IETF Logo Mail Archive

Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?

Brian Weis <bew@cisco.com> Tue, 29 January 2008 17:25 UTC

Return-path: <tsvwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJuDf-00040s-7y; Tue, 29 Jan 2008 12:25:59 -0500
Received: from tsvwg by megatron.ietf.org with local (Exim 4.43) id 1JJuDe-00040k-SV for tsvwg-confirm+ok@megatron.ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJuDe-00040R-GB for tsvwg@ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JJuDe-0000st-1A for tsvwg@ietf.org; Tue, 29 Jan 2008 12:25:58 -0500
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 29 Jan 2008 09:25:57 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id m0THPvWx032273; Tue, 29 Jan 2008 09:25:57 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id m0THPaAt013816; Tue, 29 Jan 2008 17:25:48 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Jan 2008 09:25:42 -0800
Received: from [10.32.244.210] ([10.32.244.210]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Jan 2008 09:25:41 -0800
In-Reply-To: <E119D886-0838-4323-ABD7-0C8CCAE5C7A3@nokia.com>
References: <47974BDB.70406@ericsson.com> <CD8D57B6-EB94-4DCE-A42A-02BC5F573A13@nokia.com> <7A1BB0E8-5EFB-4341-918A-F841DB1B57FF@cisco.com> <A268781D-F81A-48B3-8042-1892AC93B749@nokia.com> <E603EB77-B600-4A73-9217-EB797A5D7AAB@cisco.com> <E119D886-0838-4323-ABD7-0C8CCAE5C7A3@nokia.com>
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <D2813B59-D4EA-474C-AC31-FF6B86BF8294@cisco.com>
Content-Transfer-Encoding: 7bit
From: Brian Weis <bew@cisco.com>
Subject: Re: [Tsvwg] Adopting draft-behringer-tsvwg-rsvp-security-groupkeying as WG item?
Date: Tue, 29 Jan 2008 09:25:46 -0800
To: Lars Eggert <lars.eggert@nokia.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 29 Jan 2008 17:25:41.0561 (UTC) FILETIME=[F8EA3290:01C8629B]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2292; t=1201627557; x=1202491557; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=bew@cisco.com; z=From:=20Brian=20Weis=20<bew@cisco.com> |Subject:=20Re=3A=20[Tsvwg]=20Adopting=20draft-behringer-ts vwg-rsvp-security-groupkeying=20as=20WG=20item? |Sender:=20; bh=KCo30+TAH434SXUOnJdrAP/JixCCOtX59+ytoXjQ7K4=; b=GgJXwRvceaCIuJUD/tS8gE5GkZHsLZHeK4QKamWt9377JZrKoZvfVPxPk0 c26EEsatnAfgcjzaWOagotU0WDTkDs9ij24GZjXqFWgIkvHOXYh74edGTsvJ yXr1OrSIcU;
Authentication-Results: sj-dkim-3; header.From=bew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: ext Magnus Westerlund <magnus.westerlund@ericsson.com>, RJ Atkinson <rja@extremenetworks.com>, tsvwg list IETF <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org

Hi Lars,

On Jan 29, 2008, at 2:05 AM, Lars Eggert wrote:

> Hi, Brian,
>
> On 2008-1-28, at 19:58, ext Brian Weis wrote:
>> Calling draft-behringer-tsvwg a "survey" of "group keying for  
>> RSVP" isn't an entirely accurate statement. It's a much more  
>> fundamental description of RSVP security: it documents the RSVP  
>> trust model (perhaps for the first time), and from there it  
>> describes the appropriate uses for RSVP keys that should be used  
>> within different network topologies, as well as provisioning  
>> methods for those keys. Although these topics don't motivate new  
>> TSVWG protocol development, taking ownership of these RSVP  
>> security fundamentals is important for TSVWG. I believe that is a  
>> good rationale for accepting draft-behringer-tsvwg as a WG item.
>
> I agree with you, and I said during the Vancouver meeting that I'd  
> see such an Informational document in scope for TSVWG.
>
> However, I'm now hesitating, because I've heard the argument being  
> made (both in Vancouver during SAAG and in the recent email by  
> Francois) that the acceptance of draft-behringer-tsvwg-rsvp- 
> security-groupkeying as a TSVWG work item would establish a need to  
> work on a solution in MSEC (based on draft-weis-gdoi-for-rsvp). I  
> don't agree with this argument. At best, the document would  
> identify a hole in the solution space, and if MSEC wants to fill  
> that, I'd need to find its own motivation for doing so.

I certainly agree that the action of TSVWG accepting draft-behringer- 
tsvwg-rsvp-security-groupkeying as a WG document can't dictate any  
particular action to MSEC. But such a TWVWG document describing a  
group security model for RSVP does provide MSEC with the basis for  
considering protocol work that increases the overall level of  
security when group keys are used.

On the other hand, rejecting it sends a message to MSEC that the use  
of group security isn't particularly valuable for RSVP and so there  
isn't much point in doing addition protocol work to make the group  
security model more secure.

Thanks,
Brian

> Lars

-- 
Brian Weis
Advanced Security Development, Security Technology Group, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com

v2.23.0 | Report a Bug | By Email