Re: [secdir] secdir review of draft-ietf-mext-aero-reqs8
"Davis, Terry L" <terry.l.davis@boeing.com> Mon, 24 August 2009 17:51 UTC
Return-Path: <terry.l.davis@boeing.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B6B4B28C2E7; Mon, 24 Aug 2009 10:51:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.372
X-Spam-Level:
X-Spam-Status: No, score=-6.372 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3wPetRCfJbw; Mon, 24 Aug 2009 10:51:03 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id CE30A28C25E; Mon, 24 Aug 2009 10:51:03 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n7OHoLrT005446 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 24 Aug 2009 10:50:22 -0700 (PDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n7OHoL8E019582; Mon, 24 Aug 2009 12:50:21 -0500 (CDT)
Received: from XCH-NWHT-03.nw.nos.boeing.com (xch-nwht-03.nw.nos.boeing.com [130.247.71.23]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n7OHoKA0019574 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 24 Aug 2009 12:50:21 -0500 (CDT)
Received: from XCH-NW-CCR1V.nw.nos.boeing.com ([130.247.64.97]) by XCH-NWHT-03.nw.nos.boeing.com ([130.247.71.23]) with mapi; Mon, 24 Aug 2009 10:50:20 -0700
From: "Davis, Terry L" <terry.l.davis@boeing.com>
To: 'Sam Hartman' <hartmans-ietf@mit.edu>
Date: Mon, 24 Aug 2009 10:50:19 -0700
Thread-Topic: secdir review of draft-ietf-mext-aero-reqs8
Thread-Index: AcoiyZBrlebgcXKATSa/6F5jh6ClcgCEwtUg
Message-ID: <2557049CDBC35B4EBD79CFACFEC045841CCF7497@XCH-NW-CCR1V.nw.nos.boeing.com>
References: <tsl8whdqw9y.fsf@mit.edu><2557049CDBC35B4EBD79CFACFEC045841CCF748F@XCH-NW-CCR1V.nw.nos.boeing.com> <tsl4os0lj6v.fsf@mit.edu>
In-Reply-To: <tsl4os0lj6v.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "mext-chairs@tools.ietf.org" <mext-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-mext-aero-reqs@tools.ietf.org" <draft-ietf-mext-aero-reqs@tools.ietf.org>, "weddy@grc.nasa.gov" <weddy@grc.nasa.gov>, "'Ivancic, William D. (GRC-RHN0)'" <william.d.ivancic@nasa.gov>
Subject: Re: [secdir] secdir review of draft-ietf-mext-aero-reqs8
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2009 17:51:04 -0000
Sam My point was: - With the current extreme level of effort required to obtain interoperability between different vendors' implementations of the various IP security protocols, I don't see we can implement the security recommendations in the draft in our continuously changing communication's environment. Take care Terry > -----Original Message----- > From: Sam Hartman [mailto:hartmans-ietf@mit.edu] > Sent: Friday, August 21, 2009 6:41 PM > To: Davis, Terry L > Cc: 'Sam Hartman'; secdir@ietf.org; iesg@ietf.org; 'Ivancic, William D. > (GRC-RHN0)'; weddy@grc.nasa.gov; mext-chairs@tools.ietf.org; draft-ietf- > mext-aero-reqs@tools.ietf.org > Subject: Re: secdir review of draft-ietf-mext-aero-reqs8 > > >>>>> "Davis," == Davis, Terry L <terry.l.davis@boeing.com> writes: > > Davis,> Sam One of the items that continues to seriously concern > Davis,> me across the whole IP protocol RFC set is the basic lack > Davis,> of simple vendor-to-vendor IP security interoperability! > Davis,> All of NEMO and MEXT assumes that simple, easy to > Davis,> implement, IPSec, PKI, and IKE interoperability exist; > Davis,> they do NOT. > > With you so far. > > Davis,> In aviation we do not have the luxury that Enterprise or > Davis,> Entity organizations have in being able to deploy "single > Davis,> vendor" solutions! In the aviation space, if someone made > Davis,> one, aviation will have it somewhere in our infrastructure > Davis,> and we need to interoperate with it as our aircraft > Davis,> operate in a truly heterogeneous global space. An > Davis,> aircraft in flight will usually 1 to 4 open communications > Davis,> links and these will be continuously changing as we hand > Davis,> off between communication providers and "Navigation > Davis,> Service Providers" who utilize entirely different vendors > Davis,> and PKIs. > > I think the rest of the world is much more similar to this than you > believe. > > Davis,> Nor can we have a "single PKI" global solution; > Davis,> nation/state laws preclude this in many cases as they > Davis,> reasonably require credentials that they control for > Davis,> authentication in their territory and bridge assurances, > Davis,> although fine for business level relationships, may > Davis,> reasonably not meet nation/state requirements for > Davis,> operations within their nation. > > Davis,> I continue to state that the lack of easy to use/configure > Davis,> vendor interoperability parameters for our basic IP > Davis,> security protocol associations is a major failure in of > Davis,> Internet architectures. It cannot require a senior > Davis,> network engineer, a senior PKI analyst, and dozens of > Davis,> Wireshark traces to establish a secure link! Entry level > Davis,> engineers/analysts and techs need to be able to perform > Davis,> this function as we do with basic network (DHCP) > Davis,> connectivity. We need a "dynamic security association > Davis,> protocol" like DHCP for industries like aviation (and most > Davis,> the CI sectors too!). > > Davis,> To me, this lack of a simple, easy to use, > Davis,> interoperability security association configuration is one > Davis,> of our most pressing issues in our efforts to establish > Davis,> "cyber space security" regardless of what CI sector we are > Davis,> looking at. > > I think I'm in general agreement with you. However I don't see how > any of this applies to my comments--unless possibly you are saying > that the draft needs to be expanded with additional security > requirements.
- [secdir] secdir review of draft-ietf-mext-aero-re… Sam Hartman
- Re: [secdir] secdir review of draft-ietf-mext-aer… Sam Hartman
- Re: [secdir] secdir review of draft-ietf-mext-aer… Davis, Terry L
- Re: [secdir] secdir review of draft-ietf-mext-aer… Jari Arkko
- Re: [secdir] secdir review of draft-ietf-mext-aer… Sam Hartman
- Re: [secdir] secdir review of draft-ietf-mext-aer… Davis, Terry L
- Re: [secdir] secdir review of draft-ietf-mext-aer… Stephen Kent
- Re: [secdir] secdir review of draft-ietf-mext-aer… Davis, Terry L