Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
David Harrington <ietfdbh@comcast.net> Thu, 22 March 2012 12:56 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375F921F85D9 for <secdir@ietfa.amsl.com>; Thu, 22 Mar 2012 05:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.308
X-Spam-Level:
X-Spam-Status: No, score=-102.308 tagged_above=-999 required=5 tests=[AWL=0.291, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGd0Y3Shedy3 for <secdir@ietfa.amsl.com>; Thu, 22 Mar 2012 05:56:50 -0700 (PDT)
Received: from qmta01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by ietfa.amsl.com (Postfix) with ESMTP id 327D021F857D for <secdir@ietf.org>; Thu, 22 Mar 2012 05:56:50 -0700 (PDT)
Received: from omta21.westchester.pa.mail.comcast.net ([76.96.62.72]) by qmta01.westchester.pa.mail.comcast.net with comcast id obsq1i0051ZXKqc51cwq6M; Thu, 22 Mar 2012 12:56:50 +0000
Received: from [192.168.1.33] ([71.233.85.150]) by omta21.westchester.pa.mail.comcast.net with comcast id ocwQ1i01Y3Ecudz3hcwY70; Thu, 22 Mar 2012 12:56:50 +0000
User-Agent: Microsoft-MacOutlook/14.14.0.111121
Date: Thu, 22 Mar 2012 08:56:21 -0400
From: David Harrington <ietfdbh@comcast.net>
To: Songhaibin <haibin.song@huawei.com>, Leif Johansson <leifj@sunet.se>
Message-ID: <CB909934.1FE44%ietfdbh@comcast.net>
Thread-Topic: secdir review of draft-ietf-decade-problem-statement-05
In-Reply-To: <E33E01DFD5BEA24B9F3F18671078951F1586BD77@szxeml534-mbx.china.huawei.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "secdir@ietf.org" <secdir@ietf.org>, Richard Woundy <Richard_Woundy@cable.comcast.com>, "draft-ietf-decade-problem-statement.all@tools.ietf.org" <draft-ietf-decade-problem-statement.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 12:56:51 -0000
Hi, I think the problem is "security issues are part of the problem", not just part of the solution. The threats associated with in-network storage should be identified as part of the problem. The need to mitigate the threats is part of the requirements. How to mitigate those threats is part of the solution. -- David Harrington Director, Transport Area Internet Engineering Task Force (IETF) Ietfdbh@comcast.net +1-603-828-1401 On 3/22/12 7:40 AM, "Songhaibin" <haibin.song@huawei.com> wrote: >Hi Leif, > >I do not say your suggestion is wrong. Instead, I think your comment is >very reasonable. I say this is the problem statement draft, I admit we >are going to dig a little deeper with the potential threats in our >context (without an architecture as the basis), but these threats are not >going to be solved here, they will be considered when designing the >architecture document. > >BR, >-Haibin > >> -----Original Message----- >> From: Leif Johansson [mailto:leifj@sunet.se] >> Sent: Thursday, March 22, 2012 6:37 PM >> To: Songhaibin >> Cc: draft-ietf-decade-problem-statement.all@tools.ietf.org; >>iesg@ietf.org; >> secdir@ietf.org >> Subject: Re: secdir review of draft-ietf-decade-problem-statement-05 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 03/22/2012 08:44 AM, Songhaibin wrote: >> > Thank you Leif, >> > >> >> My main problem with the draft is that the Security >> >> Considerations Section is weak. I would have liked a more >> >> in-depth analysis of the enumerated threats in the context of >> >> decade. For instance the privacy aspects of using in-network >> >> storage for P2P networks is only covered briefly as part of a >> >> discussion on traffic analysis. >> > >> > Because many of the security threats are not very special compared >> > to other client-server interactions, so we did not give much >> > analysis there, but only quote the potential threats here. But we >> > will try to think a little more deeper. >> > >> >> I think thats where we disagree. My argument is that since some of >> the architecture is invalidated by common solutions to the usual >> threat vectors (eg e2e encryption). >> >> Cheers Leif >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAk9rAMYACgkQ8Jx8FtbMZndKTQCfRPosiDyR8qVxzVv5mxOCZybE >> 7ggAnjrKN/BC5ZL5F5I/5griYLcwnTa/ >> =dAdC >> -----END PGP SIGNATURE-----
- [secdir] secdir review of draft-ietf-decade-probl… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… David Harrington