Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
Brian Weis <bew@cisco.com> Tue, 29 January 2008 17:25 UTC
Return-path: <tsvwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJuDf-00040s-7y; Tue, 29 Jan 2008 12:25:59 -0500
Received: from tsvwg by megatron.ietf.org with local (Exim 4.43) id 1JJuDe-00040k-SV for tsvwg-confirm+ok@megatron.ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJuDe-00040R-GB for tsvwg@ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JJuDe-0000st-1A for tsvwg@ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 29 Jan 2008 09:25:57 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id m0THPvWx032273; Tue, 29 Jan 2008 09:25:57 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id m0THPaAt013816; Tue, 29 Jan 2008 17:25:48 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Jan 2008 09:25:42 -0800
Received: from [10.32.244.210] ([10.32.244.210]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Jan 2008 09:25:41 -0800
In-Reply-To: <E119D886-0838-4323-ABD7-0C8CCAE5C7A3@nokia.com>
References: <47974BDB.70406@ericsson.com> <CD8D57B6-EB94-4DCE-A42A-02BC5F573A13@nokia.com> <7A1BB0E8-5EFB-4341-918A-F841DB1B57FF@cisco.com> <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com> <E603EB77-B600-4A73-9217-EB797A5D7AAB@cisco.com> <E119D886-0838-4323-ABD7-0C8CCAE5C7A3@nokia.com>
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <D2813B59-D4EA-474C-AC31-FF6B86BF8294@cisco.com>
Content-Transfer-Encoding: 7bit
From: Brian Weis <bew@cisco.com>
Subject: Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
Date: Tue, 29 Jan 2008 09:25:46 -0800
To: Lars Eggert <lars.eggert@nokia.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 29 Jan 2008 17:25:41.0561 (UTC) FILETIME=[F8EA3290:01C8629B]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2292; t=1201627557; x=1202491557; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=bew@cisco.com; z=From:=20Brian=20Weis=20<bew@cisco.com> |Subject:=20Re=3A=20[Tsvwg]=20Adopting=20draft-behringer-ts vwg-rsvp-security-groupkeying=20as=20WG=20item? |Sender:=20; bh=KCo30+TAH434SXUOnJdrAP/JixCCOtX59+ytoXjQ7K4=; b=GgJXwRvceaCIuJUD/tS8gE5GkZHsLZHeK4QKamWt9377JZrKoZvfVPxPk0 c26EEsatnAfgcjzaWOagotU0WDTkDs9ij24GZjXqFWgIkvHOXYh74edGTsvJ yXr1OrSIcU;
Authentication-Results: sj-dkim-3; header.From=bew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: ext Magnus Westerlund <magnus.westerlund@ericsson.com>, RJ Atkinson <rja@extremenetworks.com>, tsvwg list IETF <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org
Hi Lars, On Jan 29, 2008, at 2:05 AM, Lars Eggert wrote: > Hi, Brian, > > On 2008-1-28, at 19:58, ext Brian Weis wrote: >> Calling draft-behringer-tsvwg a "survey" of "group keying for >> RSVP" isn't an entirely accurate statement. It's a much more >> fundamental description of RSVP security: it documents the RSVP >> trust model (perhaps for the first time), and from there it >> describes the appropriate uses for RSVP keys that should be used >> within different network topologies, as well as provisioning >> methods for those keys. Although these topics don't motivate new >> TSVWG protocol development, taking ownership of these RSVP >> security fundamentals is important for TSVWG. I believe that is a >> good rationale for accepting draft-behringer-tsvwg as a WG item. > > I agree with you, and I said during the Vancouver meeting that I'd > see such an Informational document in scope for TSVWG. > > However, I'm now hesitating, because I've heard the argument being > made (both in Vancouver during SAAG and in the recent email by > Francois) that the acceptance of draft-behringer-tsvwg-rsvp- > security-groupkeying as a TSVWG work item would establish a need to > work on a solution in MSEC (based on draft-weis-gdoi-for-rsvp). I > don't agree with this argument. At best, the document would > identify a hole in the solution space, and if MSEC wants to fill > that, I'd need to find its own motivation for doing so. I certainly agree that the action of TSVWG accepting draft-behringer- tsvwg-rsvp-security-groupkeying as a WG document can't dictate any particular action to MSEC. But such a TWVWG document describing a group security model for RSVP does provide MSEC with the basis for considering protocol work that increases the overall level of security when group keys are used. On the other hand, rejecting it sends a message to MSEC that the use of group security isn't particularly valuable for RSVP and so there isn't much point in doing addition protocol work to make the group security model more secure. Thanks, Brian > Lars -- Brian Weis Advanced Security Development, Security Technology Group, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com
- [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-secur… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… hannes.tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Melinda Shore
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… RJ Atkinson
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… RJ Atkinson
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: AW: [Tsvwg] Adopting draft-behringer-tsvwg-rs… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- RE: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Kantawala, Anshul
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Brian Weis
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… ken carlberg
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- AW: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Hannes Tschofenig
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Lars Eggert
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Francois Le Faucheur IMAP
- Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-s… Magnus Westerlund