Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
"tom.petch" <cfinss@dial.pipex.com> Fri, 08 May 2009 21:35 UTC
Return-Path: <cfinss@dial.pipex.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A14A03A6B1C; Fri, 8 May 2009 14:35:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[AWL=0.492, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GD8Patyglo3; Fri, 8 May 2009 14:35:42 -0700 (PDT)
Received: from mk-outboundfilter-1.mail.uk.tiscali.com (mk-outboundfilter-1.mail.uk.tiscali.com [212.74.114.37]) by core3.amsl.com (Postfix) with ESMTP id 819AA3A7151; Fri, 8 May 2009 14:35:32 -0700 (PDT)
X-Trace: 245559828/mk-outboundfilter-1.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.19.116/None/cfinss@dial.pipex.com
X-SBRS: None
X-RemoteIP: 62.188.19.116
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-SMTP-AUTH:
X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtYEABdDBEo+vBN0/2dsb2JhbACDKEyKYsIbB4N2BQ
X-IronPort-AV: E=Sophos;i="4.40,319,1238972400"; d="scan'208";a="245559828"
X-IP-Direction: IN
Received: from 1cust116.tnt2.lnd3.gbr.da.uu.net (HELO allison) ([62.188.19.116]) by smtp.pipex.tiscali.co.uk with SMTP; 08 May 2009 22:36:57 +0100
Message-ID: <002801c9d01c$ab134bc0$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: Barry Leiba <barryleiba@computer.org>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com> <200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu> <0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu> <06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com> <9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com> <007f01c9cffe$0aa68da0$0601a8c0@allison> <9abf48a60905081105t49201217o591687187c12dd84@mail.gmail.com>
Date: Fri, 08 May 2009 22:35:38 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailman-Approved-At: Mon, 11 May 2009 00:03:35 -0700
Cc: isms@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2009 21:35:43 -0000
----- Original Message ----- From: "Barry Leiba" <barryleiba@computer.org> To: "tom.petch" <cfinss@dial.pipex.com> Cc: <isms@ietf.org>; <secdir@ietf.org> Sent: Friday, May 08, 2009 8:05 PM (Top post only...) I get what you're saying, Tom, but I'm not sure where it's going. Are you saying that the text should be changed to allow *less* flexibility? That may be right, but then what text do you suggest instead? Barry I would like the idea of 'in conjunction with' to hint at the co-dependence of xSM and xTM eg "However, the Transport Security Model does not by itself provide security mechanisms such as authentication and encryption, so it MUST always be used in conjunction with a Transport Model that together with it provides appropriate security" Tom Petch Barry >> > That is a deployment decision made by an administrator who has an >> > understanding of what is appropriate to the system in question. >> > >> > What is the correct non-RFC2119 phrase in which to couch our >> > deployment advice? >> >> Well, this would make me happy; would it work for you (and others)?: >> >> OLD: >> by the RFC 3411 architecture. However, the Transport Security Model >> does not provide security mechanisms such as authentication and >> encryption itself, so it SHOULD always be used with a Transport Model >> that provides appropriate security. Which threats are addressed and >> how they are mitigated depends on the Transport Model. >> >> NEW: >> by the RFC 3411 architecture. However, the Transport Security Model >> does not provide security mechanisms such as authentication and >> encryption itself, so it MUST always be used with a Transport Model >> that provides appropriate security. What is "appropriate" for a particular >> deployment is an administrative decision. Which threats are addressed >> and how they are mitigated depends on the Transport Model. > > I have reservations about this, about the optimism that it may generate in > readers. > > The idea of Models in SNMP is to be able to mix and match. In practice, this > has not worked - USM with sshTM will not function, regardless of whether it is > secure or not. Do not underestimate the labour it has taken to get TSM working > with sshTM. > > If we have got TSM right, then it will work with eg TLSTM or DTLSTM, an idea > that is being mooted now. But it may not. In a similar vein, I am mindful that > ssh just hit problems with AES-GCM, that the architecture of ssh does not allow > for this new cryptography or that the discussions leading to TLS 1.2 of how to > introduce (or not) algorithm agility, just as SNMP has problems (and has given > up) trying to use USM with sshTM. > > Thus TLS has session cache and resumption. Will that work with TSM? I do not > know - and as it has taken the last two years to come up with an agreed form of > words that allows just TSM to work with just sshTM, so I am not going > to try and work out the ramifications of TLSTM just yet:-( We may find we got > TSM wrong and that it needs changing. > > Or we may have another secure Transport Model that turns out to be insecure with > TSM and needs an xSM to make it secure. The proposed amendment seems to me > rather optimistic. > > Tom Petch
- [secdir] secdir review of draft-ietf-isms-transpo… Barry Leiba
- Re: [secdir] secdir review ofdraft-ietf-isms-tran… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Jeffrey Hutzelman
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… David B Harrington
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Barry Leiba
- Re: [secdir] [Isms] secdirreview ofdraft-ietf-ism… Randy Presuhn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Glen Zorn
- Re: [secdir] [Isms] secdir review ofdraft-ietf-is… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdir review of draft-ietf-i… David B. Nelson
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Sam Hartman
- Re: [secdir] [Isms] secdir review of draft-ietf-i… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Barry Leiba
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… Juergen Schoenwaelder
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… David Harrington
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] [Isms] secdir reviewofdraft-ietf-ism… tom.petch
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] secdir reviewofdraft-ietf-isms-trans… Wes Hardaker
- Re: [secdir] [Isms] secdirreviewofdraft-ietf-isms… tom.petch