSEC is the > right home for this draft. Regarding: http://tools.ietf.org/html/draft-bhatia-manral-igp-crypto-requirements-00 I have concerns about this document making protocol requirements within the scope of our charter. Making this a set of protocol best practices I think hews more closely to our charter (and doesn't belong in routing). any thoughts on that? problems with manual keying seems straight up our alley. http://tools.ietf.org/html/draft-manral-rpsec-existing-crypto-05 and i have no reservations for taking that one to our ADs. joelja > Cheers, > Manav > >> -----Original Message----- >> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] >> On Behalf Of Vishwas Manral >> Sent: Wednesday, October 01, 2008 8.44 AM >> To: Glen Kent >> Cc: opsec@ietf.org >> Subject: Re: [OPSEC] additional documents needing a home... >> >> Hi Joel, >> >> I wanted to know your opinion of the consensus, and it was for >> allowing the work in the OPSEC WG? >> >> Thanks, >> Vishwas >> >> On 8/25/08, Glen Kent <glen.kent@gmail.com> wrote: >>> I strongly believe that drafts draft-ietf-rpsec-bgp-session-sec-req >>> and draft-manral-rpsec-existing-crypto-05 very much belong here in >>> OPSEC. >>> >>> Glen >>> >>> ---------- Forwarded message ---------- >>> From: Joel Jaeggli <joelja@bogus.com> >>> Date: Thu, Aug 21, 2008 at 6:43 AM >>> Subject: [OPSEC] additional documents needing a home... >>> To: opsec wg mailing list <opsec@ietf.org> >>> >>> >>> Folks, >>> >>> Dave Ward has proposed adding: >>> >>> Michael Behringer's rpsec draft >>> >>> http://tools.ietf.org/html/draft-ietf-rpsec-bgp-session-sec-req-01 >>> >>> Abstract >>> >>> The document "BGP security requirements" >> (draft-ietf-rpsec-bgpsecrec) >>> specifies general security requirements for BGP. >> However, specific >>> security requirements for single BGP sessions, i.e., the >> connection >>> between two BGP peers, are only touched on briefly in the section >>> "transport layer protection". This document expands on this >>> particular aspect of BGP security, defining the security >> requirements >>> between two BGP peers. >>> >>> which as was presented in opsec in ireland >>> >>> and >>> >>> >>> http://tools.ietf.org/html/draft-manral-rpsec-existing-crypto-05 >>> >>> Abstract >>> >>> Routing protocols are designed to use cryptographic mechanisms to >>> authenticate data being received from a neighboring >> router to ensure >>> that it has not been modified in transit, and actually originated >>> from the neighboring router purporting to have >> originating the data. >>> Most of the cryptographic mechanisms defined to date rely on hash >>> algorithms applied to the data in the routing protocol >> packet, which >>> means the data is transported, in the clear, along with a >> signature >>> based on the data itself. These mechanisms rely on the manual >>> configuration of the keys used to seed, or build, these hash based >>> signatures. This document outlines some of the problems >> with manual >>> keying of these cryptographic algorithms. >>> >>> >>> >> http://tools.ietf.org/html/draft-bhatia-manral-igp-crypto-requ >> irements-00 >>> Abstract >>> >>> The interior gateway routing protocols OSPFv2 [RFC2328], >> IS-IS [ISO] >>> [RFC1195] and RIP [RFC2453] currently define clear text and MD5 >>> [RFC1321] algorithms for authenticating their protocol >> packets. There >>> have recently been documents adding support of the SHA >> family of hash >>> algorithms for authenticating routing protocol packets >> for RIP, IS-IS >>> and OSPF. >>> >>> To ensure interoperability between disparate >> implementations, it is >>> imperative that we specify a set of >> mandatory-to-implement algorithms >>> thereby ensuring that there is at least one algorithm that all >>> implementations will have available. >>> >>> >>> >>> which were not... >>> >>> As these document existing practice or problems with >> existing protocols >>> I think it is conceivable that this work would fall within >> our proposed >>> and soon to be official charter. >>> >>> I would like to hear some opinions on the subject. there was some >>> discussion of the first document during the opsec wg meeting and I >>> believe that the record shows some support for and against >> housing it in >>> opsec. >>> >>> thanks >>> joelja >>> _______________________________________________ >>> OPSEC mailing list >>> OPSEC@ietf.org >>> https://www.ietf.org/mailman/listinfo/opsec >>> >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Glen Kent
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Steinthor Bjarnason (sbjarnas)
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Bhatia, Manav (Manav)