IETF Logo Mail Archive

[rddp] New RDDP security draft coming (draft-ietf-rddp-security-08.txt)

"Jim Pinkerton" <jpink@windows.microsoft.com> Thu, 02 March 2006 21:06 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEv0Q-0001Wb-D3; Thu, 02 Mar 2006 16:06:39 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEusl-0001Gn-CY for rddp@ietf.org; Thu, 02 Mar 2006 15:58:43 -0500
Received: from mail3.microsoft.com ([131.107.3.123]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FEusi-0000Fh-7c for rddp@ietf.org; Thu, 02 Mar 2006 15:58:41 -0500
Received: from mailout2.microsoft.com ([157.54.1.120]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.2499); Thu, 2 Mar 2006 12:58:39 -0800
Received: from tuk-hub-03.redmond.corp.microsoft.com ([157.54.70.29]) by mailout2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.69.169]) by tuk-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.88]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 02 Mar 2006 12:58:38 -0800
Message-ID: <E6564B8F86852D46A4E98C485FB33B8F123F3570@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: New RDDP security draft coming (draft-ietf-rddp-security-08.txt)
Thread-Index: AcY+PBQkN+xhdgL6Qv+T6qR7O2mYeQ==
From: Jim Pinkerton <jpink@windows.microsoft.com>
To: rddp@ietf.org
X-OriginalArrivalTime: 02 Mar 2006 20:58:39.0286 (UTC) FILETIME=[14B2CD60:01C63E3C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e9d8c60d9288f2c774f26bab15869505
Subject: [rddp] New RDDP security draft coming (draft-ietf-rddp-security-08.txt)
X-BeenThere: rddp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IETF Remote Direct Data Placement \(rddp\) WG" <rddp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rddp@ietf.org>
List-Help: <mailto:rddp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0102715945=="
Errors-To: rddp-bounces@ietf.org

 

Wanted to give folks a heads up that I just submitted the update to the
security draft to address AD feedback. While there is not a lot of new
text, the document has been pretty substantially restructured. Below is
a quick summary of the changes:

 

 

Broke the old chapter 5 "Attacks and Countermeasures" into 3 separate
chapters - attacks with a primary solution of deploying end-to-end
security ("Attacks That Can be Mitigated With End-to-End Security"),
attacks from the remote peer (and also potentially the local peer) -
"Attacks from Remote Peers", and attacks from the local peer. 

 

Removed section 5.1"Tools for Countermeasures". This was largely
redundant text or text that was better suited elsewhere. Some moved to
section 2.2: Resources (e.g. PD, Scope of an STag, access rights), some
moved to the new chapter 5 (end-to-end security), one flat deleted
(limiting the scope of an error was already covered in the text).

 

Removed the old Chapter 6 "Security Services for RDMAP and DDP" and
moved the text primarily into the new chapter 5, where appropriate.

 

And several small changes:

-          Made the TLS discussion more explicit that this is a bad idea
- added new normative "NOT RECOMMENDED".

-          Better description of the blind attack within the
Impersonation section.

-          removed all page references, per AD request (RFC editor will
munge all of them).

-          Added references to RDMAC Verbs, IB Verbs

-          Better described Untagged vs. Tagged data transfer (section
2.1), plus sprinkled this elsewhere. 

-          Added note that by stating that some of the IPS security
draft is normative, this means that support for IPsec ESP is normative.

-          Several new informative references - still have a TBD on the
exact text.

-          Some minor text changes.

 

I have a word doc with change bars turned on, but unfortunately the
change bars are incomplete (well, mostly complete). I tried to do all
fixes (except the re-org) to the document with change bars on, and then
do the document restructure with change-bars off. I wasn't perfect in
switching it off/on though - apologies. 

 

I can ship on request the word doc. I would appreciate it if anyone has
time to do a full review. I am planning on doing a careful full read
through and submitting minor revisions after the blackout period (like
fixing the TBD reference). I believe the doc is pretty clean, but given
the amount of restructuring there are problem some subtle issues.

 

 

Jim

 

 

 

 

 

 

 


_______________________________________________
rddp mailing list
rddp@ietf.org
https://www1.ietf.org/mailman/listinfo/rddp

v2.23.0 | Report a Bug | By Email