Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
"Hollenbeck, Scott" <shollenbeck@verisign.com> Wed, 15 July 2009 17:28 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18C823A6BF8; Wed, 15 Jul 2009 10:28:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFs0EhKRXGnL; Wed, 15 Jul 2009 10:28:24 -0700 (PDT)
Received: from osprey.verisign.com (osprey.verisign.com [216.168.239.75]) by core3.amsl.com (Postfix) with ESMTP id CDA073A6F42; Wed, 15 Jul 2009 10:28:23 -0700 (PDT)
Received: from dul1wnexcn02.vcorp.ad.vrsn.com (dul1wnexcn02.vcorp.ad.vrsn.com [10.170.12.139]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id n6FG3XK6023851; Wed, 15 Jul 2009 12:03:33 -0400
Received: from dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) by dul1wnexcn02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 15 Jul 2009 12:15:47 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 15 Jul 2009 12:15:46 -0400
Message-ID: <046F43A8D79C794FA4733814869CDF0702B8DE40@dul1wnexmb01.vcorp.ad.vrsn.com>
In-Reply-To: <4A5DF9CA.9060304@isode.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
Thread-Index: AcoFY4LaqxB88+azRwS+MCNSUKZwRAAA2NJQ
References: <046F43A8D79C794FA4733814869CDF07025CD275@dul1wnexmb01.vcorp.ad.vrsn.com> <Pine.WNT.4.64.0907151127100.4872@SANDYM-LT.columbia.ads.sparta.com> <4A5DF9CA.9060304@isode.com>
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, Sandra Murphy <sandy@sparta.com>
X-OriginalArrivalTime: 15 Jul 2009 16:15:47.0269 (UTC) FILETIME=[8318C750:01CA0567]
Cc: iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 17:28:25 -0000
> -----Original Message----- > From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] > Sent: Wednesday, July 15, 2009 11:46 AM > To: Sandra Murphy > Cc: Hollenbeck, Scott; secdir@ietf.org; > catherine.meadows@nrl.navy.mil; iesg@ietf.org; Sandy Murphy > Subject: Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02 > > Sandra Murphy wrote: > > > On Tue, 14 Jul 2009, Hollenbeck, Scott wrote: > > > >> Doesn't TLS provide protections for this issue? > >> > >> -Scott- > > > > (a) rfc4930 does not mandate use of TLS as a tranport > connection, by > > design (so I don't know why you mention it): > > rfc4934 (binding to TLS over TCP) mandates use of TLS. > > > EPP is intended for use in diverse operating environments where > > transport and security requirements vary greatly. It is unlikely > > that a single transport or security specification will > meet the needs > > of all anticipated operators, so EPP was designed for use in a > > layered protocol environment. Bindings to specific transport and > > security protocols are outside the scope of this specification. As Alexey noted, I mentioned it because there's an EPP specification for transport over TLS. 4934bis is part of the document set that's being reviewed for progression to Standard status. That's why I'm having some trouble understanding if/how I should address the channel binding risk comments in 4930bis or one of the other documents. -Scott-
- [secdir] Secdir review of draft-hollenbeck-rfc493… Catherine Meadows
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Hollenbeck, Scott
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Catherine Meadows
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Hollenbeck, Scott
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Sandra Murphy
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Sandra Murphy
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Sandra Murphy
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Alexey Melnikov
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Hollenbeck, Scott
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Nicolas Williams
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Nicolas Williams
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Hollenbeck, Scott
- Re: [secdir] Secdir review of draft-hollenbeck-rf… Hollenbeck, Scott