Re: [secdir] secdir review of draft-ietf-alto-protocol
"Dan Harkins" <dharkins@lounge.org> Mon, 03 February 2014 02:18 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B99F1A0155; Sun, 2 Feb 2014 18:18:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrNKMRAs090y; Sun, 2 Feb 2014 18:18:53 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 60A261A014F; Sun, 2 Feb 2014 18:18:53 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id E8F3A1022400A; Sun, 2 Feb 2014 18:18:48 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sun, 2 Feb 2014 18:18:49 -0800 (PST)
Message-ID: <da73c71ef15cf9aab5d0a7c37bda1522.squirrel@www.trepanning.net>
In-Reply-To: <1391369584.4360.72.camel@destiny.pc.cs.cmu.edu>
References: <23845_1391280851_s11IsAD0008772_cd3fb9f2748d08183af6652c0d58f61a.squirrel@www.trepanning.net> <1391369584.4360.72.camel@destiny.pc.cs.cmu.edu>
Date: Sun, 02 Feb 2014 18:18:49 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: iesg@ietf.org, draft-ietf-alto-protocol.all@tools.ietf.org, secdir@ietf.org, jhutz@cmu.edu
Subject: Re: [secdir] secdir review of draft-ietf-alto-protocol
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 02:18:54 -0000
On Sun, February 2, 2014 11:33 am, Jeffrey Hutzelman wrote: > On Sat, 2014-02-01 at 10:54 -0800, Dan Harkins wrote: >> - 8.3.5, encryption and integrity protection go hand-in-hand, >> they cannot be "and/or". > > Huh? That's not true. Confidentiality and integrity are separable, and > it is common to want one without the other. As it turns out, neither > TLS nor SSH generally gives you that option, but the and/or is about > which features you need, not what is practical. They may be separable but you don't want to separate them. You never want to do encryption without integrity protection. You can do integrity protection without encryption though and there are TLS ciphersuites to give you that-- TLS_RSA_WITH_NULL_SHA256-- but there are none that give you encryption without also giving you integrity protection. You can address the comment by swapping terms, i.e. say "integrity protection and/or encryption". Dan.
- [secdir] secdir review of draft-ietf-alto-protocol Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Jeffrey Hutzelman
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Y. Richard Yang
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins