Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
RJ Atkinson <rja@extremenetworks.com> Mon, 28 January 2008 13:52 UTC
Return-path: <tsvwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJUPA-0001tu-3Y; Mon, 28 Jan 2008 08:52:08 -0500
Received: from tsvwg by megatron.ietf.org with local (Exim 4.43) id 1JJUP8-0001tl-Ci for tsvwg-confirm+ok@megatron.ietf.org; Mon, 28 Jan 2008 08:52:06 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJUP8-0001td-1d for tsvwg@ietf.org; Mon, 28 Jan 2008 08:52:06 -0500
Received: from eastrmmtao104.cox.net ([68.230.240.46]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JJUP7-0004Jy-Jj for tsvwg@ietf.org; Mon, 28 Jan 2008 08:52:05 -0500
Received: from eastrmimpo03.cox.net ([68.1.16.126]) by eastrmmtao104.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20080128135205.NPAK23675.eastrmmtao104.cox.net@eastrmimpo03.cox.net>; Mon, 28 Jan 2008 08:52:05 -0500
Received: from [10.30.20.71] ([68.10.117.240]) by eastrmimpo03.cox.net with bizsmtp id idal1Y0075BGrj00000000; Mon, 28 Jan 2008 08:34:45 -0500
From: RJ Atkinson <rja@extremenetworks.com>
To: Lars Eggert <lars.eggert@nokia.com>
In-Reply-To: <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com>
Subject: Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
References: <47974BDB.70406@ericsson.com> <CD8D57B6-EB94-4DCE-A42A-02BC5F573A13@nokia.com> <7A1BB0E8-5EFB-4341-918A-F841DB1B57FF@cisco.com> <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com>
Message-Id: <8AA98C84-639F-4AF0-AECC-582098981156@extremenetworks.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v915)
Date: Mon, 28 Jan 2008 08:52:03 -0500
X-Mailer: Apple Mail (2.915)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: Randall Atkinson <rja@extremenetworks.com>, ext Magnus Westerlund <magnus.westerlund@ericsson.com>, Brian Weis <bew@cisco.com>, tsvwg list IETF <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org
On 28 Jan 2008, at 05:26, Lars Eggert wrote: > For which current work item in TSVWG would group keying be useful, > or rather, required? A need for a new solution needs to come from an > application that requires group keying. As far as I know, no such > application is being worked on in TSVWG. Group keying for RSVP is needed for EVERY existing and planned deployment of RSVP. Deploying RSVP without authentication is operationally extremely risky and vulnerable -- and always has been. So I'd say that *every* application needs it. > So this argues for extracting the repeated argument into an > individual draft, so it can be referenced instead of needing > to be duplicated. But it does not motivate the need for a new > solution. I would prefer that the IETF not play Ostrich (a desert bird that when attacked sticks its head under the sand rather than fleeing the attacker). Simply documenting that any use of RSVP is a huge security risk seems insufficient when practical approaches to reducing that risk appear to exist. RSVP is completely insecure at present. We do NOT have any solution for key management of RSVP. Now, we do have an opportunity here to significantly reduce the security risks of using RSVP by enabling a first practical approach to RSVP key management to be created. That alone ought to be plenty of motivation. Yours, Ran rja@extremenetworks.com
- [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-secur… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… hannes.tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… ken carlberg
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund