RE: [TLS] Please discuss: draft-housley-evidence-extns-00 (resend)
"Kemp, David P." <DPKemp@missi.ncsc.mil> Thu, 21 December 2006 19:08 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxTH7-0005wX-T3; Thu, 21 Dec 2006 14:08:17 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxTH6-0005wK-I9 for tls@ietf.org; Thu, 21 Dec 2006 14:08:16 -0500
Received: from stingray.missi.ncsc.mil ([144.51.50.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxTH4-0006wV-IX for tls@ietf.org; Thu, 21 Dec 2006 14:08:16 -0500
Received: from Cerberus.missi.ncsc.mil (cerberus.missi.ncsc.mil [144.51.51.8]) by stingray.missi.ncsc.mil with SMTP id kBLJ890d018285 for <tls@ietf.org>; Thu, 21 Dec 2006 14:08:10 -0500 (EST)
Received: from 144.51.60.34 by Cerberus.missi.ncsc.mil (InterScan VirusWall 6); Thu, 21 Dec 2006 14:08:16 -0500
Received: from EXCH.missi.ncsc.mil ([144.51.60.19]) by gto.missi.ncsc.mil with Microsoft SMTPSVC(5.0.2195.6713); Thu, 21 Dec 2006 14:08:16 -0500
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPartTM-000-eb140c65-9c9b-426c-9056-f90607080543"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 (resend)
Date: Thu, 21 Dec 2006 14:08:15 -0500
Message-ID: <FA998122A677CF4390C1E291BFCF5989063FF5FE@EXCH.missi.ncsc.mil>
In-Reply-To: <BAY103-W1A6E26ECEF2603E51C0AE92CE0@phx.gbl>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Please discuss: draft-housley-evidence-extns-00 (resend)
Thread-Index: AcclH+b/dwiACRgFTxumJ0qUzghXFwAA4seg
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: tls@ietf.org
X-OriginalArrivalTime: 21 Dec 2006 19:08:16.0041 (UTC) FILETIME=[5E625190:01C72533]
X-TM-AS-Product-Ver: : ISVW-6.0.0.1396-3.6.0.1039-14888000
X-TM-AS-Result: : Yes--25.466500-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : 147015-150567-700167-709069-700190-701651-710283-701384-701110-703643-701238-701102-711293-703103-121530-703212-702776-702819-704015-121371-710087-711520-710946-710363-700754-700677-702527-121600-706740-701883-700835-710251-700793-704790-710058-701710-701002-711789-710083-701034-708075-702858-711238-710015-701527-710072-704213-700188-700151-702033-700679-700317-188019-139621-139006-703887-139010-187067-703674-139704-702403-700874-702911-111604-188119-701424-700962-708502-700028-700003-702405-703358-188118-710300-702621-705627-188114-188038-701709-700062-709981-700432-701378-702768-701617-701692-707907-700799-700041-702601-190642-190642-190642-190642-190642-148050-20024-20040
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e9d8c60d9288f2c774f26bab15869505
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Be that as it may, the question in my mind remains: why? The first three times I read the SBIR proposal and its references to "a router that can securely enable granular cross-domain messaging" I interpreted "router" in its IETF sense - a layer 3 device that routes IP packets. But such a device would have no access to information protected at layer 3 (IPSec), layer 4 (TLS), or above, and thus would provide no motivation for TLS Authorizations within data plane (RSS producer to RSS consumer) sessions. The abstract also does not appear to discuss management plane (management station to router) traffic, so the only possibility left is control plane (router to router) traffic for which the routers act as TLS endpoints. But a combined IP router / RSS proxy-cross-domain-guard makes about as much sense as a combined IP router / message transfer agent (MTA) for SMTP, so it becomes apparent that the "router" is not a layer 3 device, it must be an application-layer process that routes RSS messages, and thus does not control the flow of IP packets to effect TNI-style network partitioning. Before accepting the SBIR proposal as justification for a new TLS work item (which may well be justified for different reasons), it would be helpful to understand what a MILS platform with TLS Evidence brings to the table that couldn't be more easily accomplished using the same MILS platform with unmodified TLS: passing RSS summaries signed with CMS or xml-dsig through a standard TLS or TCP-only data stream. Dave _____ From: Peter Williams [mailto:home_pw@msn.com] Marc's research is, in Peter's analysis, founded on NCSC Red Book doctrine ... <...> -----Original Message----- From: Mark Brown [mailto:mark@redphonesecurity.com] > I am working on a router project > that uses TLS Evidence and Authorizations at the TLS level only: > > http://www.navysbir.com/06_1/215.htm
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Ari Medvinsky
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.