Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
"Howard C. Berkowitz" <hcb@clark.net> Tue, 31 March 1998 19:10 UTC
Delivery-Date: Tue, 31 Mar 1998 14:16:25 -0500
Return-Path: cclark
Received: (from adm@localhost) by ns.ietf.org (8.8.5/8.8.7a) id OAA05156 for ietf-outbound.10@ietf.org; Tue, 31 Mar 1998 14:10:01 -0500 (EST)
Received: from mail0.tor.acc.ca (mail0.tor.acc.ca [204.92.54.110]) by ns.ietf.org (8.8.5/8.8.7a) with ESMTP id OAA05097 for <ietf@ns.ietf.org>; Tue, 31 Mar 1998 14:07:50 -0500 (EST)
Received: from [142.154.136.3] (ppp-042.m4-1.cgy.ican.net [142.154.136.42]) by mail0.tor.acc.ca (8.8.8/8.8.8) with ESMTP id OAA08646; Tue, 31 Mar 1998 14:07:09 -0500 (EST)
Date: Tue, 31 Mar 1998 14:07:09 -0500
X-Sender: hcb@pop3.clark.net
Message-Id: <v0300780bb146a2d106bd@[142.154.136.3]>
In-Reply-To: <199803311502.KAA16223@jekyll.piermont.com>
References: Your message of "Tue, 31 Mar 1998 09:51:59 EST." <v03007807b1466a67057e@[142.154.136.3]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: perry@piermont.com
From: "Howard C. Berkowitz" <hcb@clark.net>
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Cc: ietf@ns.ietf.org
At 10:02 -0500 3/31/98, Perry E. Metzger wrote: >"Howard C. Berkowitz" writes: >> At 9:02 -0500 3/31/98, Perry E. Metzger wrote: >> >"Howard C. Berkowitz" writes: >> >> I may have missed a writeup that already exists, >> > >> >Such as the documents we are discussing, yes.... >> >> You mean obscure things like draft-ietf-ipsec-arch-sec-04.txt? > >If you think that internet drafts are obscure, might I respectfully >suggest that you familiarize yourself with the mechanism, as it is a >basic requirement for functioning in the IETF environment? Apparently the sarcasm mode was missed. I am quite familiar with the process, and have authored and coauthored both current I-D's and RFCs. > >> I recognize there are other working documents, but this is Last Call >> for a specific one, > >If you are not aware of the other ipsec docs, all of which are named >consistantly, with draft-ietf-ipsec prefixes, to make them easy to >find in the internet drafts directory, might I suggest that you >familiarize yourself with them? That is not my point. This is a last call for a specific document, an architectural one. As I read the current version of that document, it does not reference some ongoing work, nor does it deal with certain issues raised in the last call discussion and elsewhere. The purpose of an architectural document is to map requirements into system components. I am aware that the directory you cite include discussions of the cryptographic protocols of primary interest to code implementers. Detailed knowledge of all of these is not critical when analyzing architecture. Reading knowledge of other IPSEC documents is relevant; a professional knows that some selectivity is in order. Unfortunately, my initial phrasing of my concerns in a more subtle manner apparently went over Mr. Metzger's head, and he chose the opportunity to patronize. I shall not engage in further childish discussion as whether I do or do not understand the IETF process to which I have contributed. Stating things more succinctly, I think the architecture document, specifically, does not either discuss proxy vs. end-to-end functions in the context of risk analysis, nor does it reference a document that does. There have been strong arguments about the interactions of IPsec and various proxy and proxy-like functions, including NAT, satellite spoofing, firewalls, etc. Perhaps some guidance from the IESG or IAB is in order, clarifying how the IETF will build consensus on the interaction of these security and infrastructure technologies. Specific commentary on the effect of widespread IPsec deployment on the demand for globally routable IPv4 space, under various scenarios of IPsec tunneling, should be considered.
- Re: Last Call: Security Architecture for the Inte… Howard C. Berkowitz
- Re: Last Call: Security Architecture for the Inte… Howard C. Berkowitz
- Re: Last Call: Security Architecture for the Inte… C. Harald Koch
- Re: Last Call: Security Architecture for the Inte… Howard C. Berkowitz
- Re: Last Call: Security Architecture for the Inte… Robert Moskowitz