Re: [secdir] Discussion from the Security Directorate
"David Harrington" <ietfdbh@comcast.net> Wed, 29 July 2009 09:30 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 949943A6F03 for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 02:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m3IYiofWA-o9 for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 02:30:47 -0700 (PDT)
Received: from QMTA13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [76.96.27.243]) by core3.amsl.com (Postfix) with ESMTP id 7875F3A6E8C for <secdir@ietf.org>; Wed, 29 Jul 2009 02:30:47 -0700 (PDT)
Received: from OMTA06.emeryville.ca.mail.comcast.net ([76.96.30.51]) by QMTA13.emeryville.ca.mail.comcast.net with comcast id MlWH1c00116AWCUADlWqdv; Wed, 29 Jul 2009 09:30:50 +0000
Received: from Harrington73653 ([130.129.18.98]) by OMTA06.emeryville.ca.mail.comcast.net with comcast id MlWC1c00226xVzW8SlWFXp; Wed, 29 Jul 2009 09:30:47 +0000
From: David Harrington <ietfdbh@comcast.net>
To: secdir@ietf.org
References: <EDC652A26FB23C4EB6384A4584434A04018CF83B@307622ANEX5.global.avaya.com><B40EE4C2-93AE-45A3-89AA-8601BFC76346@huawei.com><633E561F-48D1-42DE-A310-9E77DB0A87F1@cisco.com><4A6D98AC.4060100@bogus.com> <5AECC74E-90A0-45DA-9D23-7DE64F3488CB@cisco.com>
Date: Wed, 29 Jul 2009 11:30:07 +0200
Message-ID: <04f701ca102f$3e6d2c90$7958404e@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcoPxOmPdY3vZikXSGCbROfMvDRktAAZz99w
In-Reply-To: <5AECC74E-90A0-45DA-9D23-7DE64F3488CB@cisco.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Cc: '6man Chairs' <6man-chairs@tools.ietf.org>, 'Joel Jaeggli' <joelja@bogus.com>, 6man-ads@tools.ietf.org, 'Fred Baker' <fred@cisco.com>, 'Behave Chairs' <behave-chairs@tools.ietf.org>, 'Kurt Erik Lindqvist' <kurtis@kurtis.pp.se>, 'Joe Abley' <jabley@ca.afilias.info>, 'Softwire Chairs' <softwire-chairs@tools.ietf.org>, v6ops-ads@tools.ietf.org, softwire-ads@tools.ietf.org, behave-ads@tools.ietf.org, 'Tina TSOU' <tena@huawei.com>
Subject: Re: [secdir] Discussion from the Security Directorate
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 09:30:48 -0000
Hi, I have a question. I am a member of the Security Directorate, and I do not remember any discussion leading to this powerpoint presentation or request. I may have missed a SECDIR session. I didn't find discussion of this powerpoint presentation in the secdir archives prior to this week. Is this a "Discussion from the Security Directorate"? If so, when was this discussed? Has the SECDIR reviewed this powerpoint slide deck and approved it being sent to working groups? David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com > -----Original Message----- > From: secdir-bounces@ietf.org > [mailto:secdir-bounces@ietf.org] On Behalf Of Fred Baker > Sent: Tuesday, July 28, 2009 10:49 PM > To: Joel Jaeggli > Cc: 6man Chairs; 6man-ads@tools.ietf.org; secdir@ietf.org; > Kurt Erik Lindqvist; Joe Abley; Softwire Chairs; > v6ops-ads@tools.ietf.org; softwire-ads@tools.ietf.org; Tina > TSOU; behave-ads@tools.ietf.org; Behave Chairs > Subject: Re: [secdir] Discussion from the Security Directorate > > I'm not arguing against the request. I'm asking what it is > requesting, > as I have no idea... > > I think I know what a threat analysis is. > > What is a "security assessment" apart from a "threat assessment"? I > told v6ops (which does not develop transition technologies, by > charter, and therefore is the absolute wrong place to send > this) that > I thought it might mean an assessment of how we might mitigate the > threats. Absent any answers from the Security Directorate responsive > to the question, I have no idea whether I was correct. > > And what on God's Green Earth is a "function recommendation"? I have > no idea what you want. > > Nobody from the Security Directorate was there today to deliver the > message. If I were developing a threat assessment of that > protocol... > let's see: delivered to the wrong WG by someone who didn't know what > the message was supposed to be using slides he didn't understand and > the security directorate didn't take the time to explain... > > On Jul 27, 2009, at 2:08 PM, Joel Jaeggli wrote: > > > I'd probably tune the slides a bit still: > > > > Security problems show up in deployment and use, these cannot be > > thought out at all when designing the protocols > > > > Is an assertion you'll get pushback on. we have signficant > operational > > experience with variations on many of the proposed or deployed > > transition mechanisms. necessarily that experience informs both our > > current thinking and the desirability of any particular approach. > > > > bump in the wire type transition technologies certainly are an area > > potential concern for opsec > > > > Fred Baker wrote: > >> Thanks, Tina. I will add this to the IPv6 Operations > agenda, probably > >> during our second session Tuesday. > >> > >> You will note that I am copying the chairs and ADs from several > >> working > >> groups. The reason is that the primary thrust of the > comments you are > >> making apply to work being done in those working groups. Slide 5 > >> specifically requests a threat analysis, security assessment, and > >> "function recommendation" on each transition technology; > these are in > >> fact being done in behave and softwires. I mention 6man because > >> marketing blather from the IPv6 form makes security claims > for IPv6, > >> which it would be good if that working group clarified. > >> > >> I do have to ask specifically what the Security > Directorate hopes to > >> find in the three documents that have been requested for each of > >> these > >> various technologies. What, specifically, is a "function > >> recommendation"? A threat analysis is a statement that > there exist > >> a set > >> of possible threats. Is a security assessment a statement about how > >> those threats are responded to? What, if the WGs don't > produce it, is > >> going to leave the Security Directorate feeling ill-used? > >> > >> On Jul 27, 2009, at 12:56 PM, Tina TSOU wrote: > >> > >>> > >>> B. R. > >>> ">http://tinatsou.weebly.com/contact.html > >> > >>> Begin forwarded message: > >>> > >>>> From: "Romascanu, Dan (Dan)" <dromasca@avaya.com> > >>>> Date: July 27, 2009 7:52:20 AM GMT+02:00 > >>>> To: Ron Bonica <rbonica@juniper.net> > >>>> Cc: Tina TSOU <tena@huawei.com> > >>>> Subject: FW: [OPS-DIR] Reminder: OPS-DIR working lunch > >>>> > >>>> Ron, > >>>> > >>>> This looks more like an opsec (who are not meeting this > time) or > >>>> v6ops > >>>> subject. > >>>> > >>>> Dan > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: Tina TSOU [mailto:tena@huawei.com] > >>>> Sent: Monday, July 27, 2009 12:02 AM > >>>> To: Romascanu, Dan (Dan) > >>>> Subject: Re: [OPS-DIR] Reminder: OPS-DIR working lunch > >>>> > >>>> Hi Dan, > >>>> Could this be discussed at OPS-DIR working lunch? > >>> <Recommendation of IPv6 Security work--on the flight-2.ppt> > >>> <ATT4180184.txt> > >>> > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir >
- [secdir] Discussion from the Security Directorate Fred Baker
- Re: [secdir] Discussion from the Security Directo… Joel Jaeggli
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Joel Jaeggli
- Re: [secdir] Discussion from the Security Directo… David Harrington
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Richard Barnes
- Re: [secdir] Discussion from the Security Directo… Tina
- Re: [secdir] Discussion from the Security Directo… Jeffrey Hutzelman
- Re: [secdir] Discussion from the Security Directo… Tina TSOU
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Pasi.Eronen