Re: [saag] should we revise rfc 3365?
Mouse <mouse@Rodents-Montreal.ORG> Wed, 23 May 2012 23:51 UTC
Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B544821F86E1 for <saag@ietfa.amsl.com>; Wed, 23 May 2012 16:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.873
X-Spam-Level:
X-Spam-Status: No, score=-8.873 tagged_above=-999 required=5 tests=[AWL=1.115, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5359fhpVVHQr for <saag@ietfa.amsl.com>; Wed, 23 May 2012 16:51:03 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by ietfa.amsl.com (Postfix) with ESMTP id 0549E21F86DC for <saag@ietf.org>; Wed, 23 May 2012 16:51:02 -0700 (PDT)
Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id TAA23415; Wed, 23 May 2012 19:51:01 -0400 (EDT)
Date: Wed, 23 May 2012 19:51:01 -0400
From: Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <201205232351.TAA23415@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
X-Composition-Start-Date: Wed, 23 May 2012 19:26:34 -0400 (EDT)
To: saag@ietf.org
In-Reply-To: <4FBD6A78.2070204@cs.tcd.ie>
References: <4FBD6A78.2070204@cs.tcd.ie>
Subject: Re: [saag] should we revise rfc 3365?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 23:51:03 -0000
> Short version: go read [RFC 3365] and say if you think it needs an > update. Yes, but I believe it's not one you're willing to accept. > "MUST implement strong security in all protocols" I believe this is too dogmatic a position, and will simply lead to IETF process being ignored in those cases where strong security is unnecessary or undeisrable. Consider, for example, the number of useful protocols we have today that could not be standardized under this policy: whois, SMTP, and DHCP come to mind. Based on a quick skim of the specs, NFS is another one (even v4 doesn't seem to have MTI security, only an MTI framework within which security can optionally be done - but that's just a quick skim; I could easily have missed something). I know that, as an occasional protocol designer, if I believe a protocol has no need for security, I would sooner ignore the IETF than I would bother with shoehorning enough security to satisfy the IETF into it. Aside from this excessively (I believe) dogmatic position, I see nothing wrong with 3365. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
- [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Steven Bellovin
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Nico Williams
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Nico Williams