[rddp] New RDDP security draft coming (draft-ietf-rddp-security-08.txt)
"Jim Pinkerton" <jpink@windows.microsoft.com> Thu, 02 March 2006 21:06 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEv0Q-0001Wb-D3; Thu, 02 Mar 2006 16:06:39 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEusl-0001Gn-CY for rddp@ietf.org; Thu, 02 Mar 2006 15:58:43 -0500
Received: from mail3.microsoft.com ([131.107.3.123]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FEusi-0000Fh-7c for rddp@ietf.org; Thu, 02 Mar 2006 15:58:41 -0500
Received: from mailout2.microsoft.com ([157.54.1.120]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.2499); Thu, 2 Mar 2006 12:58:39 -0800
Received: from tuk-hub-03.redmond.corp.microsoft.com ([157.54.70.29]) by mailout2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.69.169]) by tuk-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.88]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Mar 2006 12:58:39 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 02 Mar 2006 12:58:38 -0800
Message-ID: <E6564B8F86852D46A4E98C485FB33B8F123F3570@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: New RDDP security draft coming (draft-ietf-rddp-security-08.txt)
Thread-Index: AcY+PBQkN+xhdgL6Qv+T6qR7O2mYeQ==
From: Jim Pinkerton <jpink@windows.microsoft.com>
To: rddp@ietf.org
X-OriginalArrivalTime: 02 Mar 2006 20:58:39.0286 (UTC) FILETIME=[14B2CD60:01C63E3C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e9d8c60d9288f2c774f26bab15869505
Subject: [rddp] New RDDP security draft coming (draft-ietf-rddp-security-08.txt)
X-BeenThere: rddp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IETF Remote Direct Data Placement \(rddp\) WG" <rddp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rddp@ietf.org>
List-Help: <mailto:rddp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0102715945=="
Errors-To: rddp-bounces@ietf.org
Wanted to give folks a heads up that I just submitted the update to the security draft to address AD feedback. While there is not a lot of new text, the document has been pretty substantially restructured. Below is a quick summary of the changes: Broke the old chapter 5 "Attacks and Countermeasures" into 3 separate chapters - attacks with a primary solution of deploying end-to-end security ("Attacks That Can be Mitigated With End-to-End Security"), attacks from the remote peer (and also potentially the local peer) - "Attacks from Remote Peers", and attacks from the local peer. Removed section 5.1"Tools for Countermeasures". This was largely redundant text or text that was better suited elsewhere. Some moved to section 2.2: Resources (e.g. PD, Scope of an STag, access rights), some moved to the new chapter 5 (end-to-end security), one flat deleted (limiting the scope of an error was already covered in the text). Removed the old Chapter 6 "Security Services for RDMAP and DDP" and moved the text primarily into the new chapter 5, where appropriate. And several small changes: - Made the TLS discussion more explicit that this is a bad idea - added new normative "NOT RECOMMENDED". - Better description of the blind attack within the Impersonation section. - removed all page references, per AD request (RFC editor will munge all of them). - Added references to RDMAC Verbs, IB Verbs - Better described Untagged vs. Tagged data transfer (section 2.1), plus sprinkled this elsewhere. - Added note that by stating that some of the IPS security draft is normative, this means that support for IPsec ESP is normative. - Several new informative references - still have a TBD on the exact text. - Some minor text changes. I have a word doc with change bars turned on, but unfortunately the change bars are incomplete (well, mostly complete). I tried to do all fixes (except the re-org) to the document with change bars on, and then do the document restructure with change-bars off. I wasn't perfect in switching it off/on though - apologies. I can ship on request the word doc. I would appreciate it if anyone has time to do a full review. I am planning on doing a careful full read through and submitting minor revisions after the blackout period (like fixing the TBD reference). I believe the doc is pretty clean, but given the amount of restructuring there are problem some subtle issues. Jim
_______________________________________________ rddp mailing list rddp@ietf.org https://www1.ietf.org/mailman/listinfo/rddp
- [rddp] New RDDP security draft coming (draft-ietf… Jim Pinkerton