Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?

RJ Atkinson <rja@extremenetworks.com> Mon, 28 January 2008 13:52 UTC

From: RJ Atkinson <rja@extremenetworks.com>
To: Lars Eggert <lars.eggert@nokia.com>
In-Reply-To: <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com>
Subject: Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
References: <47974BDB.70406@ericsson.com> <CD8D57B6-EB94-4DCE-A42A-02BC5F573A13@nokia.com> <7A1BB0E8-5EFB-4341-918A-F841DB1B57FF@cisco.com> <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com>
Message-Id: <8AA98C84-639F-4AF0-AECC-582098981156@extremenetworks.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v915)
Date: Mon, 28 Jan 2008 08:52:03 -0500
Cc: Randall Atkinson <rja@extremenetworks.com>, ext Magnus Westerlund <magnus.westerlund@ericsson.com>, Brian Weis <bew@cisco.com>, tsvwg list IETF <tsvwg@ietf.org>
Precedence: list
Errors-To: tsvwg-bounces@ietf.org

On  28 Jan 2008, at 05:26, Lars Eggert wrote:
> For which current work item in TSVWG would group keying be useful,  
> or rather, required? A need for a new solution needs to come from an  
> application that requires group keying. As far as I know, no such  
> application is being worked on in TSVWG.

Group keying for RSVP is needed for EVERY existing and planned
deployment of RSVP.  Deploying RSVP without authentication is
operationally extremely risky and vulnerable -- and always has been.

So I'd say that *every* application needs it.

> So this argues for extracting the repeated argument into an
> individual draft, so it can be referenced instead of needing
> to be duplicated. But it does not motivate the need for a new
> solution.

I would prefer that the IETF not play Ostrich (a desert bird
that when attacked sticks its head under the sand rather
than fleeing the attacker).  Simply documenting that any use
of RSVP is a huge security risk seems insufficient when
practical approaches to reducing that risk appear to exist.

RSVP is completely insecure at present.  We do NOT have any
solution for key management of RSVP.  Now, we do have an
opportunity here to significantly reduce the security risks
of using RSVP by enabling a first practical approach to RSVP
key management to be created.

That alone ought to be plenty of motivation.

Yours,

Ran
rja@extremenetworks.com

[Tsvwg] Adopting draft-behringer-tsvwg-rsvp-secur… Magnus Westerlund
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… hannes.tschofenig
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… ken carlberg
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund