Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements
Samuel Weiler <weiler@watson.org> Sun, 19 September 2010 14:29 UTC
Return-Path: <weiler@watson.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E62FE3A692F; Sun, 19 Sep 2010 07:29:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.957
X-Spam-Level:
X-Spam-Status: No, score=-1.957 tagged_above=-999 required=5 tests=[AWL=0.642, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8fRwXqKvBNy; Sun, 19 Sep 2010 07:29:02 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by core3.amsl.com (Postfix) with ESMTP id 0983C3A68BF; Sun, 19 Sep 2010 07:29:01 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id o8JETM6d064115; Sun, 19 Sep 2010 10:29:23 -0400 (EDT) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id o8JETMmh064110; Sun, 19 Sep 2010 10:29:22 -0400 (EDT) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Sun, 19 Sep 2010 10:29:22 -0400
From: Samuel Weiler <weiler@watson.org>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350CF3916707@INBANSXCHMBSA1.in.alcatel-lucent.com>
Message-ID: <alpine.BSF.2.00.1009191023430.57378@fledge.watson.org>
References: <alpine.BSF.2.00.1009151357390.4814@fledge.watson.org> <7C362EEF9C7896468B36C9B79200D8350CF3916707@INBANSXCHMBSA1.in.alcatel-lucent.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Sun, 19 Sep 2010 10:29:23 -0400 (EDT)
Cc: "draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org" <draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Sep 2010 14:29:03 -0000
On Thu, 16 Sep 2010, Bhatia, Manav (Manav) wrote: >> In describing each routing protocol's authentication options, it >> would be helpful to say whether there's any in-band negotiation >> available. > > I am not sure I understand whats being meant by in-band negotiation > here? Many protocols negotiate which crypto algorithm (or even more generic security mechanism) to use. Those negotiations, if done poorly, can be subject to downgrade attacks. Given how common security negotiation is, it's worthwhile to point out whether or not each of these protocols do it or whether they depend entirely on static configuration of each endpoint. -- Sam
- [secdir] secdir review of draft-ietf-opsec-igp-cr… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Joel Jaeggli
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Bhatia, Manav (Manav)
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Bhatia, Manav (Manav)