IETF Logo Mail Archive

Re: [secdir] Discussion from the Security Directorate

Tina <tena@huawei.com> Wed, 29 July 2009 15:24 UTC

Return-Path: <tena@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B230B3A6823 for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 08:24:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.411
X-Spam-Level:
X-Spam-Status: No, score=-0.411 tagged_above=-999 required=5 tests=[AWL=-0.516, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_13=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOPWH5tAkeZO for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 08:24:36 -0700 (PDT)
Received: from szxga02-in.huawei.com (unknown [119.145.14.65]) by core3.amsl.com (Postfix) with ESMTP id 761A33A697F for <secdir@ietf.org>; Wed, 29 Jul 2009 08:24:13 -0700 (PDT)
Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KNJ00CXIUS4W9@szxga02-in.huawei.com> for secdir@ietf.org; Wed, 29 Jul 2009 23:24:04 +0800 (CST)
Received: from huawei.com ([172.24.1.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KNJ009IWUS4OM@szxga02-in.huawei.com> for secdir@ietf.org; Wed, 29 Jul 2009 23:24:04 +0800 (CST)
Received: from dhcp-1313.meeting.ietf.org (dhcp-1313.meeting.ietf.org [130.129.19.19]) by szxml02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KNJ00HB6URVBZ@szxml02-in.huawei.com>; Wed, 29 Jul 2009 23:24:04 +0800 (CST)
Date: Wed, 29 Jul 2009 17:23:53 +0200
From: Tina <tena@huawei.com>
In-reply-to: <4C4D74B8-10FA-458E-93E4-37EE48F9D386@cisco.com>
To: Fred Baker <fred@cisco.com>
Message-id: <50F560B9-787C-4B90-903B-28F27E67CF85@huawei.com>
MIME-version: 1.0
X-Mailer: Apple Mail (2.930.3)
Content-type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-transfer-encoding: 7bit
References: <EDC652A26FB23C4EB6384A4584434A04018CF83B@307622ANEX5.global.avaya.com> <B40EE4C2-93AE-45A3-89AA-8601BFC76346@huawei.com> <633E561F-48D1-42DE-A310-9E77DB0A87F1@cisco.com> <4A6D98AC.4060100@bogus.com> <5AECC74E-90A0-45DA-9D23-7DE64F3488CB@cisco.com> <04f701ca102f$3e6d2c90$7958404e@china.huawei.com> <4C4D74B8-10FA-458E-93E4-37EE48F9D386@cisco.com>
X-Mailman-Approved-At: Wed, 29 Jul 2009 08:26:22 -0700
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, Joel Jaeggli <joelja@bogus.com>, 6man-ads@tools.ietf.org, secdir@ietf.org, behave-ads@tools.ietf.org, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, Joe Abley <jabley@ca.afilias.info>, Softwire Chairs <softwire-chairs@tools.ietf.org>, v6ops-ads@tools.ietf.org, softwire-ads@tools.ietf.org, Behave Chairs <behave-chairs@tools.ietf.org>
Subject: Re: [secdir] Discussion from the Security Directorate
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 15:24:37 -0000

Hi Fred and David,
The slides were sent to OPS ADs, and we discussed it a bit in OPS-DIR  
work lunch on Monday. According to the suggestion from Dan, I  
forwarded the slides to the WG chairs of v6ops and opsec.

Then Fred forwarded to SEC-DIR.

I mentioned Fred's email during SEC-DIR work lunch on Tuesday. There  
was discussion.

I went to Tuesday v6ops session before my slides were taken. Then I  
left for some personal emergency reasons. Therefore I was not able to  
present the slides. But Fred did it.

The slides will be presented in OPS Area Opening meeting in the Large  
Stage between 15:10 to 16:10.


B. R.
Tina
http://tinatsou.weebly.com/contact.html


On Jul 29, 2009, at 5:04 PM, Fred Baker wrote:

> It was presented to the ops directorate as "from the security  
> directorate" on Monday, and shipped off to my working group.
>
> OK, Tina, over to you...
>
> On Jul 29, 2009, at 11:30 AM, David Harrington wrote:
>
>> Hi,
>>
>> I have a question.
>> I am a member of the Security Directorate, and I do not remember any
>> discussion leading to this powerpoint presentation or request. I may
>> have missed a SECDIR session. I didn't find discussion of this
>> powerpoint presentation in the secdir archives prior to this week.
>>
>> Is this a "Discussion from the Security Directorate"? If so, when was
>> this discussed? Has the SECDIR reviewed this powerpoint slide deck  
>> and
>> approved it being sent to working groups?
>>
>> David Harrington
>> dbharrington@comcast.net
>> ietfdbh@comcast.net
>> dharrington@huawei.com
>>
>>
>>> -----Original Message-----
>>> From: secdir-bounces@ietf.org
>>> [mailto:secdir-bounces@ietf.org] On Behalf Of Fred Baker
>>> Sent: Tuesday, July 28, 2009 10:49 PM
>>> To: Joel Jaeggli
>>> Cc: 6man Chairs; 6man-ads@tools.ietf.org; secdir@ietf.org;
>>> Kurt Erik Lindqvist; Joe Abley; Softwire Chairs;
>>> v6ops-ads@tools.ietf.org; softwire-ads@tools.ietf.org; Tina
>>> TSOU; behave-ads@tools.ietf.org; Behave Chairs
>>> Subject: Re: [secdir] Discussion from the Security Directorate
>>>
>>> I'm not arguing against the request. I'm asking what it is
>>> requesting,
>>> as I have no idea...
>>>
>>> I think I know what a threat analysis is.
>>>
>>> What is a "security assessment" apart from a "threat assessment"? I
>>
>>> told v6ops (which does not develop transition technologies, by
>>> charter, and therefore is the absolute wrong place to send
>>> this) that
>>> I thought it might mean an assessment of how we might mitigate the
>>> threats. Absent any answers from the Security Directorate responsive
>>
>>> to the question, I have no idea whether I was correct.
>>>
>>> And what on God's Green Earth is a "function recommendation"? I have
>>
>>> no idea what you want.
>>>
>>> Nobody from the Security Directorate was there today to deliver the
>>
>>> message. If I were developing a threat assessment of that
>>> protocol...
>>> let's see: delivered to the wrong WG by someone who didn't know what
>>
>>> the message was supposed to be using slides he didn't understand and
>>
>>> the security directorate didn't take the time to explain...
>>>
>>> On Jul 27, 2009, at 2:08 PM, Joel Jaeggli wrote:
>>>
>>>> I'd probably tune the slides a bit still:
>>>>
>>>> 	Security problems show up in deployment and use, these cannot
>> be
>>>> 	thought out at all when designing the protocols
>>>>
>>>> Is an assertion you'll get pushback on. we have signficant
>>> operational
>>>> experience with variations on many of the proposed or deployed
>>>> transition mechanisms. necessarily that experience informs both
>> our
>>>> current thinking and the desirability of any particular approach.
>>>>
>>>> bump in the wire type transition technologies certainly are an
>> area
>>>> potential concern for opsec
>>>>
>>>> Fred Baker wrote:
>>>>> Thanks, Tina. I will add this to the IPv6 Operations
>>> agenda, probably
>>>>> during our second session Tuesday.
>>>>>
>>>>> You will note that I am copying the chairs and ADs from several
>>>>> working
>>>>> groups. The reason is that the primary thrust of the
>>> comments you are
>>>>> making apply to work being done in those working groups. Slide 5
>>>>> specifically requests a threat analysis, security assessment, and
>>>>> "function recommendation" on each transition technology;
>>> these are in
>>>>> fact being done in behave and softwires. I mention 6man because
>>>>> marketing blather from the IPv6 form makes security claims
>>> for IPv6,
>>>>> which it would be good if that working group clarified.
>>>>>
>>>>> I do have to ask specifically what the Security
>>> Directorate hopes to
>>>>> find in the three documents that have been requested for each of
>>
>>>>> these
>>>>> various technologies. What, specifically, is a "function
>>>>> recommendation"? A threat analysis is a statement that
>>> there exist
>>>>> a set
>>>>> of possible threats. Is a security assessment a statement about
>> how
>>>>> those threats are responded to? What, if the WGs don't
>>> produce it, is
>>>>> going to leave the Security Directorate feeling ill-used?
>>>>>
>>>>> On Jul 27, 2009, at 12:56 PM, Tina TSOU wrote:
>>>>>
>>>>>>
>>>>>> B. R.
>>>>>> ">http://tinatsou.weebly.com/contact.html
>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>>> From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
>>>>>>> Date: July 27, 2009 7:52:20 AM GMT+02:00
>>>>>>> To: Ron Bonica <rbonica@juniper.net>
>>>>>>> Cc: Tina TSOU <tena@huawei.com>
>>>>>>> Subject: FW: [OPS-DIR] Reminder: OPS-DIR working lunch
>>>>>>>
>>>>>>> Ron,
>>>>>>>
>>>>>>> This looks more like an opsec (who are not meeting this
>>> time) or
>>>>>>> v6ops
>>>>>>> subject.
>>>>>>>
>>>>>>> Dan
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Tina TSOU [mailto:tena@huawei.com]
>>>>>>> Sent: Monday, July 27, 2009 12:02 AM
>>>>>>> To: Romascanu, Dan (Dan)
>>>>>>> Subject: Re: [OPS-DIR] Reminder: OPS-DIR working lunch
>>>>>>>
>>>>>>> Hi Dan,
>>>>>>> Could this be discussed at OPS-DIR working lunch?
>>>>>> <Recommendation of IPv6 Security work--on the flight-2.ppt>
>>>>>> <ATT4180184.txt>
>>>>>>
>>>
>>> _______________________________________________
>>> secdir mailing list
>>> secdir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/secdir
>>>
>>
>

v2.23.0 | Report a Bug | By Email