Re: [Pppext] Future of the PPP WG

Jacni Qin <jacniq@gmail.com> Tue, 13 September 2011 03:52 UTC

Return-Path: <jacniq@gmail.com>
X-Original-To: pppext@ietfa.amsl.com
Delivered-To: pppext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22CAA21F8B6C for <pppext@ietfa.amsl.com>; Mon, 12 Sep 2011 20:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.438
X-Spam-Level:
X-Spam-Status: No, score=-3.438 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozNuaLZytgtl for <pppext@ietfa.amsl.com>; Mon, 12 Sep 2011 20:52:04 -0700 (PDT)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by ietfa.amsl.com (Postfix) with ESMTP id 0A3C121F8B87 for <pppext@ietf.org>; Mon, 12 Sep 2011 20:52:03 -0700 (PDT)
Received: by mail-vw0-f54.google.com with SMTP id 18so267648vws.27 for <pppext@ietf.org>; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EDe7QAIvsdbdbxa5IlfTnOAEpplLJlgL2NYqsHf3qxA=; b=mE4li822TPMc0cmMrdaGIQtNjHd95puNnIOj7VS3nxtwe/Z5vv9oCDLJNZEysm/FPW 1doGzeXZd4VAlLCZsvSmM3/gl8bmHIc00FOvoKdzsRAX6voeRMmqjQvJl2whZDQp25Sh XyXkywuEBCeg2mlohpqDm1C9BHX20YhlvivrI=
MIME-Version: 1.0
Received: by 10.52.69.177 with SMTP id f17mr628249vdu.150.1315886049230; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
Received: by 10.52.187.161 with HTTP; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
In-Reply-To: <201109100337.p8A3bINo074937@calcite.rhyolite.com>
References: <201109100127.p8A1QxVI003799@cichlid.raleigh.ibm.com> <201109100337.p8A3bINo074937@calcite.rhyolite.com>
Date: Tue, 13 Sep 2011 11:54:09 +0800
Message-ID: <CAHmj1WcuJJYJVmiggAG51jxSAUZ7vpAdM9cHo21jqMcSjCApGw@mail.gmail.com>
From: Jacni Qin <jacniq@gmail.com>
To: Vernon Schryver <vjs@rhyolite.com>
Content-Type: multipart/alternative; boundary=20cf307d00d0877f3b04acca987c
Cc: pppext@ietf.org
Subject: Re: [Pppext] Future of the PPP WG
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pppext>, <mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 03:52:05 -0000

On Sat, Sep 10, 2011 at 11:37 AM, Vernon Schryver <vjs@rhyolite.com> wrote:

> > From: Thomas Narten <narten@us.ibm.com>
>
> >            (By that, are there still folk doing PPP implementations
> > that would read such documents?)
> >
> > This WG's current charter seems to be very realistic and pragmatic
> > given the state of both PPP and the WG. We should not be updating the
> > charter to add items that will in practice never get done, no matter
> > how much we might like to see such work getting done (in an ideal
> > world).
>
> A more accurate way to say that is that this WG should not be turned
> into a vanity press for old folks trying to prove we're not irrelevant.
>
> If there is real and substantial work to be done, then it should be
> proposed before changing the charter in sufficient detail to convince
> honest and well informed third parties that and how the charter should
> be changed.
>
> Observations that the security of PPP protocols might be improved
> would be valid but entirely insufficient.  Significant needs and
> potential fixes must be proposed before starting yet another
> multi-year PPP project that would not finish before IPv4 address
> exhaustion finally makes IPv6 real.
>
> Actually, we are trying to get things done in real world to smooth the path
to IPv6, which seems
to be welcome by some ISPs, since, there is a gap in the case of PPP for
IPv6.
I know it may have been discussed, and a suggestion was given, but some ISPs
whose access networks are 90% based on PPP, and who are planning to deploy
IPv6 for their comercial services, are not convinced.

There're still works need to be done.


Cheers,
Jacni


>  ...
>
> Personally I think PPP insecurity was never a very pressing problem,
> because link layer security never mattered as much as security at
> higher layers.
>
> Besides, other link layer protocols such as 802.11 that are more
> popular (measured by nodes using them) and less secure (as commonly
> deployed) make the insecurity of PPP links moot.  What bad guy would
> bother attacking a PPP/DSL link when a radio can get bits on and
> off the same PPP link easier and with fewer traces?
>
> Link layer encryption, authentication, and authorization don't
> matter a lot if you have end-to-end confidentiality, authentication,
> authorization, non-repudiation, etc.  On the other hand, if you
> haven't secured things end-to-end, then link layer security is
> snake oil.
>
> If you've the least connection to today's operational security
> community, you know that the worst that could happen with a link layer
> attack is trivial compared what happens now in higher layers.  Even
> if this WG could fix PPP security this decade, wouldn't the effort
> of the rest of the IETF in reviewing, advancing, and shuffling our
> documents be better spent in the higher layers?  Recall BPG security,
> what DigiNotar and Comodo prove about PKI (that we all knew many years
> ago), old style insecure DNS, DNSSEC vulnerabilities analogous to the
> PKI problems, the RIR issues, and so forth and so on and on.
>
>
> It would be nice to fix nasty messes such as PPPoE, but that ship
> has also sailed.
>
>
> Vernon Schryver    vjs@rhyolite.com
> _______________________________________________
> Pppext mailing list
> Pppext@ietf.org
> https://www.ietf.org/mailman/listinfo/pppext
>