Re: [siesta] Another Siesta approach
"Diego R. Lopez" <diego@tid.es> Wed, 04 December 2013 15:45 UTC
Return-Path: <diego@tid.es>
X-Original-To: siesta@ietfa.amsl.com
Delivered-To: siesta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A83C1AE2AF for <siesta@ietfa.amsl.com>; Wed, 4 Dec 2013 07:45:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAfjTBEcyTHK for <siesta@ietfa.amsl.com>; Wed, 4 Dec 2013 07:45:47 -0800 (PST)
Received: from tidos.tid.es (tidos.tid.es [195.235.93.44]) by ietfa.amsl.com (Postfix) with ESMTP id DA5681AE2A8 for <siesta@ietf.org>; Wed, 4 Dec 2013 07:45:45 -0800 (PST)
Received: from sbrightmailg01.hi.inet (sbrightmailg01.hi.inet [10.95.64.104]) by tid.hi.inet (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0MXA00529H40ZE@tid.hi.inet> for siesta@ietf.org; Wed, 04 Dec 2013 16:45:41 +0100 (MET)
Received: from dequeue_removeroute (tid.hi.inet [10.95.64.10]) by sbrightmailg01.hi.inet (Symantec Messaging Gateway) with SMTP id 43.14.03314.52E4F925; Wed, 04 Dec 2013 16:45:41 +0100 (CET)
Received: from correo.tid.es (mailhost.hi.inet [10.95.64.100]) by tid.hi.inet (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0MXA0053RH45XU@tid.hi.inet> for siesta@ietf.org; Wed, 04 Dec 2013 16:45:41 +0100 (MET)
Received: from EX10-MB1-MAD.hi.inet ([169.254.1.16]) by EX10-HTCAS8-MAD.hi.inet ([fe80::41c8:e965:8a6:de67%11]) with mapi id 14.03.0158.001; Wed, 04 Dec 2013 16:45:41 +0100
Date: Wed, 04 Dec 2013 15:45:40 +0000
From: "Diego R. Lopez" <diego@tid.es>
In-reply-to: <529F1000.5040006@labs.htt-consult.com>
X-Originating-IP: [10.95.64.115]
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-id: <015B9D83-7BDF-43AD-B4AE-0B40EBBEBE8F@tid.es>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_HeW6hVcx/tYSXXT8qTxMKg)"
Content-language: en-US
Accept-Language: en-US, es-ES
Thread-topic: [siesta] Another Siesta approach
Thread-index: AQHO8OLv1B/YaqYqH0S/svN0GgfO9ppEHToA
X-AuditID: 0a5f4068-b7fe58e000000cf2-cd-529f4e251529
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEIsWRmVeSWpSXmKPExsXCFe/ApavqNz/I4P1JSYup8w+xOzB6LFny kymAMYrLJiU1J7MstUjfLoErY/YL+4JLaRWbFjxibGB8E9bFyMkhIWAiMal9BQuELSZx4d56 ti5GLg4hgQOMEttfbmCBcH4wSnT1/WCEcDYwSvzadR+shUVAVaJ5w3Mwmw3IftT8mx3EFhbQ lTh66w0jiM0JtKLtxBVGiBUKEn/OPQarFxHQl9j9eDobiM0soCnRdPsiWC+vgKXE0seNzBC2 oMSPyfdYIGqiJX6cWM4KYYtLNLfeBIszCshKvJs/nxVipp7E8e0foGwjiS3H9rND7BWQWLLn PDOELSrx8vE/sBohAWOJfW/usE1gFJuFZN0sJOtmIVkHYetJ3Jg6hQ3C1pZYtvA1M4StKzHj 3yGoGjOJW1fWMSGrWcDIsYpRrDipKDM9oyQ3MTMn3cBQLyNTLzMvtWQTIyQeM3YwLt+pcohR gINRiYc3gXNekBBrYllxZe4hRgkOZiUR3l1284OEeFMSK6tSi/Lji0pzUosPMTJxcEo1MOqx f83qDy2yWPXDU29W9vcI2y3NGsrmN/k/ftnxKulEYbHu3Nawuxvi7fWP74j929fkX9hW8nfF rW1lrHtKZU/uZJmm/7qopszA6+K/wvLMXQe6fhlffvxOt7iWv/yt1yrVV5tNPhjpJEU+sCzh 5VX/LTDjt1tWo0Tkcrm25unfVsv8qE56r8RSnJFoqMVcVJwIAAM+kQWlAgAA
References: <529F1000.5040006@labs.htt-consult.com>
Cc: "<siesta@ietf.org>" <siesta@ietf.org>
Subject: Re: [siesta] Another Siesta approach
X-BeenThere: siesta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "SessIon layEr SecuriTy Approach discussion list." <siesta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siesta>, <mailto:siesta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/siesta/>
List-Post: <mailto:siesta@ietf.org>
List-Help: <mailto:siesta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siesta>, <mailto:siesta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 15:45:51 -0000
I'm not that sure this, being essentially a work oriented towards best-practices in TLS, would impact the ideas around SIESTA, with two probable exceptions. First, the possibility of relying on TLS as KMP (as described in RFC XXX with a potential application of DANE) Second, as a possibility to delimitate use cases well suited for TLS versus those use cases in which session-based security provides an advantage, like I think SDN and NFV are for example... Be goode, On 4 Dec 2013, at 12:20 , Robert Moskowitz wrote: I saw this come through on the SAAG list, so it is appropriate to bring it up here and see how well it fits the problem statement and goals I have attempted to articulate: ========================================= On 11/25/2013 09:27 AM, Stephen Farrell wrote: FYI, please note this proposed new APPS area WG. We'll need to try get a bunch of security folks involved in that so please consider spending a few cycles to help out with the work. I'd say discussion of that charter would be best done on apps-discuss@ietf.org<mailto:apps-discuss@ietf.org> since its proposed as an APPS area WG and the apps-discuss list is probably where there's the best concentration of relevant expertise, so please direct any substantive discussion there. Thanks, S. -------- Original Message -------- Subject: WG Review: Using TLS in Applications (uta) Date: Fri, 22 Nov 2013 09:35:54 -0800 From: The IESG <iesg-secretary@ietf.org><mailto:iesg-secretary@ietf.org> Reply-To: ietf@ietf.org<mailto:ietf@ietf.org> To: IETF-Announce <ietf-announce@ietf.org><mailto:ietf-announce@ietf.org> A new IETF working group has been proposed in the Applications Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg at ietf.org<http://ietf.org>) by 2013-12-02. Using TLS in Applications (uta) ------------------------------------------------ Current Status: Proposed WG Assigned Area Director: Barry Leiba <barryleiba@computer.org><mailto:barryleiba@computer.org> Charter: There is a renewed and urgent interest in the IETF to increase the security of transmissions over the Internet. Many application protocols have defined methods for using TLS to authenticate the server (and sometimes the client), and to encrypt the connection between the client and server. However, there is a diversity of definitions and requirements, and that diversity has caused confusion for application developers and also has led to lack of interoperability or lack of deployment. Implementers and deployers are faced with multiple security issues in real-world usage of TLS, which currently does not preclude insecure ciphers and modes of operation. This WG has the following tasks: - Update the definitions for using TLS over a set of representative application protocols. This includes communication with proxies, between servers, and between peers, where appropriate, in addition to client/server communication. - Specify a set of best practices for TLS clients and servers, including but not limited to recommended versions of TLS, using forward secrecy, and one or more ciphersuites and extensions that are mandatory to implement. - Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved. - Create a document that helps application protocol developers use TLS in future application definitions. The initial set of representative application protocols is SMTP, POP, IMAP, XMPP, and HTTP 1.1. It is expected that other protocols that use TLS might later be updated using the guidelines from this WG, and that those updates will happen through other WGs or through individual submissions. The WG will make the fewest changes needed to achieve good interoperable security for the applications using TLS. No changes to TLS itself will be made in this WG, and the WG will ensure that changes to current versions of popular TLS libaries will not be required to conform to the WG's specifications. This WG will collaborate with other IETF WGs, in particular with the TLS and DANE WGs. Milestones: _______________________________________________ siesta mailing list siesta@ietf.org<mailto:siesta@ietf.org> https://www.ietf.org/mailman/listinfo/siesta -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx
- [siesta] Another Siesta approach Robert Moskowitz
- Re: [siesta] Another Siesta approach Diego R. Lopez