Re: Re: Re: [ssm] another last call for draft-ietf-ssm-arch - ending 3/24
Hugh Holbrook <holbrook@cisco.com> Tue, 11 March 2003 06:54 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29287 for <ssm-archive@odin.ietf.org>; Tue, 11 Mar 2003 01:54:03 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2B77OU29116 for ssm-archive@odin.ietf.org; Tue, 11 Mar 2003 02:07:24 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B77OO29105 for <ssm-web-archive@optimus.ietf.org>; Tue, 11 Mar 2003 02:07:24 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29251 for <ssm-web-archive@ietf.org>; Tue, 11 Mar 2003 01:53:32 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B76uO28258; Tue, 11 Mar 2003 02:06:56 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B75lO27200 for <ssm@optimus.ietf.org>; Tue, 11 Mar 2003 02:05:47 -0500
Received: from sj-core-5.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29234 for <ssm@ietf.org>; Tue, 11 Mar 2003 01:51:55 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn2-31.cisco.com [10.21.112.31]) by sj-core-5.cisco.com (8.12.6/8.12.6) with ESMTP id h2B6s1hs013691; Mon, 10 Mar 2003 22:54:02 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id AFB8210B7A7; Mon, 10 Mar 2003 22:49:38 -0800 (PST)
From: Hugh Holbrook <holbrook@cisco.com>
To: Pekka Savola <pekkas@netcore.fi>
Cc: Hugh Holbrook <holbrook@cisco.com>, ssm@ietf.org, bkhabs@nc.rr.com
In-reply-to: <Pine.LNX.4.44.0303071051090.24210-100000@netcore.fi>
Subject: Re: Re: Re: [ssm] another last call for draft-ietf-ssm-arch - ending 3/24
Reply-To: holbrook@cisco.com
Message-Id: <20030311064938.AFB8210B7A7@holbrook-laptop.cisco.com>
Date: Mon, 10 Mar 2003 22:49:38 -0800
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
> Date: Sat, 8 Mar 2003 16:32:13 +0200 (EET) > From: Pekka Savola <pekkas@netcore.fi> > Cc: ssm@ietf.org, <bkhabs@nc.rr.com> > > > > ==> should one mention again the fact that IPv4 admin scoping is to be done > > > differently for SSM if it is requested? > > > > Sure, we could more or less repeat the text from 4.3 again in the > > Security Considerations, although part of why I didn't mention it > > there is that the Security Considerations section of RFC 2365 (The > > admin-scoping RFC) is very clear that they administrative scoping > > should not be used as a security measure. (Although I think in > > practice people use it that way often enough.) So I'm having a hard > > time figuring out what the message should be on this point. > > > > Perhaps something to the effect of: > > > > Admin-Scoping is not a security measure, but in > > case you are using it as one anyway, remember that SSM doesn't > > have an admin-scoped range. > > > > (obviously not this exact text.) If you have some specific ideas for > > text, that would help. > > Yeah, it is used too much as a rough security mechanism, so I think some > text is would be good. What you say above looks quite good, perhaps like: > > Administrative scoping should not relied upon as a security measure > [ADMIN-SCOPE]; however, in many cases it is at least a part of security > solutions. It should be noted that no administrative scoping exists for > IPv4 source-specific multicast. An alternative approach is to configure > manual access-lists to create such scoping if necessary. This text looks pretty good to me. I will add it to the Security Considerations section, barring any objects. -Hugh _______________________________________________ ssm mailing list ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] another last call for draft-ietf-ssm-arch -… Hugh Holbrook
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook
- Re: Re: [ssm] another last call for draft-ietf-ss… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: Re: Re: [ssm] another last call for draft-iet… Hugh Holbrook
- [ssm] what to say about scoping for v6 [was ...la… Hugh Holbrook
- [ssm] permanent ipv6 ssm addresses [was ...last c… Hugh Holbrook
- Re: [ssm] permanent ipv6 ssm addresses [was ...la… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] permanent ipv6 ssm addresses [was .… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: [ssm] what to say about scoping for v6 Hitoshi Asaeda
- Re: Re: Re: [ssm] what to say about scoping for v… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 Pekka Savola
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook