Re: [tcmtf] Other potential specific uses of TCM-TF
"Jose Saldana" <jsaldana@unizar.es> Mon, 24 June 2013 07:44 UTC
Return-Path: <jsaldana@unizar.es>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id F25A021E80CA for <tcmtf@ietfa.amsl.com>;
Mon, 24 Jun 2013 00:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.36
X-Spam-Level:
X-Spam-Status: No, score=-6.36 tagged_above=-999 required=5 tests=[AWL=-0.062,
BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3,
RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PU4LmwkOWZ9D for
<tcmtf@ietfa.amsl.com>; Mon, 24 Jun 2013 00:44:26 -0700 (PDT)
Received: from huecha.unizar.es (huecha.unizar.es [155.210.1.51]) by
ietfa.amsl.com (Postfix) with ESMTP id B73D521F9D7D for <tcmtf@ietf.org>;
Mon, 24 Jun 2013 00:44:22 -0700 (PDT)
Received: from usuarioPC (gtc1pc12.cps.unizar.es [155.210.158.17]) by
huecha.unizar.es (8.13.8/8.13.8/Debian-3) with ESMTP id r5O7iFFR007033;
Mon, 24 Jun 2013 09:44:15 +0200
From: "Jose Saldana" <jsaldana@unizar.es>
To: "'Diego R. Lopez'" <diego@tid.es>,
"=?iso-8859-1?Q?'Juli=E1n_Fern=E1ndez-Navajas'?=" <navajas@unizar.es>
References: <002801ce6cf9$500feac0$f02fc040$@unizar.es> <E6D8B95470ED0845B3376F61DCAB1A049CCE874D@EX10-MB2-MAD.hi.inet> <005501ce6cfc$eb6e5d00$c24b1700$@unizar.es> <51C2B780.5000302@unizar.es>
<E6D8B95470ED0845B3376F61DCAB1A049CCEE78E@EX10-MB2-MAD.hi.inet>
In-Reply-To: <E6D8B95470ED0845B3376F61DCAB1A049CCEE78E@EX10-MB2-MAD.hi.inet>
Date: Mon, 24 Jun 2013 09:44:17 +0200
Organization: Universidad de Zaragoza
Message-ID: <00bc01ce70ae$a35d6370$ea182a50$@unizar.es>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00BD_01CE70BF.66E63370"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGRblH9Zk4V+XD8Q7oln4gH4yvd3wHAKZFaAiNmO5QCxDuZPwISYHSBmXiuoXA=
Content-Language: es
X-Mail-Scanned: Criba 2.0 + Clamd & Bogofilter
Cc: tcmtf@ietf.org
Subject: Re: [tcmtf] Other potential specific uses of TCM-TF
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: jsaldana@unizar.es
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion
list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>,
<mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>,
<mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 07:44:35 -0000
Regarding security, we have identified at least one scenario with security issues: - We have N flows which are traveling through a dangerous network segment (e.g. the public Internet). - Instead of adding security to each flow (e.g. using IPSec for each flow), can we multiplex them and use a single security tunnel instead of N security tunnels. - It would save bandwidth, since it would avoid N-1 additional security headers. 1 2 ---->TCM-ingress ------> non secure network segment ----------> TCM-egress ----> flows rebuilt to their native forms N The questions are: Does this scenario exist? i.e. a number of flows traveling through a dangerous network segment. (perhaps a tunnel between appliances connecting remote offices of a company) Would this be valid for IPSec in tunnel mode? I would avoid N-1 tunnel headers. Would this be valid for IPSec in transport mode? I would avoid N-1 times the Authentication header or the Encapsulation Security Header. Which would be the best way for adding security to TCM?. Perhaps IPSec added to the tunneling header would be the most straightforward solution. Jose De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En nombre de Diego R. Lopez Enviado el: domingo, 23 de junio de 2013 17:39 Para: Julián Fernández-Navajas CC: <tcmtf@ietf.org> Asunto: Re: [tcmtf] Other potential specific uses of TCM-TF Hi Julian, I definitely think you have a point here. We can consider different security contexts for different tunnels, according to some policy agreed by both end-points at a given tunnel. The security contexts would define encryption, authentication, or both. We'd have to go into more detail to evaluate potential savings, but I have the feeling they could be worth considering. The point is that if we go for these different security contexts, we must consider how they can be established by mutual authentication of the tunnel end-points, and this opens additional issues regarding configuration and crypto material exchange, as well as the possibility of user-initiated authentication by means of protocols like OAuth. I'd keep this in the list of the "soon-to-open" issues, focusing on the three main docs we have been discussing so far. Be goode, On 20 Jun 2013, at 10:04 , Julián Fernández-Navajas wrote: Hi all, I like to add a potencial new idea which could be addressed by re-chartering. What about the security on the tunnel?. It is possible to add security to TCMTF because it is inherent in the tunnels. And not only consider encryption, but also the digital signature which represents much loss of efficiency in the case of small packages. Someone have more knowledge about this issue? Julián El 19/06/2013 16:54, Jose Saldana escribió: which could be addressed by re-chartering _______________________________________________ tcmtf mailing list tcmtf@ietf.org https://www.ietf.org/mailman/listinfo/tcmtf -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- _____ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx
- [tcmtf] Other potential specific uses of TCM-TF Jose Saldana
- Re: [tcmtf] Other potential specific uses of TCM-… Diego R. Lopez
- Re: [tcmtf] Other potential specific uses of TCM-… Jose Saldana
- Re: [tcmtf] Other potential specific uses of TCM-… Julián Fernández-Navajas
- [tcmtf] TCMTF BOF approved for IETF-87 in Berlon Martin Stiemerling
- Re: [tcmtf] TCMTF BOF approved for IETF-87 in Ber… Jose Saldana
- Re: [tcmtf] Other potential specific uses of TCM-… Diego R. Lopez
- Re: [tcmtf] Other potential specific uses of TCM-… Jose Saldana