Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12

Jeffrey Hutzelman <jhutz@cmu.edu> Tue, 05 May 2009 19:09 UTC

Date: Tue, 05 May 2009 15:10:17 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: David B Harrington <dbharrington@comcast.net>, 'Barry Leiba' <barryleiba@computer.org>, secdir@ietf.org, iesg@ietf.org
Message-ID: <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu>
In-Reply-To: <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com> <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: draft-ietf-isms-transport-security-model@tools.ietf.org, isms@ietf.org, isms-chairs@tools.ietf.org
Subject: Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12
Precedence: list

--On Tuesday, May 05, 2009 01:50:46 PM -0400 David B Harrington 
<dbharrington@comcast.net> wrote:

> That is a deployment decision made by an administrator who has an
> understanding of what is appropriate to the system in question. MUST
> is for implementers and SHOULD is for deployers.

Nononono.  When we say "MUST is for implementors", we mean that our 
specifications give requirements for implementations which claim to comply; 
RFC2119 requirements language is generally inappropriate for deployment 
advice.

It is appropriate to say TSM MUST be use with a TM that provides 
appropriate security; that is equivalent to saying that implementations 
MUST NOT use TSM together with an inappropriate TM, such as UDP.

That said, selection of transport and security models generally is an 
operational decision.  TSM itself is really architectural glue to allow us 
to push some of the security infrastructure down into a transport below 
SNMP, such as SSH or TLS.  You'd never say "I want to use TSM, now which 
transport should I use"; you'd say "I want to use SSH -- oh, for that to 
work, I have to use it with TSM".

-- Jeff

[secdir] secdir review of draft-ietf-isms-transpo… Barry Leiba
Re: [secdir] secdir review ofdraft-ietf-isms-tran… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Barry Leiba
Re: [secdir] [Isms] secdirreview ofdraft-ietf-ism… Randy Presuhn
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Glen Zorn
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Juergen Schoenwaelder
Re: [secdir] [Isms] secdir review of draft-ietf-i… David B. Nelson
Re: [secdir] [Isms] secdir review of draft-ietf-i… Sam Hartman
Re: [secdir] [Isms] secdir review of draft-ietf-i… Barry Leiba
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Barry Leiba
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Juergen Schoenwaelder
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… David Harrington
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… tom.petch