IETF Logo Mail Archive

Re: [secdir] Discussion from the Security Directorate

Fred Baker <fred@cisco.com> Thu, 30 July 2009 11:56 UTC

Return-Path: <fred@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C5CD3A68A9 for <secdir@core3.amsl.com>; Thu, 30 Jul 2009 04:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.861
X-Spam-Level:
X-Spam-Status: No, score=-99.861 tagged_above=-999 required=5 tests=[AWL=-9.862, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8, URIBL_BLACK=20, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Osh9GsD4H1G for <secdir@core3.amsl.com>; Thu, 30 Jul 2009 04:56:51 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id B985828C242 for <secdir@ietf.org>; Thu, 30 Jul 2009 04:56:50 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnQAAC8ncUqQ/uCLe2dsb2JhbACBUpg7FiQGnnSIJ5AlBYQRgU4
X-IronPort-AV: E=Sophos;i="4.43,295,1246838400"; d="scan'208";a="46137233"
Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 30 Jul 2009 11:56:51 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n6UBupvY003539; Thu, 30 Jul 2009 13:56:51 +0200
Received: from dhcp-56c8.meeting.ietf.org (dhcp-10-61-102-132.cisco.com [10.61.102.132]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n6UBuoYk009250; Thu, 30 Jul 2009 11:56:50 GMT
Message-Id: <85C22B4D-F60E-47C4-95A1-2AFCB3917114@cisco.com>
From: Fred Baker <fred@cisco.com>
To: Tina <tina@huawei.com>
In-Reply-To: <132FFEDA-A10E-4CF2-9090-B2BBD274F6BA@huawei.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 30 Jul 2009 13:56:50 +0200
References: <EDC652A26FB23C4EB6384A4584434A04018CF83B@307622ANEX5.global.avaya.com> <B40EE4C2-93AE-45A3-89AA-8601BFC76346@huawei.com> <633E561F-48D1-42DE-A310-9E77DB0A87F1@cisco.com> <4A6D98AC.4060100@bogus.com> <5AECC74E-90A0-45DA-9D23-7DE64F3488CB@cisco.com> <04f701ca102f$3e6d2c90$7958404e@china.huawei.com> <4C4D74B8-10FA-458E-93E4-37EE48F9D386@cisco.com> <50F560B9-787C-4B90-903B-28F27E67CF85@huawei.com> <132FFEDA-A10E-4CF2-9090-B2BBD274F6BA@huawei.com>
X-Mailer: Apple Mail (2.935.3)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=7740; t=1248955011; x=1249819011; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:=20Fred=20Baker=20<fred@cisco.com> |Subject:=20Re=3A=20[secdir]=20Discussion=20from=20the=20Se curity=20Directorate |Sender:=20; bh=x2aLFxvyzpqZtB5mmGVVGiS86ZxQI3tmPugp8mLGzdg=; b=Nra2Xx08GfJewn+ajvyXauGKd8QZDrcsOAqVZ9FPnfD8FbbKWEIbiWEb8W nYPZGilSbL6Y2+vPm/UhjG8MxZHqvvUACm4EtpL9mztl/sBepRFh9K0Hcdp2 E2VTHjmTHW;
Authentication-Results: ams-dkim-2; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, Joel Jaeggli <joelja@bogus.com>, 6man-ads@tools.ietf.org, secdir@ietf.org, behave-ads@tools.ietf.org, Behave Chairs <behave-chairs@tools.ietf.org>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, Joe Abley <jabley@ca.afilias.info>, Softwire Chairs <softwire-chairs@tools.ietf.org>, v6ops-ads@tools.ietf.org, softwire-ads@tools.ietf.org
Subject: Re: [secdir] Discussion from the Security Directorate
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 11:56:52 -0000

who is "we"?

I would suggest that you make your request to the chairs of the  
various working groups doing the work. These include 6man (designated  
custodian of all things IPv6 and therefore of RFCs 3053, 3056, 4213,  
and 5214), behave (translation), and softwire (tunnels).

On Jul 29, 2009, at 8:45 PM, Tina wrote:

> Hi again:)
> Some clarifications for the slides.
>
> a. security assessment, to evaluate the security of a transition  
> technology. What aspects do we need to judge and consider?
> b. function recommendation, to reduce the security threat of some  
> kind of transition technology. When deploy this technology, what  
> functionalities should the device need to have?
>
>
> B. R.
> Tina
> http://tinatsou.weebly.com/contact.html
>
>
>
> On Jul 29, 2009, at 5:23 PM, Tina wrote:
>
>> Hi Fred and David,
>> The slides were sent to OPS ADs, and we discussed it a bit in OPS- 
>> DIR work lunch on Monday. According to the suggestion from Dan, I  
>> forwarded the slides to the WG chairs of v6ops and opsec.
>>
>> Then Fred forwarded to SEC-DIR.
>>
>> I mentioned Fred's email during SEC-DIR work lunch on Tuesday.  
>> There was discussion.
>>
>> I went to Tuesday v6ops session before my slides were taken. Then I  
>> left for some personal emergency reasons. Therefore I was not able  
>> to present the slides. But Fred did it.
>>
>> The slides will be presented in OPS Area Opening meeting in the  
>> Large Stage between 15:10 to 16:10.
>>
>>
>> B. R.
>> Tina
>> http://tinatsou.weebly.com/contact.html
>>
>>
>> On Jul 29, 2009, at 5:04 PM, Fred Baker wrote:
>>
>>> It was presented to the ops directorate as "from the security  
>>> directorate" on Monday, and shipped off to my working group.
>>>
>>> OK, Tina, over to you...
>>>
>>> On Jul 29, 2009, at 11:30 AM, David Harrington wrote:
>>>
>>>> Hi,
>>>>
>>>> I have a question.
>>>> I am a member of the Security Directorate, and I do not remember  
>>>> any
>>>> discussion leading to this powerpoint presentation or request. I  
>>>> may
>>>> have missed a SECDIR session. I didn't find discussion of this
>>>> powerpoint presentation in the secdir archives prior to this week.
>>>>
>>>> Is this a "Discussion from the Security Directorate"? If so, when  
>>>> was
>>>> this discussed? Has the SECDIR reviewed this powerpoint slide  
>>>> deck and
>>>> approved it being sent to working groups?
>>>>
>>>> David Harrington
>>>> dbharrington@comcast.net
>>>> ietfdbh@comcast.net
>>>> dharrington@huawei.com
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: secdir-bounces@ietf.org
>>>>> [mailto:secdir-bounces@ietf.org] On Behalf Of Fred Baker
>>>>> Sent: Tuesday, July 28, 2009 10:49 PM
>>>>> To: Joel Jaeggli
>>>>> Cc: 6man Chairs; 6man-ads@tools.ietf.org; secdir@ietf.org;
>>>>> Kurt Erik Lindqvist; Joe Abley; Softwire Chairs;
>>>>> v6ops-ads@tools.ietf.org; softwire-ads@tools.ietf.org; Tina
>>>>> TSOU; behave-ads@tools.ietf.org; Behave Chairs
>>>>> Subject: Re: [secdir] Discussion from the Security Directorate
>>>>>
>>>>> I'm not arguing against the request. I'm asking what it is
>>>>> requesting,
>>>>> as I have no idea...
>>>>>
>>>>> I think I know what a threat analysis is.
>>>>>
>>>>> What is a "security assessment" apart from a "threat  
>>>>> assessment"? I
>>>>
>>>>> told v6ops (which does not develop transition technologies, by
>>>>> charter, and therefore is the absolute wrong place to send
>>>>> this) that
>>>>> I thought it might mean an assessment of how we might mitigate the
>>>>> threats. Absent any answers from the Security Directorate  
>>>>> responsive
>>>>
>>>>> to the question, I have no idea whether I was correct.
>>>>>
>>>>> And what on God's Green Earth is a "function recommendation"? I  
>>>>> have
>>>>
>>>>> no idea what you want.
>>>>>
>>>>> Nobody from the Security Directorate was there today to deliver  
>>>>> the
>>>>
>>>>> message. If I were developing a threat assessment of that
>>>>> protocol...
>>>>> let's see: delivered to the wrong WG by someone who didn't know  
>>>>> what
>>>>
>>>>> the message was supposed to be using slides he didn't understand  
>>>>> and
>>>>
>>>>> the security directorate didn't take the time to explain...
>>>>>
>>>>> On Jul 27, 2009, at 2:08 PM, Joel Jaeggli wrote:
>>>>>
>>>>>> I'd probably tune the slides a bit still:
>>>>>>
>>>>>> 	Security problems show up in deployment and use, these cannot
>>>> be
>>>>>> 	thought out at all when designing the protocols
>>>>>>
>>>>>> Is an assertion you'll get pushback on. we have signficant
>>>>> operational
>>>>>> experience with variations on many of the proposed or deployed
>>>>>> transition mechanisms. necessarily that experience informs both
>>>> our
>>>>>> current thinking and the desirability of any particular approach.
>>>>>>
>>>>>> bump in the wire type transition technologies certainly are an
>>>> area
>>>>>> potential concern for opsec
>>>>>>
>>>>>> Fred Baker wrote:
>>>>>>> Thanks, Tina. I will add this to the IPv6 Operations
>>>>> agenda, probably
>>>>>>> during our second session Tuesday.
>>>>>>>
>>>>>>> You will note that I am copying the chairs and ADs from several
>>>>>>> working
>>>>>>> groups. The reason is that the primary thrust of the
>>>>> comments you are
>>>>>>> making apply to work being done in those working groups. Slide 5
>>>>>>> specifically requests a threat analysis, security assessment,  
>>>>>>> and
>>>>>>> "function recommendation" on each transition technology;
>>>>> these are in
>>>>>>> fact being done in behave and softwires. I mention 6man because
>>>>>>> marketing blather from the IPv6 form makes security claims
>>>>> for IPv6,
>>>>>>> which it would be good if that working group clarified.
>>>>>>>
>>>>>>> I do have to ask specifically what the Security
>>>>> Directorate hopes to
>>>>>>> find in the three documents that have been requested for each of
>>>>
>>>>>>> these
>>>>>>> various technologies. What, specifically, is a "function
>>>>>>> recommendation"? A threat analysis is a statement that
>>>>> there exist
>>>>>>> a set
>>>>>>> of possible threats. Is a security assessment a statement about
>>>> how
>>>>>>> those threats are responded to? What, if the WGs don't
>>>>> produce it, is
>>>>>>> going to leave the Security Directorate feeling ill-used?
>>>>>>>
>>>>>>> On Jul 27, 2009, at 12:56 PM, Tina TSOU wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> B. R.
>>>>>>>> ">http://tinatsou.weebly.com/contact.html
>>>>>>>
>>>>>>>> Begin forwarded message:
>>>>>>>>
>>>>>>>>> From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
>>>>>>>>> Date: July 27, 2009 7:52:20 AM GMT+02:00
>>>>>>>>> To: Ron Bonica <rbonica@juniper.net>
>>>>>>>>> Cc: Tina TSOU <tena@huawei.com>
>>>>>>>>> Subject: FW: [OPS-DIR] Reminder: OPS-DIR working lunch
>>>>>>>>>
>>>>>>>>> Ron,
>>>>>>>>>
>>>>>>>>> This looks more like an opsec (who are not meeting this
>>>>> time) or
>>>>>>>>> v6ops
>>>>>>>>> subject.
>>>>>>>>>
>>>>>>>>> Dan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Tina TSOU [mailto:tena@huawei.com]
>>>>>>>>> Sent: Monday, July 27, 2009 12:02 AM
>>>>>>>>> To: Romascanu, Dan (Dan)
>>>>>>>>> Subject: Re: [OPS-DIR] Reminder: OPS-DIR working lunch
>>>>>>>>>
>>>>>>>>> Hi Dan,
>>>>>>>>> Could this be discussed at OPS-DIR working lunch?
>>>>>>>> <Recommendation of IPv6 Security work--on the flight-2.ppt>
>>>>>>>> <ATT4180184.txt>
>>>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> secdir mailing list
>>>>> secdir@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/secdir
>>>>>
>>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email