IETF Logo Mail Archive

Re: [saag] should we revise rfc 3365?

Mouse <mouse@Rodents-Montreal.ORG> Wed, 23 May 2012 23:51 UTC

Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B544821F86E1 for <saag@ietfa.amsl.com>; Wed, 23 May 2012 16:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.873
X-Spam-Level:
X-Spam-Status: No, score=-8.873 tagged_above=-999 required=5 tests=[AWL=1.115, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5359fhpVVHQr for <saag@ietfa.amsl.com>; Wed, 23 May 2012 16:51:03 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by ietfa.amsl.com (Postfix) with ESMTP id 0549E21F86DC for <saag@ietf.org>; Wed, 23 May 2012 16:51:02 -0700 (PDT)
Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id TAA23415; Wed, 23 May 2012 19:51:01 -0400 (EDT)
Date: Wed, 23 May 2012 19:51:01 -0400
From: Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <201205232351.TAA23415@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
X-Composition-Start-Date: Wed, 23 May 2012 19:26:34 -0400 (EDT)
To: saag@ietf.org
In-Reply-To: <4FBD6A78.2070204@cs.tcd.ie>
References: <4FBD6A78.2070204@cs.tcd.ie>
Subject: Re: [saag] should we revise rfc 3365?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 23:51:03 -0000

> Short version: go read [RFC 3365] and say if you think it needs an
> update.

Yes, but I believe it's not one you're willing to accept.

> "MUST implement strong security in all protocols"

I believe this is too dogmatic a position, and will simply lead to IETF
process being ignored in those cases where strong security is
unnecessary or undeisrable.  Consider, for example, the number of
useful protocols we have today that could not be standardized under
this policy: whois, SMTP, and DHCP come to mind.  Based on a quick skim
of the specs, NFS is another one (even v4 doesn't seem to have MTI
security, only an MTI framework within which security can optionally be
done - but that's just a quick skim; I could easily have missed
something).

I know that, as an occasional protocol designer, if I believe a
protocol has no need for security, I would sooner ignore the IETF than
I would bother with shoehorning enough security to satisfy the IETF
into it.

Aside from this excessively (I believe) dogmatic position, I see
nothing wrong with 3365.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse@rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

v2.23.0 | Report a Bug | By Email