[proxies] [IETF Proxy] Next Steps

Katrin Hoeper <katrin.hoeper@nist.gov> Wed, 16 April 2008 21:49 UTC

Return-Path: <proxies-bounces@ietf.org>
X-Original-To: proxies-archive@ietf.org
Delivered-To: ietfarch-proxies-archive@core3.amsl.com
Received: from core3.amsl.com (localhost []) by core3.amsl.com (Postfix) with ESMTP id 90A0B28C112; Wed, 16 Apr 2008 14:49:01 -0700 (PDT)
X-Original-To: proxies@core3.amsl.com
Delivered-To: proxies@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 5B4B028C112 for <proxies@core3.amsl.com>; Wed, 16 Apr 2008 14:49:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id hD-KL8lOWelG for <proxies@core3.amsl.com>; Wed, 16 Apr 2008 14:49:00 -0700 (PDT)
Received: from smtp.nist.gov (rimp1.nist.gov []) by core3.amsl.com (Postfix) with ESMTP id 2D40B28C0F7 for <proxies@ietf.org>; Wed, 16 Apr 2008 14:48:58 -0700 (PDT)
Received: from mesico.nist.gov (csme13.ncsl.nist.gov []) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id m3GLjRIl011196 for <proxies@ietf.org>; Wed, 16 Apr 2008 17:47:28 -0400
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Wed, 16 Apr 2008 17:45:27 -0400
To: proxies@ietf.org
From: Katrin Hoeper <katrin.hoeper@nist.gov>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_29215953==_"
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: katrin.hoeper@nist.gov
Subject: [proxies] [IETF Proxy] Next Steps
X-BeenThere: proxies@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <proxies.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:proxies@ietf.org>
List-Help: <mailto:proxies-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=subscribe>
Sender: proxies-bounces@ietf.org
Errors-To: proxies-bounces@ietf.org

Hey everybody,

Instead of continuing our heated debate from Philadelphia, I propose 
to choose a more directed & organized path [fill in jokes about 
Germans] for our future proxy discussions on this list.

Before we start proposing and analyzing solutions, we first need to 
evaluate if the IETF should propose a solution for problems 
introduced by proxies. If we come to the conclusion "NO", the IETF 
shouldn't (because there aren't any problems, or the problems are not 
severe enough for network providers to demand such a solution), we 
should still document and publish these results to provide a 
reference for other IETF documents and to stop the never ending proxy 
discussions that slow down so many WGs. If we come to the conclusion 
"YES", the IETF should do something, it seems to be a good idea to 
have a BOF or pick an existing WG to continue working on the 
identified "proxy problems".

I propose the following next steps for our "proxy group" before IETF 
72 in Dublin:

  1. Define Use Cases
-       describe typical current and future scenarios/applications in 
which  proxies are used
-       describe the role and capabilities (e.g. knowledge of 
information and/or keying material) of proxies and other network 
entities in these use cases
-       describe network architectures of use cases

2. Define Threat Model
-       define trust model for all network entities including proxies 
and their relationships to each other
-       analyze how proxies can launch attacks in the defined use 
cases, i.e. what are the threats?

3. Analyze the feasibility and severity of the identified threats

After these steps are completed, we should be able to decide whether 
we should continue.
I volunteer to serve as an editor for a draft covering the results of 
our initial investigation.

Please post your comments to the list. Feel free to use my ppt slides 
from Philadelphia as basis for your comments, but please focus on the 
outlined initial steps in this message.

Especially steps 1 and 3 require input from network providers and 
other hands-on people who actually work with proxy networks. We need 
your feedback!

Best regards,

Katrin Hoeper
Computer Security Division
National Institute of Standards and Technology (NIST)
100 Bureau Dr. Mail stop: 8930
Gaithersburg, MD 20878
(301) 975 - 4024
Proxies mailing list