Transcribed slides from TSIG plenary
Mark Christenson <mgc@pecan.cray.com> Mon, 28 September 1992 17:44 UTC
Received: from NRI.RESTON.VA.US by IETF.NRI.Reston.VA.US id aa15362; 28 Sep 92 13:44 EDT
Received: from wdl1.wdl.loral.com by NRI.Reston.VA.US id aa22135; 28 Sep 92 13:49 EDT
Received: by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA15066; Mon, 28 Sep 92 09:58:19 -0700
Received: from timbuk.cray.com by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA15060; Mon, 28 Sep 92 09:58:16 -0700
Received: from pecan.cray.com by cray.com (4.1/CRI-MX 2.2) id AA07490; Mon, 28 Sep 92 11:57:10 CDT
Received: from localhost by pecan.cray.com id AA04188; 4.1/CRI-5.6; Mon, 28 Sep 92 11:57:09 CDT
Message-Id: <9209281657.AA04188@pecan.cray.com>
To: tsig@wdl1.wdl.loral.com
Subject: Transcribed slides from TSIG plenary
Date: Mon, 28 Sep 1992 11:57:09 -0500
From: Mark Christenson <mgc@pecan.cray.com>
Sender: tsig-request@wdl1.wdl.loral.com
================================================================== >>> Submissions to the tsig list: tsig@wdl1.wdl.loral.com >>> Additions/deletions/questions: tsig-request@wdl1.wdl.loral.com >>> Archive Server: listserv@wdl1.wdl.loral.com ================================================================== Trusted Sessions Future work: Help other groups use TSESS Move existing applictions to TSESS (rsh, telnet, SNMP, ...) Application development guide? Understanding and disseminating privilege mapping. Token mapping service Multicast issues: token authentication TSIG security architecture framework TSESS MIBs - Admin input DNSIX 4.0 profile Instrementation Trusted Sessions and IETF: Trusted Sessions will not pursue becoming an IETF working group. Would like official TSIG registry location in which to place finalized documents. Interested in placing final documents into IETF as Prototype RFC's, but want to know the process before committing. Research Plan: Merge DNSIX 3.0 and CMDS with TREES to obtain DNSIX 4.0 DNSIX 4.0 Possibilities: From v2.1 we get: - Sensitivity labeling in the IP header - Session management - Audit formats v3.0 adds: - Token mapping - Attribute modulation - API v4.0 research topics: - XTI based API - System & user authentication - Privacy and/or integrity options on labels and data - Better label range controls - Broadcast/multicast support on tokens - Authenticated token resolution - CIPSO migration - MIB definitions Trusted Admin AITP/SMP Controversy -- Near Term * Offer AITP spec as a way to minimally address audit data transfer for a particular set of customers (the DODIIS community) * This would be a TSIG spec * Meets immediate needs Longer term - audit data transfer * SNMP2 seems to take care of shortcomings with SNMP for audit data transfer IETF TSADMIN Relationship: * TSADMIN - spin off working groups as issues become more focussed - Audit MIB(s) - Host MIB - USER MIB * TSADMIN - build & extend work that is already being done - 1003.6 POSIX Current Drafts for: - User context - auditing - Host MIB in RFC - ISO Docs 8824 (ASN.1) and 8825 - Simple Book and Open Book by Marshall Rose - RFC 1212 - Reference for a Concise MIB - RFC 1351 - SNMP Administrative Model - RFC 1352 - SNMP Security Protocols - RFC 1353 - Definitions for Managed Objects for SNMP - RFC 1155 - SNMP over TCP (obsoletes RFC 1065) Homework: * Posix 1003.6 - Wally Ramsey and Lee Benzinger * Host MIB - Jeff Edelheit * Simple Book - All * ASN.1 - Kent Landfield and Jeff Walker * Docs - Joe Thompson, Vern McGeorge, Jim Hurley, Lee Benzinger and ?? * MIB Compiler - Kent Landfield * Document AITP/SNMP2 concerns - Nina Lewis Issue: TSADMIN needs vendor participation Example: Privileges sets and semantics are different for different CMWs Request: Vendor documentation for system admin TFM docs Issue: TSADMIN needs customer participation DNSIX 3.0 updates Talk Next Time: Jeff Walker - "A Normalized Format for Audit Data" CIPSO 1. Interoperability test Cray, DEC, HP, SecureWare, SFI, AT&T Results: Fantastic! a. All systems communicated at minimum req. level 2. TSIG CIPSO has net its goals and no longer needs to meet a. standard process will continue with the "IETF" CIPSO working group b. we will publish a final spec by 12/1/92 as: - proposed std RFC - Prototype RFC - TSIG doc (if there is a registration facility) 3. vote on 2.2 -- passed (Now, as an) IETF CIPSO working group 1. implement IETF requirements to make proposed standard -- passed 2. meet DoD requests Moving level to header has no technical merit and thus we can not support this request. 9/0 3. IETF requirements for CIPSO a. better defined input/oupt handling rules b. require registration of DOI specific tag types - policy, format, handling procedures c. consider DoD needs d. work on MIB 4. DoD requirements for CIPSO a. move sensitivity level to CIPSO header b. Add a release marking tag type c. Add processing procedure for Input/Output of tags 1 - is it technically sound to move? no - 5, yes - 0 2 - will we implement it anyway? no - 5, yes - 0
- Transcribed slides from TSIG plenary Mark Christenson