[proxies] [IETF Proxy] Next Steps
Katrin Hoeper <katrin.hoeper@nist.gov> Wed, 16 April 2008 21:49 UTC
Return-Path: <proxies-bounces@ietf.org>
X-Original-To: proxies-archive@ietf.org
Delivered-To: ietfarch-proxies-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 90A0B28C112; Wed, 16 Apr 2008 14:49:01 -0700 (PDT)
X-Original-To: proxies@core3.amsl.com
Delivered-To: proxies@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B4B028C112 for <proxies@core3.amsl.com>; Wed, 16 Apr 2008 14:49:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hD-KL8lOWelG for <proxies@core3.amsl.com>; Wed, 16 Apr 2008 14:49:00 -0700 (PDT)
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by core3.amsl.com (Postfix) with ESMTP id 2D40B28C0F7 for <proxies@ietf.org>; Wed, 16 Apr 2008 14:48:58 -0700 (PDT)
Received: from mesico.nist.gov (csme13.ncsl.nist.gov [129.6.54.47]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id m3GLjRIl011196 for <proxies@ietf.org>; Wed, 16 Apr 2008 17:47:28 -0400
Message-Id: <7.0.1.0.2.20080416172531.02401228@nist.gov>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Wed, 16 Apr 2008 17:45:27 -0400
To: proxies@ietf.org
From: Katrin Hoeper <katrin.hoeper@nist.gov>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_29215953==_"
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: katrin.hoeper@nist.gov
Subject: [proxies] [IETF Proxy] Next Steps
X-BeenThere: proxies@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <proxies.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:proxies@ietf.org>
List-Help: <mailto:proxies-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=subscribe>
Sender: proxies-bounces@ietf.org
Errors-To: proxies-bounces@ietf.org
Hey everybody, Instead of continuing our heated debate from Philadelphia, I propose to choose a more directed & organized path [fill in jokes about Germans] for our future proxy discussions on this list. Before we start proposing and analyzing solutions, we first need to evaluate if the IETF should propose a solution for problems introduced by proxies. If we come to the conclusion "NO", the IETF shouldn't (because there aren't any problems, or the problems are not severe enough for network providers to demand such a solution), we should still document and publish these results to provide a reference for other IETF documents and to stop the never ending proxy discussions that slow down so many WGs. If we come to the conclusion "YES", the IETF should do something, it seems to be a good idea to have a BOF or pick an existing WG to continue working on the identified "proxy problems". I propose the following next steps for our "proxy group" before IETF 72 in Dublin: 1. Define Use Cases - describe typical current and future scenarios/applications in which proxies are used - describe the role and capabilities (e.g. knowledge of information and/or keying material) of proxies and other network entities in these use cases - describe network architectures of use cases 2. Define Threat Model - define trust model for all network entities including proxies and their relationships to each other - analyze how proxies can launch attacks in the defined use cases, i.e. what are the threats? 3. Analyze the feasibility and severity of the identified threats After these steps are completed, we should be able to decide whether we should continue. I volunteer to serve as an editor for a draft covering the results of our initial investigation. Please post your comments to the list. Feel free to use my ppt slides from Philadelphia as basis for your comments, but please focus on the outlined initial steps in this message. Especially steps 1 and 3 require input from network providers and other hands-on people who actually work with proxy networks. We need your feedback! Best regards, Katrin ---------- Katrin Hoeper Computer Security Division National Institute of Standards and Technology (NIST) 100 Bureau Dr. Mail stop: 8930 Gaithersburg, MD 20878 (301) 975 - 4024
_______________________________________________ Proxies mailing list Proxies@ietf.org https://www.ietf.org/mailman/listinfo/proxies
- [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Bernard Aboba
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga