Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2

Glen Zorn <gwz@net-zen.net> Fri, 15 April 2011 02:10 UTC

Return-Path: <gwz@net-zen.net>
X-Original-To: secdir@ietfc.amsl.com
Delivered-To: secdir@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id EB794E0677 for <secdir@ietfc.amsl.com>; Thu, 14 Apr 2011 19:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DpsuhEIM2ZU for <secdir@ietfc.amsl.com>; Thu, 14 Apr 2011 19:10:59 -0700 (PDT)
Received: from p3plsmtpa06-04.prod.phx3.secureserver.net (p3plsmtpa06-04.prod.phx3.secureserver.net [173.201.192.105]) by ietfc.amsl.com (Postfix) with SMTP id DBF19E065C for <secdir@ietf.org>; Thu, 14 Apr 2011 19:10:58 -0700 (PDT)
Received: (qmail 475 invoked from network); 15 Apr 2011 02:10:58 -0000
Received: from unknown (124.120.179.135) by p3plsmtpa06-04.prod.phx3.secureserver.net (173.201.192.105) with ESMTP; 15 Apr 2011 02:10:57 -0000
Message-ID: <4DA7A92C.4010702@net-zen.net>
Date: Fri, 15 Apr 2011 09:10:52 +0700
From: Glen Zorn <gwz@net-zen.net>
Organization: Network Zen
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <AC6674AB7BC78549BB231821ABF7A9AEB530189991@EMBX01-WF.jnpr.net> <4DA69C8A.7000305@gmail.com> <BANLkTi=3WCvUgtLdNknDog--UniYM1G9Bg@mail.gmail.com> <F3494CC5-F44C-429F-B0D5-6116253590DF@vpnc.org>
In-Reply-To: <F3494CC5-F44C-429F-B0D5-6116253590DF@vpnc.org>
X-Enigmail-Version: 1.1.1
Content-Type: multipart/mixed; boundary="------------040805000305010907000501"
Cc: "draft-kuegler-ipsecme-pace-ikev2@tools.ietf.org" <draft-kuegler-ipsecme-pace-ikev2@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2011 02:11:00 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/14/2011 11:00 PM, Paul Hoffman wrote:

> On Apr 14, 2011, at 8:38 AM, Nico Williams wrote:
> 
>> Of course, PACE is targeting Experimental... do we care about
> 
>> cryptographic issues in Experimental RFCs?  I'd say we should, though
>> less so than for Standards Track RFCs since we can only spare so much
>> energy.
> 
> If we "care about" such things, they should be discussed on open mailing lists, particularly if you are criticizing academic publications related to the document.
> 
>> I'm rather disappointed to see this wheel reinvented.  SCRAM (RFC5802)
>> would fit right in instead of PACE, for example, and has the same
>> kinds of properties as PACE, but with a number of advantages over PACE
>> (SCRAM is on the Standards Track, received much more review, uses a
>> PBKDF with salt and iteration count, is implemented, is reusable in
>> many contexts, does channel binding, there's an LDAP schema for
>> storing SCRAM password verifiers, ...).
>>
>> We, secdir, should be encouraging wheel reuse wherever possible over
>> wheel reinvention.

Shh!  You're questioning what may be the IETF's _real_ primary role:
full employment for protocol designers.  Case in point:

> 
> "We" never have encouraged that. Many of "us" are chairs of WGs whose charters explicitly allow or mandate the opposite of what you are proposing. If you want a change, it has to come from the ADs, not from "us".

Reinventing the wheel 'r' us!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNp6ksAAoJEG4XtfZZU7RfebYH/R5uVr6nhibBuiCAYue3T0XG
rn7tpdkNJY25kok4vB7j7oCsJBT3E5j2xD5Rl6+FCRUICaL/UWyKJ1M8SQn5HNc6
rioVATMS9XUmeVBe/8qvYRh7wusxLrEiMTho3Q/MIpLYoAYK24iWSHLNzHxomWEI
2TFGe/padcxXLjs8lYqA4OMJu8jTvR2cPxKYCIKUUKubotyE4UGQmFYgBUxX1E8Y
vaz/7GNLBJnls2Dk66+ZN8f1Ey4u3z8lJvRoV3zL3zigdW+gbGPvxPjp5HlRfUZU
oFgrP5gtivputHDbnE3uKxTpEteN/rt6DTa4jIRe6WtlPEcD1mu9+JaRAs3I9Jw=
=D3GG
-----END PGP SIGNATURE-----