IETF Logo Mail Archive

Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12

"David Harrington" <ietfdbh@comcast.net> Sat, 09 May 2009 16:30 UTC

Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74C043A6E67 for <secdir@core3.amsl.com>; Sat, 9 May 2009 09:30:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.211
X-Spam-Level:
X-Spam-Status: No, score=-2.211 tagged_above=-999 required=5 tests=[AWL=-0.212, BAYES_00=-2.599, J_CHICKENPOX_35=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id poZ-pnx875pT for <secdir@core3.amsl.com>; Sat, 9 May 2009 09:30:11 -0700 (PDT)
Received: from QMTA04.westchester.pa.mail.comcast.net (qmta04.westchester.pa.mail.comcast.net [76.96.62.40]) by core3.amsl.com (Postfix) with ESMTP id 3B3C63A6E50 for <secdir@ietf.org>; Sat, 9 May 2009 09:30:10 -0700 (PDT)
Received: from OMTA10.westchester.pa.mail.comcast.net ([76.96.62.28]) by QMTA04.westchester.pa.mail.comcast.net with comcast id pPRE1b0040cZkys54UXgAk; Sat, 09 May 2009 16:31:40 +0000
Received: from Harrington73653 ([24.147.240.21]) by OMTA10.westchester.pa.mail.comcast.net with comcast id pUXf1b00n0UQ6dC3WUXgVo; Sat, 09 May 2009 16:31:40 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Wes Hardaker' <wjhns1@hardakers.net>, "'tom.petch'" <cfinss@dial.pipex.com>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com><200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu><0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu><06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com><9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com><007f01c9cffe$0aa68da0$0601a8c0@allison><20090508214346.GB28541@elstar.local> <sdy6t6pepy.fsf@wes.hardakers.net>
Date: Sat, 09 May 2009 12:31:38 -0400
Message-ID: <098001c9d0c3$a119ea00$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcnQrS0FO4T3PJQ/S7+R9hOXeJvNcQAFTx9g
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <sdy6t6pepy.fsf@wes.hardakers.net>
Cc: 'Barry Leiba' <barryleiba@computer.org>, isms@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2009 16:30:12 -0000

Hi,

I agree we didn't use the word "MUST" in this text, but we do not seem
to allow any alternative approach:

"then [...] discard the message and return
       the error indication in the statusInformation." 

For compliance to this model, this is a required step.
Where we do NOT specify a MUST is in the **architecture** document,
because other models might choose to do something other than discard
the message.

Wes, are you suggestiong we should rwwrite all the elements of
procedure to use MUST every place where there is a definite step to be
followed? Would this be clearer?

>    1.  If tmStateReference does not refer to a cache containing
values
>        for tmTransportDomain, tmTransportAddress, tmSecurityName,
>        tmRequestedSecurityLevel, and tmSameSecurity, then the
implementation MUST 
> increment the
>        sshtmSessionInvalidCaches counter, MUST discard the message 
> and MUST return
>        the error indication in the statusInformation.  Processing of
>        this message MUST stop.

is that what you want to see?

dbh

> -----Original Message-----
> From: isms-bounces@ietf.org [mailto:isms-bounces@ietf.org] On 
> Behalf Of Wes Hardaker
> Sent: Saturday, May 09, 2009 9:51 AM
> To: tom.petch
> Cc: Barry Leiba; isms@ietf.org; secdir@ietf.org
> Subject: Re: [Isms] [secdir]secdir 
> reviewofdraft-ietf-isms-transport-security-model-12
> 
> >>>>> On Fri, 8 May 2009 23:43:46 +0200, Juergen 
> Schoenwaelder <j.schoenwaelder@jacobs-university.de> said:
> 
> >> The idea of Models in SNMP is to be able to mix and match.  In
> >> practice, this has not worked - USM with sshTM will not function,
> >> regardless of whether it is secure or not.
> 
> JS> Not sure I understand why. Can you explain?
> 
> The way it's worded right now in the SSH document is that 
> there must be
> a tmStateReference for outgoing messages or the SSHTM will drop the
> message:
> 
>    1.  If tmStateReference does not refer to a cache containing
values
>        for tmTransportDomain, tmTransportAddress, tmSecurityName,
>        tmRequestedSecurityLevel, and tmSameSecurity, then 
> increment the
>        sshtmSessionInvalidCaches counter, discard the message 
> and return
>        the error indication in the statusInformation.  Processing of
>        this message stops.
> 
> USM won't generate a tmStateReference so it can't be used as an
> upper-level security protocol.  This was discussed (I'm 
> fairly certain)
> on the list at some point and it was decided this was ok as doing
> something to try and recover at that point would really be 
> adding words
> and complexity for a situation that didn't really need to be 
> supported.
> 
> [that being said, note that there isn't a MUST drop it in the text]
> -- 
> Wes Hardaker
> Cobham Analytic Solutions
> _______________________________________________
> Isms mailing list
> Isms@ietf.org
> https://www.ietf.org/mailman/listinfo/isms
>

v2.31.3 | Report a Bug | By Email | System Status