Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12

"David B Harrington" <dbharrington@comcast.net> Tue, 05 May 2009 19:27 UTC

From: David B Harrington <dbharrington@comcast.net>
To: 'Jeffrey Hutzelman' <jhutz@cmu.edu>, 'Barry Leiba' <barryleiba@computer.org>, secdir@ietf.org, iesg@ietf.org
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com> <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu> <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu>
Date: Tue, 05 May 2009 15:28:34 -0400
Message-ID: <06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AcnNtSYsrMOk66M4RPGOpg+msofHJgAAhTKA
In-Reply-To: <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu>
Cc: draft-ietf-isms-transport-security-model@tools.ietf.org, isms@ietf.org, isms-chairs@tools.ietf.org
Subject: Re: [secdir] [Isms] secdir review ofdraft-ietf-isms-transport-security-model-12
Precedence: list

OK, I'll change my answer. 

That is a deployment decision made by an administrator who has an
understanding of what is appropriate to the system in question.

What is the correct non-RFC2119 phrase in which to couch our
deployment advice?

dbh

> -----Original Message-----
> From: Jeffrey Hutzelman [mailto:jhutz@cmu.edu] 
> Sent: Tuesday, May 05, 2009 3:10 PM
> To: David B Harrington; 'Barry Leiba'; secdir@ietf.org;
iesg@ietf.org
> Cc: draft-ietf-isms-transport-security-model@tools.ietf.org; 
> isms@ietf.org; isms-chairs@tools.ietf.org; jhutz@cmu.edu
> Subject: Re: [Isms] [secdir] secdir review 
> ofdraft-ietf-isms-transport-security-model-12
> 
> --On Tuesday, May 05, 2009 01:50:46 PM -0400 David B Harrington 
> <dbharrington@comcast.net> wrote:
> 
> > That is a deployment decision made by an administrator who has an
> > understanding of what is appropriate to the system in question.
MUST
> > is for implementers and SHOULD is for deployers.
> 
> Nononono.  When we say "MUST is for implementors", we mean that our 
> specifications give requirements for implementations which 
> claim to comply; 
> RFC2119 requirements language is generally inappropriate for 
> deployment 
> advice.
> 
> It is appropriate to say TSM MUST be use with a TM that provides 
> appropriate security; that is equivalent to saying that 
> implementations 
> MUST NOT use TSM together with an inappropriate TM, such as UDP.
> 
> 
> That said, selection of transport and security models generally is
an 
> operational decision.  TSM itself is really architectural 
> glue to allow us 
> to push some of the security infrastructure down into a 
> transport below 
> SNMP, such as SSH or TLS.  You'd never say "I want to use 
> TSM, now which 
> transport should I use"; you'd say "I want to use SSH -- oh, 
> for that to 
> work, I have to use it with TSM".
> 
> 
> -- Jeff
>

[secdir] secdir review of draft-ietf-isms-transpo… Barry Leiba
Re: [secdir] secdir review ofdraft-ietf-isms-tran… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Barry Leiba
Re: [secdir] [Isms] secdirreview ofdraft-ietf-ism… Randy Presuhn
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Glen Zorn
Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Juergen Schoenwaelder
Re: [secdir] [Isms] secdir review of draft-ietf-i… David B. Nelson
Re: [secdir] [Isms] secdir review of draft-ietf-i… Sam Hartman
Re: [secdir] [Isms] secdir review of draft-ietf-i… Barry Leiba
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Barry Leiba
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Juergen Schoenwaelder
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… David Harrington
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… tom.petch