[saag] rfc5405bis security considerations text
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 15 October 2016 19:27 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6A0128E19 for <saag@ietfa.amsl.com>; Sat, 15 Oct 2016 12:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.032
X-Spam-Level:
X-Spam-Status: No, score=-2.032 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HsSWeFeL6fdX for <saag@ietfa.amsl.com>; Sat, 15 Oct 2016 12:27:00 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78E29129496 for <saag@ietf.org>; Sat, 15 Oct 2016 12:27:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2FF53BE2F; Sat, 15 Oct 2016 20:26:58 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bxWIbV2ObCLI; Sat, 15 Oct 2016 20:26:56 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 59259BDCC; Sat, 15 Oct 2016 20:26:56 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1476559616; bh=SAvPUVDk204Pt0D6OjYYqJnefePH0Rbk84qSh8KKuQs=; h=To:From:Subject:Date:From; b=DAFfBEm7Blz6hhUKIUHUZzPLC2Q9LY6iD84U6FdlqfUIBciUHl8zTR33t1ZYS+ySN Tl9rQBLTPB5G8eAVIj9QP7hm4M04hEaGgUUusWIthTiVz1qVCWZm6DTg8FgOEYX+IL tJ00D6Hw0Z0m7eUcYYbqNClBSm8QxBSstTdZ+J3g=
To: "saag@ietf.org" <saag@ietf.org>, "Eggert, Lars" <lars@netapp.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <dd289248-9c3c-23d6-8c99-e7722bad938d@cs.tcd.ie>
Date: Sat, 15 Oct 2016 20:26:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060007030901060007030808"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/UQ6vFRqM93jb_Uu8qR5aOOfQnvE>
Subject: [saag] rfc5405bis security considerations text
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 19:27:02 -0000
Hiya, RFC 5405 provides guidance to folks developing applications running over UDP. That's being updated now. A lot of that is about congestion control but there's also some security considerations text of course. [1] Some of that security text reads to me like it's fairly outdated (in particular the bit copied below). While it'd be nice to fix that, this draft has been approved by the IESG as the current text, even if outdated, isn't wrong, so it'd be wrong to block the document on that basis. That said, if someone had time to offer updated text, in the next week, that Lars and I were confident would reflect IETF consensus then Lars has said he'd be willing to use that. So if you have the time and interest, please send text to Lars and I. Sending to the list is fine, but there's no point in us having a major debate on this, as in that case, Lars will just reasonably decide to go ahead with the text he has now. Thanks in advance, S. [1] https://tools.ietf.org/html/draft-ietf-tsvwg-rfc5405bis-19#section-6 The bit of [1] that I thought was most outdated was: Many other options for authenticating or encrypting UDP payloads exist. For example, the GSS-API security framework [RFC2743] or Cryptographic Message Syntax (CMS) [RFC5652] could be used to protect UDP payloads. There exist a number of security options for RTP [RFC3550] over UDP, especially to accomplish key-management, see [RFC7201]. These options covers many usages, including point-to- point, centralized group communication as well as multicast. In some applications, a better solution is to protect larger stand-alone objects, such as files or messages, instead of individual UDP payloads. In these situations, CMS [RFC5652], S/MIME [RFC5751] or OpenPGP [RFC4880] could be used. In addition, there are many non- IETF protocols in this area.
- [saag] rfc5405bis security considerations text Stephen Farrell