Re: [Pppext] Future of the PPP WG
Vernon Schryver <vjs@rhyolite.com> Sat, 10 September 2011 03:35 UTC
Return-Path: <vjs@rhyolite.com>
X-Original-To: pppext@ietfa.amsl.com
Delivered-To: pppext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 7C9D621F85B1 for <pppext@ietfa.amsl.com>;
Fri, 9 Sep 2011 20:35:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8TlVK2s6lKt for
<pppext@ietfa.amsl.com>; Fri, 9 Sep 2011 20:35:36 -0700 (PDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com
[IPv6:2001:4978:230::3]) by ietfa.amsl.com (Postfix) with ESMTP id
D8B9C21F85AE for <pppext@ietf.org>; Fri, 9 Sep 2011 20:35:35 -0700 (PDT)
Received: from calcite.rhyolite.com (localhost [127.0.0.1]) by
calcite.rhyolite.com (8.14.4/8.14.4) with ESMTP id p8A3bLT2074938
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for
<pppext@ietf.org> env-from <vjs@rhyolite.com>; Sat, 10 Sep 2011 03:37:21 GMT
Received: (from vjs@localhost) by calcite.rhyolite.com (8.14.4/8.14.4/Submit)
id p8A3bINo074937 for pppext@ietf.org; Sat, 10 Sep 2011 03:37:18 GMT
Date: Sat, 10 Sep 2011 03:37:18 GMT
From: Vernon Schryver <vjs@rhyolite.com>
Message-Id: <201109100337.p8A3bINo074937@calcite.rhyolite.com>
To: pppext@ietf.org
In-Reply-To: <201109100127.p8A1QxVI003799@cichlid.raleigh.ibm.com>
X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist
Subject: Re: [Pppext] Future of the PPP WG
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pppext>,
<mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>,
<mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2011 03:35:36 -0000
> From: Thomas Narten <narten@us.ibm.com> > (By that, are there still folk doing PPP implementations > that would read such documents?) > > This WG's current charter seems to be very realistic and pragmatic > given the state of both PPP and the WG. We should not be updating the > charter to add items that will in practice never get done, no matter > how much we might like to see such work getting done (in an ideal > world). A more accurate way to say that is that this WG should not be turned into a vanity press for old folks trying to prove we're not irrelevant. If there is real and substantial work to be done, then it should be proposed before changing the charter in sufficient detail to convince honest and well informed third parties that and how the charter should be changed. Observations that the security of PPP protocols might be improved would be valid but entirely insufficient. Significant needs and potential fixes must be proposed before starting yet another multi-year PPP project that would not finish before IPv4 address exhaustion finally makes IPv6 real. ... Personally I think PPP insecurity was never a very pressing problem, because link layer security never mattered as much as security at higher layers. Besides, other link layer protocols such as 802.11 that are more popular (measured by nodes using them) and less secure (as commonly deployed) make the insecurity of PPP links moot. What bad guy would bother attacking a PPP/DSL link when a radio can get bits on and off the same PPP link easier and with fewer traces? Link layer encryption, authentication, and authorization don't matter a lot if you have end-to-end confidentiality, authentication, authorization, non-repudiation, etc. On the other hand, if you haven't secured things end-to-end, then link layer security is snake oil. If you've the least connection to today's operational security community, you know that the worst that could happen with a link layer attack is trivial compared what happens now in higher layers. Even if this WG could fix PPP security this decade, wouldn't the effort of the rest of the IETF in reviewing, advancing, and shuffling our documents be better spent in the higher layers? Recall BPG security, what DigiNotar and Comodo prove about PKI (that we all knew many years ago), old style insecure DNS, DNSSEC vulnerabilities analogous to the PKI problems, the RIR issues, and so forth and so on and on. It would be nice to fix nasty messes such as PPPoE, but that ship has also sailed. Vernon Schryver vjs@rhyolite.com
- [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG Mark Townsley
- Re: [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Mark Townsley
- Re: [Pppext] Future of the PPP WG William Allen Simpson
- Re: [Pppext] Future of the PPP WG Thomas Narten
- Re: [Pppext] Future of the PPP WG Vernon Schryver
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG Bernard Aboba
- Re: [Pppext] Future of the PPP WG Mark Townsley
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG Vernon Schryver
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG Mark Townsley
- Re: [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Ignacio Goyret
- Re: [Pppext] Future of the PPP WG William Allen Simpson
- Re: [Pppext] Future of the PPP WG Jacni Qin
- Re: [Pppext] Future of the PPP WG Jacni Qin
- Re: [Pppext] Future of the PPP WG Jacni Qin
- Re: [Pppext] Future of the PPP WG Jacni Qin
- Re: [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG Mark Townsley
- Re: [Pppext] Future of the PPP WG James Carlson
- Re: [Pppext] Future of the PPP WG Vernon Schryver
- Re: [Pppext] Future of the PPP WG William Allen Simpson
- Re: [Pppext] Future of the PPP WG Glen Zorn
- Re: [Pppext] Future of the PPP WG William Allen Simpson
- Re: [Pppext] Future of the PPP WG Donald Eastlake
- Re: [Pppext] Future of the PPP WG Donald Eastlake