[secdir] draft-ietf-decade-survey-04
Phillip Hallam-Baker <hallam@gmail.com> Wed, 13 July 2011 20:21 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63F5C11E80C3; Wed, 13 Jul 2011 13:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.514
X-Spam-Level:
X-Spam-Status: No, score=-3.514 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7hrKB4lZ-Pp; Wed, 13 Jul 2011 13:21:49 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id B6D7811E80E4; Wed, 13 Jul 2011 13:21:48 -0700 (PDT)
Received: by gyd5 with SMTP id 5so3029151gyd.31 for <multiple recipients>; Wed, 13 Jul 2011 13:21:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=TfJHlL6/slPIOT7x5LBLNXRJa8DLNMbbwSO5g+Dti2g=; b=MsgwNClRplfE7tpjvcgtWVTrkNBSr4W4ljZetQ+yp/BzhF7YnVgJRkoCNqWAKuo/6V AoPXDfVnxyqtcP/WNUjhQGbJJ2Jh3Cf8ImV2m26sdLtpb1ys7VWzsrTn0wJji/cVHGsI kS3N76u6Hdu81YaBRGcwWPAESSC06wSepILk8=
MIME-Version: 1.0
Received: by 10.101.179.7 with SMTP id g7mr1496690anp.102.1310588507510; Wed, 13 Jul 2011 13:21:47 -0700 (PDT)
Received: by 10.100.93.12 with HTTP; Wed, 13 Jul 2011 13:21:47 -0700 (PDT)
Date: Wed, 13 Jul 2011 16:21:47 -0400
Message-ID: <CAMm+LwgZCrrJTty2P_12VKFJCC5RAwPX1fEwF2oY_n+2Wpu4WQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: iesg@ietf.org, secdir@ietf.org, ralimi@google.com, Akbar.Rahman@InterDigital.com, yry@cs.yale.edu
Content-Type: multipart/alternative; boundary="001636c926646fd7d204a7f92ad7"
Subject: [secdir] draft-ietf-decade-survey-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 20:21:53 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. SECURITY This is a survey of existing systems and as such does not require a security considerations as there is nothing to build. However, the draft does analyze the security of the existing schemes and as such seems to be looking at this from the point of view of how the systems implement existing security schemes appropriate for file stores. I don't think this is sufficient or particularly useful. I can see outsourced storage being used in various ways: 1) As a filestore replacement 2) As an emergency backup. 3) As a latency reducer Lets leave 3 to one side for a moment. Support for ACLs and such is only really relevant for 1. Local storage is cheap though and my main interest is actually 2 more than 1. A system with no security is fine with me as I can layer whatever security I need on with cryptography. The security problem as I see it then is to do with how the customer and outsourcer interact and issues of the form Customer: Those aren't my bits you gave me! Outsourcer: Oh yes they are! Lawyer1: Prove it! Lawyer 2: Prove it! See where this is headed? Case 3 has an even more tenuous connection between the provider, consumer and storage provider. Do we even have a commitment to support storage of anyone's bits? What are the liabilities if corruption ensues? -- Website: http://hallambaker.com/
- [secdir] draft-ietf-decade-survey-04 Phillip Hallam-Baker