IETF Logo Mail Archive

Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12

"Glen Zorn" <glenzorn@comcast.net> Wed, 06 May 2009 08:16 UTC

Return-Path: <glenzorn@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8042A3A6D7C for <secdir@core3.amsl.com>; Wed, 6 May 2009 01:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kTIBE4vq5stU for <secdir@core3.amsl.com>; Wed, 6 May 2009 01:16:37 -0700 (PDT)
Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by core3.amsl.com (Postfix) with ESMTP id B8C983A6DBD for <secdir@ietf.org>; Wed, 6 May 2009 01:15:51 -0700 (PDT)
Received: from OMTA01.westchester.pa.mail.comcast.net ([76.96.62.11]) by QMTA01.westchester.pa.mail.comcast.net with comcast id o8Fn1b0020EZKEL518HK4u; Wed, 06 May 2009 08:17:19 +0000
Received: from gwzPC ([210.57.242.40]) by OMTA01.westchester.pa.mail.comcast.net with comcast id o8Gd1b0070t0P5u3M8Ghlo; Wed, 06 May 2009 08:16:58 +0000
From: Glen Zorn <glenzorn@comcast.net>
To: 'David B Harrington' <dbharrington@comcast.net>, 'Barry Leiba' <barryleiba@computer.org>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com> <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu> <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu> <06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com> <9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com> <06ae01c9cdc2$37bbe4e0$0600a8c0@china.huawei.com>
In-Reply-To: <06ae01c9cdc2$37bbe4e0$0600a8c0@china.huawei.com>
Date: Wed, 06 May 2009 17:16:53 +0900
Message-ID: <011601c9ce23$10883930$3198ab90$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcnNvYH7CDZJrmj2Tqm7iS1rwxNuTAAAYdyQABj7Q4A=
Content-Language: en-us
Cc: secdir@ietf.org, isms@ietf.org, isms-chairs@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2009 08:16:44 -0000

How about just losing the capitalization?

> -----Original Message-----
> From: secdir-bounces@ietf.org [mailto:secdir-bounces@ietf.org] On
> Behalf Of David B Harrington
> Sent: Wednesday, May 06, 2009 5:44 AM
> To: 'Barry Leiba'
> Cc: isms@ietf.org; iesg@ietf.org; isms-chairs@tools.ietf.org;
> secdir@ietf.org
> Subject: Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-
> security-model-12
> 
> Hi Barry,
> 
> your formulation is "MUST ... use", where "use" is a deployment
> decision, and MUST is inappropriate for deployment advice.
> We currently use "SHOULD ... use", but Jeff thinks that in
> inappropriate as well.
> 
> How about:
>     by the RFC 3411 architecture.  However, the Transport Security
> Model
>     does not provide security mechanisms such as authentication and
>     encryption itself, so operators are advised to always use this
>     with a Transport Model
>     that provides appropriate security, where "appropriate" for a
> particular
>     deployment is an administrative decision.  Which threats are
> addressed
>     and how they are mitigated depends on the Transport Model.
> 
> dbh
> 
> > -----Original Message-----
> > From: barryleiba@gmail.com [mailto:barryleiba@gmail.com] On
> > Behalf Of Barry Leiba
> > Sent: Tuesday, May 05, 2009 4:04 PM
> > To: David B Harrington
> > Cc: secdir@ietf.org; iesg@ietf.org; isms@ietf.org;
> > isms-chairs@tools.ietf.org
> > Subject: Re: [Isms] [secdir] secdir review
> > ofdraft-ietf-isms-transport-security-model-12
> >
> > > That is a deployment decision made by an administrator who has an
> > > understanding of what is appropriate to the system in question.
> > >
> > > What is the correct non-RFC2119 phrase in which to couch our
> > > deployment advice?
> >
> > Well, this would make me happy; would it work for you (and others)?:
> >
> > OLD:
> >    by the RFC 3411 architecture.  However, the Transport
> > Security Model
> >    does not provide security mechanisms such as authentication and
> >    encryption itself, so it SHOULD always be used with a
> > Transport Model
> >    that provides appropriate security.  Which threats are
> > addressed and
> >    how they are mitigated depends on the Transport Model.
> >
> > NEW:
> >    by the RFC 3411 architecture.  However, the Transport
> > Security Model
> >    does not provide security mechanisms such as authentication and
> >    encryption itself, so it MUST always be used with a Transport
> Model
> >    that provides appropriate security.  What is "appropriate"
> > for a particular
> >    deployment is an administrative decision.  Which threats
> > are addressed
> >    and how they are mitigated depends on the Transport Model.
> >
> > Barry
> >
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir

v2.31.3 | Report a Bug | By Email | System Status