[secdir] draft-ietf-tsvwg-rsvp-security-groupkeying-05
Stephen Kent <kent@bbn.com> Sat, 19 December 2009 02:23 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD48B28C11C for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 18:23:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I21v2uOX2i3M for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 18:23:35 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id D53FE3A659A for <secdir@ietf.org>; Fri, 18 Dec 2009 18:23:34 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.1.3]) by smtp.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1NLoyT-0002rX-A3 for secdir@ietf.org; Fri, 18 Dec 2009 21:23:19 -0500
Mime-Version: 1.0
Message-Id: <p06240803c751e90f6344@[192.168.1.3]>
In-Reply-To: <alpine.BSF.2.00.0912181810060.73148@fledge.watson.org>
References: <alpine.BSF.2.00.0912181810060.73148@fledge.watson.org>
Date: Fri, 18 Dec 2009 21:23:14 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/mixed; boundary="============_-950933100==_============"
Subject: [secdir] draft-ietf-tsvwg-rsvp-security-groupkeying-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2009 02:23:36 -0000
This is the message I sent to the WG chairs o 11/30, in response to this special request. Steve ------ Folks, As per your request I reviewed the subject document. It has a LOT of problems: - the authors are inconsistent in their use of terms in various places in the document (e.g., trust zone, trust domain, trust group) - the authors do not clearly define what they mean by static, manual, or dynamic keying. they then make general assertions about the costs of various keying methods without providing any analysis to support their assertions. - the authors are clearly big proponents of group keying, and so they sweep under the rug all the details of what one has to do to authenticate group members to a group key server and what the server needs to do to distribute keys to the group members. there may be good arguments for why group keying is preferable to alternatives, but this document does not make that case - the authors assert that tunnel mode ESP is unsuitable for use with RSVP due to a MITM vulnerability, but the argument they present is flawed. - the authors assert that using the group keying mechanisms in RFC 3547 solves the problems of using IPsec with RSVP, which contradicts statements elsewhere about problems with IPsec protocols and RSVP. - the authors argue that Section 3.1 of RFC 5374 describes how to use tunnel mode in a way that fixes problems otherwise present with AH or ESP, but the argument is suspect. The cited section talks about a new version of tunnel mode for use by secruity gateways when sending traffic on multicast SAs, but there is not reason why routers using RSVP should be viewed as secruity gateways with respect to RSVP traffic. - overall, the document is very poorly organized. it rambles and makes arguments in one section that appear to contradict analyses in other sections. I have attached an edited version of the document with suggested edits and lots of comments. Steve
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] SECDIR review: draft-ietf-dnsext-dnssec-… Kurt Zeilenga
- [secdir] Assignments Samuel Weiler
- Re: [secdir] SECDIR review: draft-ietf-dnsext-dns… Andrew Sullivan
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments (fwd) Samuel Weiler
- [secdir] Null Prefix attack Stefan Santesson
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] draft-ietf-tsvwg-rsvp-security-groupkeyi… Stephen Kent
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Jeffrey Hutzelman
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Polk, William T.
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Alexey Melnikov
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Recheck on draft-ietf-netconf-4741bis-09… Tina Tsou
- Re: [secdir] Recheck on draft-ietf-netconf-4741bi… Andy Bierman
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] secdir review of draft-ietf-v6ops-6to4-t… Tina Tsou
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Ondřej Surý
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Leif Johansson
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Jeffrey Hutzelman
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Sam Hartman
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- Re: [secdir] Assignments Richard L. Barnes
- Re: [secdir] Assignments Alexey Melnikov
- [secdir] Assignments Samuel Weiler
- [secdir] Assignments Samuel Weiler
- [secdir] review of draft-ietf-httpbis-p7-auth-20 Stephen Kent
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Leif Johansson
- Re: [secdir] Assignments Paul Hoffman
- Re: [secdir] Assignments Leif Johansson
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Ben Laurie
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Stephen Farrell
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Ben Laurie
- Re: [secdir] Assignments Derek Atkins
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Stephen Farrell
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Moriarty, Kathleen
- Re: [secdir] rtg area wiki v. sec area Stephen Farrell
- Re: [secdir] rtg area wiki v. sec area Klaas Wierenga (kwiereng)
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] SECDIR review of draft-ietf-jose-json-we… Stephen Kent
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Stephen Farrell
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- Re: [secdir] Assignments Chris Inacio
- Re: [secdir] Assignments Moriarty, Kathleen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen
- [secdir] Assignments Tero Kivinen