Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Wed, 30 January 2008 07:12 UTC
Return-path: <tsvwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JK77Q-0001Di-0X; Wed, 30 Jan 2008 02:12:24 -0500
Received: from tsvwg by megatron.ietf.org with local (Exim 4.43) id 1JK77O-0001Bu-Hv for tsvwg-confirm+ok@megatron.ietf.org; Wed, 30 Jan 2008 02:12:22 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JK77N-0001Au-SO for tsvwg@ietf.org; Wed, 30 Jan 2008 02:12:21 -0500
Received: from mail.gmx.net ([213.165.64.20]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1JK77M-0001a6-NF for tsvwg@ietf.org; Wed, 30 Jan 2008 02:12:21 -0500
Received: (qmail invoked by alias); 30 Jan 2008 07:12:19 -0000
Received: from proxy4-nsn.nsn-inter.net (EHLO [217.115.75.232]) [217.115.75.232] by mail.gmx.net (mp041) with SMTP; 30 Jan 2008 08:12:19 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+1QElyjhW1pEuo8FOr3xIWfDhjWFIS6NgA6op0F9 1PWf8pmSq7Va9R
Message-ID: <47A02356.4030403@gmx.net>
Date: Wed, 30 Jan 2008 09:12:22 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Kantawala, Anshul" <anshul.kantawala@lmco.com>
Subject: Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
References: <47974BDB.70406@ericsson.com> <CD8D57B6-EB94-4DCE-A42A-02BC5F573A13@nokia.com> <7A1BB0E8-5EFB-4341-918A-F841DB1B57FF@cisco.com> <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com> <A55DB203FF9BCF478586DB235086386415A872AE@emss09m03.us.lmco.com>
In-Reply-To: <A55DB203FF9BCF478586DB235086386415A872AE@emss09m03.us.lmco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ff9c467ad7f19c2a6d058acd7faaec8
Cc: tsvwg list IETF <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org
Hi Anshul, Kantawala, Anshul wrote: > Lars, > My comment about the usefulness of having a single IETF document that > covers all aspects of RSVP security (authentication and encryption) was > made at the Vancouver IETF meeting (name mistakenly put in as "Andrew" > in the meeting minutes: "*Andrew - interested in RSVP authentication and > RSVP over IPsec, and thinks this work should progress"). > draft-behringer-tsvwg-rsvp-security-groupkeying is certainly not the document that covers all aspects of RSVP security. > A big stumbling block we have encountered in trying to propose RSVP > signaling as a solution for government and other corporate > secure/sensitive networks is RSVP security. Having an IETF document > covering RSVP security not only helps in handling such concerns, it will > also aid in focused development of security solutions for RSVP. > Have you ever read RFC 4230? Please tell me more about corporate networks using RSVP todo QoS. I would like to met that company that deploys RSVP to dynamically signal QoS in their network. Btw, when you make use of QoS mechanisms in a network then you automatically introduce more security vulnerabilities. > Thus, I reiterate my support in making this a WG document. > > Ciao Hannes > Regards, > Anshul > > -----Original Message----- > From: Lars Eggert [mailto:lars.eggert@nokia.com] > Sent: Monday, January 28, 2008 5:26 AM > To: ext Francois Le Faucheur IMAP > Cc: ext Magnus Westerlund; RJ Atkinson; Brian Weis; tsvwg list IETF > Subject: Re: [Tsvwg] Adopting > draft-behringer-tsvwg-rsvp-security-groupkeying as WG item? > > Hi, > > On 2008-1-28, at 11:59, ext Francois Le Faucheur IMAP wrote: > >> On 24 Jan 2008, at 18:04, Lars Eggert wrote: >> >> >>> (individual hat on) >>> >>> I'm not convinced that this document needs to be a TSVWG document. >>> It's an Informational document that surveys group keying options >>> for RSVP, and as such could be published directly through the RFC >>> Editor. >>> >> I am not aware of any solution currently available from the IETF to >> actually deploy such distribution of group keys for RSVP. >> This could, for example, be easily achieved with small extensions to >> GDOI (draft-weis-gdoi-for-rsvp), but a solution will only be defined >> in IETF (e.g. by MSEC) if the corresponding need is established by >> the TSVWG. >> > > based on the discussions in Vancouver, I thought the goal of this > document was to survey the options for group keying for RSVP. I don't > see how such a survey would motivate the need for any sort of solution > work. Meaning that even if this survey finds that none of the existing > options are always satisfactory, that's a finding that to me still > doesn't immediately motivate the need to develop any new solution. New > protocol work should be motivated by an application requiring it. > > >> So, my recommendation is that TSVWG decides whether group keying is >> useful for RSVP security or not, and if yes documents this decision. >> Making draft-behringer-tsvwg-.. a WG document seems a natural way to >> achieve this. >> This is one reason why I feel draft-behringer-tsvwg should be >> considered for WG document. >> > > For which current work item in TSVWG would group keying be useful, or > rather, required? A need for a new solution needs to come from an > application that requires group keying. As far as I know, no such > application is being worked on in TSVWG. > > >> (I certainly feel that a group keying solution for RSVP would be >> very useful. If some people feel that group keying for RSVP is not >> useful, it would be interesting to know why and how the problems >> solved by group keying can be addressed differently.) >> > > Lots of things are useful - what application requires group keying for > RSVP that goes beyond what we currently have? I'd like to understand > where the motivation comes from. > > >> Another practical reason is that the issue of group keying methods >> for RSVP gets raised by Security experts every time there is a new >> RSVP-related document going to IESG Last Call. See, for example, the >> thread with Ran Atkinson from Dec 2006 and titled "Re: [Tsvwg] Re: >> IETF LC comments on draft-ietf-tsvwg-rsvp-ipsec". >> Effectively, on request from Security experts in order to make sure >> the security aspects are covered appropriately, we end up re- >> discussing the applicability of existing keying methods + >> applicability of potential future group keying methods in the >> "Security Considerations" section of every RSVP-related document >> (see RFC4860, draft-ietf-tsvwg-emergency-rsvp). It is important that >> applicability/Pros&cons of various keying methods for RSVP be >> documented by TSVWG once for all. This discussion should reflect the >> view of the WG since it affects RSVP security across all RSVP- >> related documents. >> > > So this argues for extracting the repeated argument into an individual > draft, so it can be referenced instead of needing to be duplicated. > But it does not motivate the need for a new solution. > > >> Also, draft-behringer-tsvwg proposes to document applicability of >> keying methods to IPsec protection of RSVP (as opposed to just RSVP >> authentication). We are not aware of an IETF document where this is >> well addressed and feel this would be useful (and has been requested >> by a few people e.g. Anshul from LMCO). >> > > > Can you point me at Anhul's email, please? I couldn't dig it up locally. > > Thanks, > Lars > > > >
- [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-secur… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… hannes.tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… ken carlberg
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund