Re: [Spud] Declarations: Authentication and encryption
"Joe Hildebrand (jhildebr)" <jhildebr@cisco.com> Mon, 09 March 2015 19:35 UTC
Return-Path: <jhildebr@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB09B1A90B4 for <spud@ietfa.amsl.com>; Mon, 9 Mar 2015 12:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQJ7lHgYuwgr for <spud@ietfa.amsl.com>; Mon, 9 Mar 2015 12:35:36 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 001611A8AAA for <spud@ietf.org>; Mon, 9 Mar 2015 12:35:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1804; q=dns/txt; s=iport; t=1425929735; x=1427139335; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=6gvrFUmopdA/aSuMfiolJyXUJETkcqM6POgCMmd2zBc=; b=Pfoduy8QOg+c3pHsgD6nqlZBd1BqgBwnBnxbt2F3MOB8k6i/q7lG2aDz /cQ/SlDk3Gez2+cKelmhEIlluOgzguDzYUuvAebQov6/zAo8fxbEThm+Z QroVfjIWrJ5Bl8SBrBFZl/ifL7Twf/5RegWhMeAsGjC7X7FtHblDSwcLH g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADDQBI9f1U/5FdJa1TCYMGgSwEgwa9L4gmHoEPTQEBAQEBAXyEEAIEIxE+GQEIGgImAgQwFRIEARKIL6ZFm0IBAQEBAQEEAQEBAQEBAQEBARiBIYl2hBMoPoJkL4EWBZAPiVOTdCODbm+BRH8BAQE
X-IronPort-AV: E=Sophos;i="5.11,369,1422921600"; d="scan'208";a="130276165"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-1.cisco.com with ESMTP; 09 Mar 2015 19:35:35 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id t29JZZkX009585 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Mar 2015 19:35:35 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.156]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.03.0195.001; Mon, 9 Mar 2015 14:35:35 -0500
From: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
To: Szilveszter Nadas <Szilveszter.Nadas@ericsson.com>, "spud@ietf.org" <spud@ietf.org>
Thread-Topic: [Spud] Declarations: Authentication and encryption
Thread-Index: AQHQWqA2V9QWJmy3s0SAx6WfN0EAWA==
Date: Mon, 09 Mar 2015 19:35:34 +0000
Message-ID: <9AD8B373-E033-4421-A06D-15C0589EE5F4@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/15.8.0.150225
x-originating-ip: [10.129.24.156]
Content-Type: text/plain; charset="utf-8"
Content-ID: <AF697CD2199EA449AECEB00C7EDE8191@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/lzawfUlaUhfPCkTHJGHAgrhZZXw>
Subject: Re: [Spud] Declarations: Authentication and encryption
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 19:35:38 -0000
On 3/5/15, 9:55 AM, "Szilveszter Nadas" <Szilveszter.Nadas@ericsson.com> wrote: >Hi, > >I am aware that security is not the main scope at the moment, but still I am interested about opinions about this. > >The principle of declarations is to “trust but verify”. I think still authentication can help this trust quite much. If the two points communicating have some relationship or history and have a proof about their identity a more “brave” > trust can be the default behavior. Verification of declarations can still happen. Also authentication can be verified by the middlebox, even after choosing appropriate actions based on the content of the declarations so not delaying the flow and deceisons. > >The other thing is that I see the privacy of both endhosts and of middleboxes important. Middleboxes might not want to allow others (e.g. other middleboxes) to collect data about their answers as these are partly consequences of business > decisions. Endpoints might have similar concerns. Encryption can easily solve this. > > >In summary what do you think about authentication and encryption of declarations? I imagine endpoints negotiating their own transport layers and security contexts with midpoints, using the token mechanism as a sub-address. -- Joe Hildebrand
- [Spud] Declarations: Authentication and encryption Szilveszter Nadas
- Re: [Spud] Declarations: Authentication and encry… Tirumaleswar Reddy (tireddy)
- Re: [Spud] Declarations: Authentication and encry… Joe Hildebrand (jhildebr)