Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms-transport-security-model-12
"David Harrington" <ietfdbh@comcast.net> Fri, 08 May 2009 22:22 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF0BD3A6CDC for <secdir@core3.amsl.com>; Fri, 8 May 2009 15:22:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.214
X-Spam-Level:
X-Spam-Status: No, score=-2.214 tagged_above=-999 required=5 tests=[AWL=-0.215, BAYES_00=-2.599, J_CHICKENPOX_35=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8CLAUfHFKEE for <secdir@core3.amsl.com>; Fri, 8 May 2009 15:22:39 -0700 (PDT)
Received: from QMTA06.westchester.pa.mail.comcast.net (qmta06.westchester.pa.mail.comcast.net [76.96.62.56]) by core3.amsl.com (Postfix) with ESMTP id 4BF3F3A67FD for <secdir@ietf.org>; Fri, 8 May 2009 15:22:39 -0700 (PDT)
Received: from OMTA05.westchester.pa.mail.comcast.net ([76.96.62.43]) by QMTA06.westchester.pa.mail.comcast.net with comcast id p3UR1b00G0vyq2s56APuSG; Fri, 08 May 2009 22:23:54 +0000
Received: from Harrington73653 ([24.147.240.21]) by OMTA05.westchester.pa.mail.comcast.net with comcast id pAQ61b00A0UQ6dC3RAQ6Lt; Fri, 08 May 2009 22:24:06 +0000
From: David Harrington <ietfdbh@comcast.net>
To: "'tom.petch'" <cfinss@dial.pipex.com>, 'Barry Leiba' <barryleiba@computer.org>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com><200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu><0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu><06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com><9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com><007f01c9cffe$0aa68da0$0601a8c0@allison><9abf48a60905081105t49201217o591687187c12dd84@mail.gmail.com> <002801c9d01c$ab134bc0$0601a8c0@allison>
Date: Fri, 08 May 2009 18:24:05 -0400
Message-ID: <096c01c9d02b$b29db1a0$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcnQJUeTxtK0lG2NTU6SeHB0hlUu0QABPnpQ
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <002801c9d01c$ab134bc0$0601a8c0@allison>
Cc: isms@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2009 22:22:39 -0000
Hi, transport-security-model-14 says, in the discussion of threats,: " The Transport Security Model is compatible with the RFC3411 architecture, and provides protection against the threats identified by the RFC 3411 architecture. However, the Transport Security Model does not provide security mechanisms such as authentication and encryption itself. Which threats are addressed and how they are mitigated depends on the Transport Model used. To avoid creating potential security vulnerabilities, operators should configure their system so this Security Model is always used with a Transport Model that provides appropriate security, where "appropriate" for a particular deployment is an administrative decision." Whether SSHTM is appropriate in the network being managed is an administrative decision, so we do not cite it specifically at this point. and, under Coexistence with Transport Models, it says: " To have SNMP properly utilize the security services coordinated by the Transport Security Model, this Security Model MUST only be used with Transport Models that know how to process a tmStateReference, such as the Secure Shell Transport Model [I-D.ietf-isms-secshell]." David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com > -----Original Message----- > From: isms-bounces@ietf.org [mailto:isms-bounces@ietf.org] On > Behalf Of tom.petch > Sent: Friday, May 08, 2009 4:36 PM > To: Barry Leiba > Cc: isms@ietf.org; secdir@ietf.org > Subject: Re: [Isms] [secdir] > secdirreviewofdraft-ietf-isms-transport-security-model-12 > > ----- Original Message ----- > From: "Barry Leiba" <barryleiba@computer.org> > To: "tom.petch" <cfinss@dial.pipex.com> > Cc: <isms@ietf.org>; <secdir@ietf.org> > Sent: Friday, May 08, 2009 8:05 PM > > (Top post only...) > I get what you're saying, Tom, but I'm not sure where it's going. Are > you saying that the text should be changed to allow *less* > flexibility? That may be right, but then what text do you suggest > instead? > > Barry > > I would like the idea of 'in conjunction with' to hint at the > co-dependence of > xSM and xTM eg > > "However, the Transport Security Model > does not by itself provide security mechanisms such as > authentication and > encryption, so it MUST always be used in conjunction with a > Transport Model that > together with it provides appropriate security" > > Tom Petch > > Barry > > >> > That is a deployment decision made by an administrator who has an > >> > understanding of what is appropriate to the system in question. > >> > > >> > What is the correct non-RFC2119 phrase in which to couch our > >> > deployment advice? > >> > >> Well, this would make me happy; would it work for you (and > others)?: > >> > >> OLD: > >> by the RFC 3411 architecture. However, the Transport Security Model > >> does not provide security mechanisms such as authentication and > >> encryption itself, so it SHOULD always be used with a > Transport Model > >> that provides appropriate security. Which threats are addressed and > >> how they are mitigated depends on the Transport Model. > >> > >> NEW: > >> by the RFC 3411 architecture. However, the Transport Security Model > >> does not provide security mechanisms such as authentication and > >> encryption itself, so it MUST always be used with a Transport Model > >> that provides appropriate security. What is "appropriate" > for a particular > >> deployment is an administrative decision. Which threats > are addressed > >> and how they are mitigated depends on the Transport Model. > > > > I have reservations about this, about the optimism that it > may generate in > > readers. > > > > The idea of Models in SNMP is to be able to mix and match. > In practice, this > > has not worked - USM with sshTM will not function, > regardless of whether it is > > secure or not. Do not underestimate the labour it has taken > to get TSM working > > with sshTM. > > > > If we have got TSM right, then it will work with eg TLSTM > or DTLSTM, an idea > > that is being mooted now. But it may not. In a similar > vein, I am mindful that > > ssh just hit problems with AES-GCM, that the architecture > of ssh does not > allow > > for this new cryptography or that the discussions leading > to TLS 1.2 of how to > > introduce (or not) algorithm agility, just as SNMP has > problems (and has given > > up) trying to use USM with sshTM. > > > > Thus TLS has session cache and resumption. Will that work > with TSM? I do not > > know - and as it has taken the last two years to come up > with an agreed form > of > > words that allows just TSM to work with just sshTM, so I am > not going > > to try and work out the ramifications of TLSTM just yet:-( > We may find we got > > TSM wrong and that it needs changing. > > > > Or we may have another secure Transport Model that turns > out to be insecure > with > > TSM and needs an xSM to make it secure. The proposed > amendment seems to me > > rather optimistic. > > > > Tom Petch > > _______________________________________________ > Isms mailing list > Isms@ietf.org > https://www.ietf.org/mailman/listinfo/isms >
- [secdir] secdir review of draft-ietf-isms-transpo… Barry Leiba
- Re: [secdir] secdir review ofdraft-ietf-isms-tran… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Barry Leiba
- Re: [secdir] [Isms] secdirreview ofdraft-ietf-ism… Randy Presuhn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Glen Zorn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdir review of draft-ietf-i… David B. Nelson
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Sam Hartman
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… tom.petch