Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
Barry Leiba <barryleiba@computer.org> Fri, 08 May 2009 18:03 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 75CDB3A6A6A; Fri, 8 May 2009 11:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.134
X-Spam-Level:
X-Spam-Status: No, score=-2.134 tagged_above=-999 required=5 tests=[AWL=-0.157, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oh7Vs5CytDTP; Fri, 8 May 2009 11:03:49 -0700 (PDT)
Received: from mail-ew0-f176.google.com (mail-ew0-f176.google.com [209.85.219.176]) by core3.amsl.com (Postfix) with ESMTP id 1BACA3A68EE; Fri, 8 May 2009 11:03:48 -0700 (PDT)
Received: by ewy24 with SMTP id 24so2003758ewy.37 for <multiple recipients>; Fri, 08 May 2009 11:05:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=Xxbp2g/pWwo7wsfjK8ouyVG14qFJJN2OPWa/Cf9cPF4=; b=NaZGuz7Lfy6PIhb6XXhqFOUxKiPSjILsG2wIPMGm3SOI3e1l479V+wP2juGsDVjjO1 uVIGYnrIAG3rN4OeOBzelTQbOZyrJm4GSndz6c0YdgJW6Yz79aaFoBWpRz2MINLLQEIC mXhc3i1D0v0U2rBotIxLv98Dylyr3jTAY3ZQ4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=aCDzAUR8J3hlq8jZ3Ncr467cgTwOt9My7E5c9dTl12N+AJEVrvyicLHlg2mYtAnJ8V e+flK2bF2fO3F/cZ0c40YpZUwK+/FtRy3ZsWpWuVdJLxXCpcsKgH+11f7Px8KajLBiUL 2QyFHmRBdS5ucBkez5wanSNSbzz2XdCV784tg=
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 10.210.17.2 with SMTP id 2mr2065031ebq.35.1241805915886; Fri, 08 May 2009 11:05:15 -0700 (PDT)
In-Reply-To: <007f01c9cffe$0aa68da0$0601a8c0@allison>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com> <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu> <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu> <06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com> <9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com> <007f01c9cffe$0aa68da0$0601a8c0@allison>
Date: Fri, 08 May 2009 14:05:15 -0400
X-Google-Sender-Auth: cb874c641c4d5cc1
Message-ID: <9abf48a60905081105t49201217o591687187c12dd84@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: "tom.petch" <cfinss@dial.pipex.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: isms@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2009 18:03:50 -0000
(Top post only...) I get what you're saying, Tom, but I'm not sure where it's going. Are you saying that the text should be changed to allow *less* flexibility? That may be right, but then what text do you suggest instead? Barry >> > That is a deployment decision made by an administrator who has an >> > understanding of what is appropriate to the system in question. >> > >> > What is the correct non-RFC2119 phrase in which to couch our >> > deployment advice? >> >> Well, this would make me happy; would it work for you (and others)?: >> >> OLD: >> by the RFC 3411 architecture. However, the Transport Security Model >> does not provide security mechanisms such as authentication and >> encryption itself, so it SHOULD always be used with a Transport Model >> that provides appropriate security. Which threats are addressed and >> how they are mitigated depends on the Transport Model. >> >> NEW: >> by the RFC 3411 architecture. However, the Transport Security Model >> does not provide security mechanisms such as authentication and >> encryption itself, so it MUST always be used with a Transport Model >> that provides appropriate security. What is "appropriate" for a particular >> deployment is an administrative decision. Which threats are addressed >> and how they are mitigated depends on the Transport Model. > > I have reservations about this, about the optimism that it may generate in > readers. > > The idea of Models in SNMP is to be able to mix and match. In practice, this > has not worked - USM with sshTM will not function, regardless of whether it is > secure or not. Do not underestimate the labour it has taken to get TSM working > with sshTM. > > If we have got TSM right, then it will work with eg TLSTM or DTLSTM, an idea > that is being mooted now. But it may not. In a similar vein, I am mindful that > ssh just hit problems with AES-GCM, that the architecture of ssh does not allow > for this new cryptography or that the discussions leading to TLS 1.2 of how to > introduce (or not) algorithm agility, just as SNMP has problems (and has given > up) trying to use USM with sshTM. > > Thus TLS has session cache and resumption. Will that work with TSM? I do not > know - and as it has taken the last two years to come up with an agreed form of > words that allows just TSM to work with just sshTM, so I am not going > to try and work out the ramifications of TLSTM just yet:-( We may find we got > TSM wrong and that it needs changing. > > Or we may have another secure Transport Model that turns out to be insecure with > TSM and needs an xSM to make it secure. The proposed amendment seems to me > rather optimistic. > > Tom Petch
- [secdir] secdir review of draft-ietf-isms-transpo… Barry Leiba
- Re: [secdir] secdir review ofdraft-ietf-isms-tran… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Barry Leiba
- Re: [secdir] [Isms] secdirreview ofdraft-ietf-ism… Randy Presuhn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Glen Zorn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdir review of draft-ietf-i… David B. Nelson
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Sam Hartman
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… tom.petch