Re: [secdir] Discussion from the Security Directorate
Richard Barnes <rbarnes@bbn.com> Wed, 29 July 2009 15:23 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B67FE3A6D46 for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 08:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.329
X-Spam-Level:
X-Spam-Status: No, score=-2.329 tagged_above=-999 required=5 tests=[AWL=-0.330, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8EC4UulMAVK for <secdir@core3.amsl.com>; Wed, 29 Jul 2009 08:23:21 -0700 (PDT)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 6F1563A6AA1 for <secdir@ietf.org>; Wed, 29 Jul 2009 08:23:21 -0700 (PDT)
Received: from [128.89.254.56] (helo=dhcp-14e6.meeting.ietf.org) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1MWA3r-0005vE-Eq; Wed, 29 Jul 2009 10:23:20 -0400
Message-ID: <4A706966.2090908@bbn.com>
Date: Wed, 29 Jul 2009 17:23:18 +0200
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: Fred Baker <fred@cisco.com>
References: <EDC652A26FB23C4EB6384A4584434A04018CF83B@307622ANEX5.global.avaya.com><B40EE4C2-93AE-45A3-89AA-8601BFC76346@huawei.com><633E561F-48D1-42DE-A310-9E77DB0A87F1@cisco.com><4A6D98AC.4060100@bogus.com> <5AECC74E-90A0-45DA-9D23-7DE64F3488CB@cisco.com> <04f701ca102f$3e6d2c90$7958404e@china.huawei.com> <4C4D74B8-10FA-458E-93E4-37EE48F9D386@cisco.com>
In-Reply-To: <4C4D74B8-10FA-458E-93E4-37EE48F9D386@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, Joe Abley <jabley@ca.afilias.info>, 6man-ads@tools.ietf.org, secdir@ietf.org, behave-ads@tools.ietf.org, Behave Chairs <behave-chairs@tools.ietf.org>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, Joel Jaeggli <joelja@bogus.com>, Softwire Chairs <softwire-chairs@tools.ietf.org>, v6ops-ads@tools.ietf.org, softwire-ads@tools.ietf.org, Tina TSOU <tena@huawei.com>
Subject: Re: [secdir] Discussion from the Security Directorate
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 15:23:22 -0000
I'll second Dave, I don't remember seeing this in a SECDIR context before Fred sent it around. Fred Baker wrote: > It was presented to the ops directorate as "from the security > directorate" on Monday, and shipped off to my working group. > > OK, Tina, over to you... > > On Jul 29, 2009, at 11:30 AM, David Harrington wrote: > >> Hi, >> >> I have a question. >> I am a member of the Security Directorate, and I do not remember any >> discussion leading to this powerpoint presentation or request. I may >> have missed a SECDIR session. I didn't find discussion of this >> powerpoint presentation in the secdir archives prior to this week. >> >> Is this a "Discussion from the Security Directorate"? If so, when was >> this discussed? Has the SECDIR reviewed this powerpoint slide deck and >> approved it being sent to working groups? >> >> David Harrington >> dbharrington@comcast.net >> ietfdbh@comcast.net >> dharrington@huawei.com >> >> >>> -----Original Message----- >>> From: secdir-bounces@ietf.org >>> [mailto:secdir-bounces@ietf.org] On Behalf Of Fred Baker >>> Sent: Tuesday, July 28, 2009 10:49 PM >>> To: Joel Jaeggli >>> Cc: 6man Chairs; 6man-ads@tools.ietf.org; secdir@ietf.org; >>> Kurt Erik Lindqvist; Joe Abley; Softwire Chairs; >>> v6ops-ads@tools.ietf.org; softwire-ads@tools.ietf.org; Tina >>> TSOU; behave-ads@tools.ietf.org; Behave Chairs >>> Subject: Re: [secdir] Discussion from the Security Directorate >>> >>> I'm not arguing against the request. I'm asking what it is >>> requesting, >>> as I have no idea... >>> >>> I think I know what a threat analysis is. >>> >>> What is a "security assessment" apart from a "threat assessment"? I >> >>> told v6ops (which does not develop transition technologies, by >>> charter, and therefore is the absolute wrong place to send >>> this) that >>> I thought it might mean an assessment of how we might mitigate the >>> threats. Absent any answers from the Security Directorate responsive >> >>> to the question, I have no idea whether I was correct. >>> >>> And what on God's Green Earth is a "function recommendation"? I have >> >>> no idea what you want. >>> >>> Nobody from the Security Directorate was there today to deliver the >> >>> message. If I were developing a threat assessment of that >>> protocol... >>> let's see: delivered to the wrong WG by someone who didn't know what >> >>> the message was supposed to be using slides he didn't understand and >> >>> the security directorate didn't take the time to explain... >>> >>> On Jul 27, 2009, at 2:08 PM, Joel Jaeggli wrote: >>> >>>> I'd probably tune the slides a bit still: >>>> >>>> Security problems show up in deployment and use, these cannot >> be >>>> thought out at all when designing the protocols >>>> >>>> Is an assertion you'll get pushback on. we have signficant >>> operational >>>> experience with variations on many of the proposed or deployed >>>> transition mechanisms. necessarily that experience informs both >> our >>>> current thinking and the desirability of any particular approach. >>>> >>>> bump in the wire type transition technologies certainly are an >> area >>>> potential concern for opsec >>>> >>>> Fred Baker wrote: >>>>> Thanks, Tina. I will add this to the IPv6 Operations >>> agenda, probably >>>>> during our second session Tuesday. >>>>> >>>>> You will note that I am copying the chairs and ADs from several >>>>> working >>>>> groups. The reason is that the primary thrust of the >>> comments you are >>>>> making apply to work being done in those working groups. Slide 5 >>>>> specifically requests a threat analysis, security assessment, and >>>>> "function recommendation" on each transition technology; >>> these are in >>>>> fact being done in behave and softwires. I mention 6man because >>>>> marketing blather from the IPv6 form makes security claims >>> for IPv6, >>>>> which it would be good if that working group clarified. >>>>> >>>>> I do have to ask specifically what the Security >>> Directorate hopes to >>>>> find in the three documents that have been requested for each of >> >>>>> these >>>>> various technologies. What, specifically, is a "function >>>>> recommendation"? A threat analysis is a statement that >>> there exist >>>>> a set >>>>> of possible threats. Is a security assessment a statement about >> how >>>>> those threats are responded to? What, if the WGs don't >>> produce it, is >>>>> going to leave the Security Directorate feeling ill-used? >>>>> >>>>> On Jul 27, 2009, at 12:56 PM, Tina TSOU wrote: >>>>> >>>>>> >>>>>> B. R. >>>>>> ">http://tinatsou.weebly.com/contact.html >>>>> >>>>>> Begin forwarded message: >>>>>> >>>>>>> From: "Romascanu, Dan (Dan)" <dromasca@avaya.com> >>>>>>> Date: July 27, 2009 7:52:20 AM GMT+02:00 >>>>>>> To: Ron Bonica <rbonica@juniper.net> >>>>>>> Cc: Tina TSOU <tena@huawei.com> >>>>>>> Subject: FW: [OPS-DIR] Reminder: OPS-DIR working lunch >>>>>>> >>>>>>> Ron, >>>>>>> >>>>>>> This looks more like an opsec (who are not meeting this >>> time) or >>>>>>> v6ops >>>>>>> subject. >>>>>>> >>>>>>> Dan >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tina TSOU [mailto:tena@huawei.com] >>>>>>> Sent: Monday, July 27, 2009 12:02 AM >>>>>>> To: Romascanu, Dan (Dan) >>>>>>> Subject: Re: [OPS-DIR] Reminder: OPS-DIR working lunch >>>>>>> >>>>>>> Hi Dan, >>>>>>> Could this be discussed at OPS-DIR working lunch? >>>>>> <Recommendation of IPv6 Security work--on the flight-2.ppt> >>>>>> <ATT4180184.txt> >>>>>> >>> >>> _______________________________________________ >>> secdir mailing list >>> secdir@ietf.org >>> https://www.ietf.org/mailman/listinfo/secdir >>> >> > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir >
- [secdir] Discussion from the Security Directorate Fred Baker
- Re: [secdir] Discussion from the Security Directo… Joel Jaeggli
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Joel Jaeggli
- Re: [secdir] Discussion from the Security Directo… David Harrington
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Richard Barnes
- Re: [secdir] Discussion from the Security Directo… Tina
- Re: [secdir] Discussion from the Security Directo… Jeffrey Hutzelman
- Re: [secdir] Discussion from the Security Directo… Tina TSOU
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Fred Baker
- Re: [secdir] Discussion from the Security Directo… Pasi.Eronen