Re: Security guidelines discussion in the IESG
Sam Hartman <hartmans-ietf-ietf@mit.edu> Tue, 02 May 2006 13:55 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FavLN-0007eR-Mp; Tue, 02 May 2006 09:55:13 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FavH3-0005Sq-3O for wgchairs@ietf.org; Tue, 02 May 2006 09:50:45 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FavH1-0004rg-Od for wgchairs@ietf.org; Tue, 02 May 2006 09:50:45 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 3A81BE0053; Tue, 2 May 2006 09:50:43 -0400 (EDT)
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
References: <AAB4B3D3CF0F454F98272CBE187FDE2F0A69477A@is0004avexu1.global.avaya.com>
From: Sam Hartman <hartmans-ietf-ietf@mit.edu>
Date: Tue, 02 May 2006 09:50:43 -0400
In-Reply-To: <AAB4B3D3CF0F454F98272CBE187FDE2F0A69477A@is0004avexu1.global.avaya.com> (Dan Romascanu's message of "Wed, 26 Apr 2006 20:51:45 +0300")
Message-ID: <tsl4q08cz7w.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
X-Mailman-Approved-At: Tue, 02 May 2006 09:55:12 -0400
Cc: wgchairs@ietf.org, housley@vigilsec.com, bwijnen@lucent.com
Subject: Re: Security guidelines discussion in the IESG
X-BeenThere: wgchairs@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Working Group Chairs <wgchairs.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:wgchairs@ietf.org>
List-Help: <mailto:wgchairs-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=subscribe>
Errors-To: wgchairs-bounces@ietf.org
>>>>> "Romascanu," == Romascanu, Dan (Dan) <dromasca@avaya.com> writes: >> -----Original Message----- From: Steven M. Bellovin >> [mailto:smb@cs.columbia.edu] Sent: Wednesday, April 26, 2006 >> 4:14 PM To: Romascanu, Dan (Dan) Cc: wgchairs@ietf.org; >> bwijnen@lucent.com; housley@vigilsec.com; hartmans-ietf@mit.edu >> Subject: Re: Security guidelines discussion in the IESG >> >> On Wed, 26 Apr 2006 14:30:50 +0300, "Romascanu, Dan \(Dan\)" >> <dromasca@avaya.com> wrote: >> >> > >> > My instinct is to say that the security area need to issue a >> document > similar to what RFC 4181is for MIB reviewers. The >> security folks seem > to believe that this role is played by >> RFC 3552, and that the security > advisors for specific WGs >> would do the rest. In reality for raqmon > this did not work, >> and maybe other similar cases exist. >> > >> Dan, could you give more detail on what's wrong with 3552? As >> you say, we thought that 3552 was filling that role. >> >> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb >> Romascanu,> There are two problems that we have felt directly in Romascanu,> the case I was involved with: Romascanu,> 1. Just from reading 3552 (and other) it's hard at Romascanu,> least for a non-security person to figure out which Romascanu,> security feature requirements match the protocols to Romascanu,> use. In the RAQMON case, we ended up figuring out that Romascanu,> we didn't need SASL at all, just "mandatory TLS". The Romascanu,> confusion cost us about 5 months already and counting. Romascanu,> Some kind of a guiding document, including a mapping Romascanu,> table or matrix would be extremely useful. Interesting. So, I actually thought that 3552 served its purpose in the raqmon case: the document correctly identified what security threats needed to be addressed. The only problem from my standpoint was that the document stopped at saying that TLS could be used to address the threats (a true statement) but did not go so far as to normatively describe how to do so. So, I think we may want to take a step back here. I wonder if the security community and you have a different idea of what problem 3552 is attempting to solve. I'd argue that 3552 is mostly only trying to help you understand what problems you need to solve. I'd argue that RFC 3631 is intended to tell you about what security technologies are out there, and that the documents defining those technologies need to be responsible for helping you understand how to use those technologies in your application. There's also draft-iab-auth-mech, but according to its author, it is intended more to help designers of security mechanisms than people trying to use mechanisms in their protocol.
- Security guidelines discussion in the IESG Romascanu, Dan (Dan)
- Re: Security guidelines discussion in the IESG Steven M. Bellovin
- RE: Security guidelines discussion in the IESG Romascanu, Dan (Dan)
- RE: Security guidelines discussion in the IESG Pasi.Eronen
- Re: Security guidelines discussion in the IESG Sam Hartman
- Re: Security guidelines discussion in the IESG Eric Rescorla
- RE: Security guidelines discussion in the IESG Drage, Keith (Keith)