IETF Logo Mail Archive

Re: [saag] Additions to RFC 3631?

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 21 May 2012 18:23 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF92921F864C for <saag@ietfa.amsl.com>; Mon, 21 May 2012 11:23:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.421
X-Spam-Level:
X-Spam-Status: No, score=-102.421 tagged_above=-999 required=5 tests=[AWL=1.179, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9BTwQY+E+X+1 for <saag@ietfa.amsl.com>; Mon, 21 May 2012 11:23:31 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9106921F85FF for <saag@ietf.org>; Mon, 21 May 2012 11:23:31 -0700 (PDT)
Received: by bkty8 with SMTP id y8so5122032bkt.31 for <saag@ietf.org>; Mon, 21 May 2012 11:23:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=pM1jKd8/ijcmDKDBaf/No/XxjZO4Dd+r0gOWmhMhUhA=; b=PWfTHIfxbKis4sFo51jpL6JITCpN8k+y9SfGtLFn7y5f6j1rxPdD7y66DOhUYqTOs7 eBI1vTg+tBj099qP/FBlLXMCrhCnu3xfeIY8lA9hBLhr+iSAVgs7WsH5BSHBFKnKAGZj 4v4bAug9ZSFLWJCXRJ9CJP3fP+RfweoJc+swIec2wDDfATHG4YsBXgLGzp/94QK4JsM/ nB8ZnawdC3/vr/Gga69VeXlFn8KzQUhYT/7MSlu5C3wMKroMX5W+A3llXLeg3zHk/vjk i9cp2qcAhvs9LOc/Lfd4CJ7N3TUpeb5oRNKBKgiBi3y9YiJV+DBFyOnT/vXwWOWyGjRc hVJA==
Received: by 10.205.120.17 with SMTP id fw17mr8540035bkc.20.1337624610647; Mon, 21 May 2012 11:23:30 -0700 (PDT)
Received: from [10.0.0.3] ([109.64.171.110]) by mx.google.com with ESMTPS id fu14sm2445586bkc.13.2012.05.21.11.23.29 (version=SSLv3 cipher=OTHER); Mon, 21 May 2012 11:23:29 -0700 (PDT)
Message-ID: <4FBA8820.2030702@gmail.com>
Date: Mon, 21 May 2012 21:23:28 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu> <877gw69h81.fsf@latte.josefsson.org> <4FB9ECA4.3010904@gmail.com> <D54BB652-9B1D-4A19-8F8F-AF288E4ADE24@cs.columbia.edu> <78F24BEE-DD3B-474D-9E0B-1AC73CBE373A@vpnc.org> <CAK3OfOj=jR4R+hBDTcv-DNqqU0AdHHonSTOmsMpR3ZqmhDmbdQ@mail.gmail.com> <4FBA7807.5080207@isi.edu>
In-Reply-To: <4FBA7807.5080207@isi.edu>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, IETF Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 18:23:32 -0000

Trying my best to be unpopular:

Much as I like the concept of BTNS, it hasn't caught on. I see this RFC 
as providing useful guidance to practitioners, and non-existent 
technology doesn't cut it.

On the other hand, SSH "leap of faith" is very close to BTNS, and should 
in fact be mentioned in the paragraph that discusses SSH. In the context 
of SSH, "leap of faith" is much more innovative than what the current 
text focuses on.

Email security takes up a significant part of the document (Sec. 3.10). 
We might wish otherwise (I do), but none of these mechanisms has been a 
real-world success. And very few people write new Email software anyway. 
So I would eliminate this section altogether or fold it into a paragraph 
or two in "Security/Multipart".

Thanks,
	Yaron

On 05/21/2012 08:14 PM, Joe Touch wrote:
>
>
> On 5/21/2012 10:06 AM, Nico Williams wrote:
>> On Mon, May 21, 2012 at 11:42 AM, Paul Hoffman<paul.hoffman@vpnc.org>
>> wrote:
>>> +1 to adding EAP as a mechanism.
>>>
>>> +/-0 to adding channel bindings, given how few people understand them.
>>
>> EIther it's important/useful or not. If it is then having some text
>> in this RFC would help those people who don't understand CB.
>
> I'd add it - in fact, I would add both BTNS and TCP-AO, since neither
> are covered and both serve different purposes than the mechanisms listed.
>
> I also feel that Sec 2.4 should be expanded to explain in more detail
> how different levels of protection are used.
>
> Joe
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email