Re: [Taps] Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)

Tommy Pauly <tpauly@apple.com> Mon, 13 April 2020 17:29 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39033A19E9; Mon, 13 Apr 2020 10:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.267
X-Spam-Level:
X-Spam-Status: No, score=-2.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flfxj9rjV29K; Mon, 13 Apr 2020 10:29:50 -0700 (PDT)
Received: from nwk-aaemail-lapp03.apple.com (nwk-aaemail-lapp03.apple.com [17.151.62.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1933A19E1; Mon, 13 Apr 2020 10:29:49 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id 03DHMEQZ050461; Mon, 13 Apr 2020 10:29:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=gRtVxsA2y+ZpoU6v6RANTSquFRqzwk4hgeY4012ZL34=; b=f4XxRjSmOm7M8YsDEhNwSmKcrQ2ZK0lJs/1YHzFiGfrC3eWNXLIj/ch0Xrd+cQAyxcnw 2UgsLAECXBDc3vZblRo5aTKZ4SEGt4kykgWrGLqgrzeCbW1pLDKAPeEQCW7OsksFPk+R 99lLILPxsdtTSXeQcuRmXBZYqrEZLFDjrP2E++JILov8e2tP8x9jdE1yNtw9mspX25LZ +wAwpB598mpSNP+etx2gps7Vmd7XgTqQuDiUwHAPDIicMPUJN9lf4NamGz8eWWSQW3dK aGIllk3D2Nt58A/2dLVcZdS1JnkP+KskQ1mZ5pd/KKAVmuGWOVWH5wj0u9YlEzPd5VjS Ew==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by nwk-aaemail-lapp03.apple.com with ESMTP id 30bx4h7def-8 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 13 Apr 2020 10:29:49 -0700
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPS id <0Q8Q00VD1LXNWUJ0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Mon, 13 Apr 2020 10:29:48 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) id <0Q8Q00U00LQ6VM00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Mon, 13 Apr 2020 10:29:48 -0700 (PDT)
X-Va-A:
X-Va-T-CD: fa628b2f79844893b71f4d5f3cd39427
X-Va-E-CD: 32c271aac45d61a3c4d314c2715fc097
X-Va-R-CD: 2eaad1679a8d30e9d7cb8bd89a817621
X-Va-CD: 0
X-Va-ID: 9b5e5949-b9f5-4432-bf6c-2f4fdb7e5d09
X-V-A:
X-V-T-CD: fa628b2f79844893b71f4d5f3cd39427
X-V-E-CD: 32c271aac45d61a3c4d314c2715fc097
X-V-R-CD: 2eaad1679a8d30e9d7cb8bd89a817621
X-V-CD: 0
X-V-ID: a6e17b6c-f50d-4ed8-9547-6ac050da9b76
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-13_08:2020-04-13, 2020-04-13 signatures=0
Received: from [17.234.69.124] (unknown [17.234.69.124]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPSA id <0Q8Q00O9SLXK1400@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Mon, 13 Apr 2020 10:29:48 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <393C5C22-17B4-49EC-A71A-B8C7140F0320@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_B0242775-78B5-46FC-805E-0253D181A132"
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.80.7.2.3\))
Date: Mon, 13 Apr 2020 10:29:44 -0700
In-reply-to: <HE1PR0702MB377238FD1F3C743AAAD9F01D95C10@HE1PR0702MB3772.eurprd07.prod.outlook.com>
Cc: "taps-chairs@ietf.org" <taps-chairs@ietf.org>, "draft-ietf-taps-transport-security@ietf.org" <draft-ietf-taps-transport-security@ietf.org>, "int-dir@ietf.org" <int-dir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "taps@ietf.org" <taps@ietf.org>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>
References: <158642650492.8627.16111048765603393250@ietfa.amsl.com> <33e2fe4c9f68ee3fea18ed7109f210ea9374e1d8.camel@ericsson.com> <894AC91E-8128-42F0-8E6B-1A66EF84CF43@cisco.com> <HE1PR0702MB37723EFD59A730E22EE3D8FF95C10@HE1PR0702MB3772.eurprd07.prod.outlook.com> <EA85FA19-A337-49E7-95C8-FC0D39ABA63E@cisco.com> <CALaySJLn4N13CdHhwg695_uBOm22FsX3WE_yuzQDeZP0HnB3cQ@mail.gmail.com> <CAJU8_nUy0ga6F--W6S9UK_V=WC18LrFRDtDpsk3heNdbdFsZqQ@mail.gmail.com> <HE1PR0702MB377238FD1F3C743AAAD9F01D95C10@HE1PR0702MB3772.eurprd07.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.80.7.2.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-13_08:2020-04-13, 2020-04-13 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/um7hQXvidGBNdAzqnkOWROCIinc>
Subject: Re: [Taps] Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2020 17:29:52 -0000


> On Apr 9, 2020, at 7:58 AM, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Hi,
>  
> Eric and I have discussed this and the proposal is a clarifying change to the initial statement in Section 3:
>  
> OLD:
>  
>    This section contains brief descriptions of the various security
>    protocols currently used to protect data being sent over a network.
>  
> NEW: 
>  
>    This section contains brief transport and security descriptions of the various security
>    protocols currently used to protect data being sent over a network.
>  
> The purpose of this change to clarify that these descriptions are only concerning relevant aspects of transport and security. 
>  
> Are the WG and authors ok with the above change? 

That change sounds fine to me, as an author. We’ll incorporate that in our update.

Best,
Tommy
>  
> Cheers
>  
> Magnus
>  
>  
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Kyle Rose
> Sent: den 9 april 2020 16:01
> To: Barry Leiba <barryleiba@computer.org>
> Cc: Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org>; brian@innovationslab.net; philipp@tiesel.net; Mohit Sethi M <mohit.m.sethi@ericsson.com>; taps-chairs@ietf.org; draft-ietf-taps-transport-security@ietf.org; int-dir@ietf.org; iesg@ietf.org; taps@ietf.org; Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>; caw@heapingbits.net
> Subject: Re: Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
>  
> Agreed. This document is not an endorsement of any of the protocols mentioned, merely an analysis from a security perspective. Mentioning IPv6 here would be a non-sequitur.
>  
>  
> On Thu, Apr 9, 2020 at 9:46 AM Barry Leiba <barryleiba@computer.org <mailto:barryleiba@computer.org>> wrote:
> I have to agree with Magnus here: I think this is really a stretch.
> 
> Barry
> 
> On Thu, Apr 9, 2020 at 9:40 AM Eric Vyncke (evyncke)
> <evyncke=40cisco.com@dmarc.ietf.org <mailto:40cisco.com@dmarc.ietf.org>> wrote:
> >
> > Magnus,
> >
> > While my comment is not directed to the core of the document, I believe that when one IETF document refers in the section 3, ' Transport Security Protocol Descriptions', to non-IETF protocols, then in order to avoid any 'IETF blessing' of this protocol, it should clearly state the important protocol limitations when describing this protocol.
> >
> > Regards
> >
> > -éric
> >
> > -----Original Message-----
> > From: iesg <iesg-bounces@ietf.org <mailto:iesg-bounces@ietf.org>> on behalf of Magnus Westerlund <magnus..westerlund=40ericsson.com@dmarc.ietf.org <mailto:40ericsson.com@dmarc.ietf.org>>
> > Date: Thursday, 9 April 2020 at 14:41
> > To: "evyncke=40cisco.com@dmarc.ietf.org <mailto:40cisco.com@dmarc.ietf.org>" <evyncke=40cisco.com@dmarc.ietf.org <mailto:40cisco.com@dmarc.ietf.org>>, "iesg@ietf.org <mailto:iesg@ietf.org>" <iesg@ietf.org <mailto:iesg@ietf.org>>
> > Cc: "brian@innovationslab.net <mailto:brian@innovationslab.net>" <brian@innovationslab.net <mailto:brian@innovationslab.net>>, "int-dir@ietf.org <mailto:int-dir@ietf.org>" <int-dir@ietf.org <mailto:int-dir@ietf.org>>, Mohit Sethi M <mohit.m.sethi@ericsson.com <mailto:mohit.m.sethi@ericsson.com>>, "taps-chairs@ietf.org <mailto:taps-chairs@ietf.org>" <taps-chairs@ietf.org <mailto:taps-chairs@ietf.org>>, "draft-ietf-taps-transport-security@ietf.org <mailto:draft-ietf-taps-transport-security@ietf.org>" <draft-ietf-taps-transport-security@ietf.org <mailto:draft-ietf-taps-transport-security@ietf.org>>, "philipp@tiesel.net <mailto:philipp@tiesel.net>" <philipp@tiesel.net <mailto:philipp@tiesel.net>>, "caw@heapingbits.net <mailto:caw@heapingbits.net>" <caw@heapingbits.net <mailto:caw@heapingbits.net>>, "taps@ietf.org <mailto:taps@ietf.org>" <taps@ietf.org <mailto:taps@ietf.org>>
> > Subject: RE: Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
> >
> >     >
> >     > A simple mention of the lack of IPv6 in section 3 of the description would
> >     > be
> >     > more than enough for me.
> >
> >     Yes, but why do you consider that relevant for this document?
> >
> >     Cheers
> >
> >     Magnus
> >
> >
> >
> >
> _______________________________________________
> Taps mailing list
> Taps@ietf.org <mailto:Taps@ietf.org>
> https://www.ietf.org/mailman/listinfo/taps <https://www.ietf.org/mailman/listinfo/taps>