Re: IETF Last Call on Walled Garden Standard for the Internet
Bernard Aboba <aboba@internaut.com> Thu, 13 March 2008 22:19 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C5FEC28C2D5; Thu, 13 Mar 2008 15:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.797
X-Spam-Level:
X-Spam-Status: No, score=-100.797 tagged_above=-999 required=5 tests=[AWL=-0.360, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZIIKL+2XIeyS; Thu, 13 Mar 2008 15:19:24 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFFCE3A6939; Thu, 13 Mar 2008 15:19:24 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 424C33A67C0 for <ietf@core3.amsl.com>; Thu, 13 Mar 2008 15:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DOoqC1-7RkTi for <ietf@core3.amsl.com>; Thu, 13 Mar 2008 15:19:22 -0700 (PDT)
Received: from mho-01-bos.mailhop.org (mho-01-bos.mailhop.org [63.208.196.178]) by core3.amsl.com (Postfix) with ESMTP id 556BE3A6A3C for <ietf@ietf.org>; Thu, 13 Mar 2008 15:19:21 -0700 (PDT)
Received: from c-24-18-144-82.hsd1.mn.comcast.net ([24.18.144.82] helo=internaut.com) by mho-01-bos.mailhop.org with esmtpa (Exim 4.68) (envelope-from <aboba@internaut.com>) id 1JZvjS-0003km-Q6 for ietf@ietf.org; Thu, 13 Mar 2008 22:17:03 +0000
Received: by internaut.com (Postfix, from userid 1001) id ACE0970CC0; Thu, 13 Mar 2008 15:17:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id A1D9C70BE8 for <ietf@ietf.org>; Thu, 13 Mar 2008 15:17:01 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 24.18.144.82
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1+bF75P39lgG/nqHBuROYk2
Date: Thu, 13 Mar 2008 15:17:01 -0700
From: Bernard Aboba <aboba@internaut.com>
To: ietf@ietf.org
Subject: Re: IETF Last Call on Walled Garden Standard for the Internet
Message-ID: <Pine.LNX.4.64.0803131516140.2450@internaut.com>
MIME-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Re: IETF Last Call on Walled Garden Standard for the Internet (draft-ietf-hokey-emsk-hierarchy) The open nature of the Internet has been a problem for quite a long time. In addition to the countless problems caused by allowing users to run applications of their choosing, the Internet also allows users to access content worldwide, some of which may not be approved of by local, state or national governments, warlords, or gangsters. The Internet Engineering Task Force (IETF) has further compounded the problem by creating interoperable standards for security, which have enabled hosts on the Internet to protect traffic end-to-end or hop-by-hop. This has not only harmed vendor profitability by requiring vendors to interoperate with each other, but by enabling users to take ownership of their own security without the approval of operators or governmental authorities, criminal activity, terrorism, and juvenile delinquincy have flourished. While these issues have long been recognized by the U.N. Working Group on Internet Governance, until recently, the IETF has shown little interest in solving these problems. It is therefore with great pleasure that I have read draft-ietf-hokey-emsk-hierarchy, which finally offers a solution to the issues that have bedeviled the Internet. How does this document work its magic? As noted in the Introduction: This document defines the EMSK to be used solely for deriving root keys using the key derivation specified. The root keys are meant for specific purposes called usages; a special usage class is the domain specific root keys made available to and used within specific key management domains.... Different uses for keys derived from the EMSK have been proposed. Some examples include hand off across access points in various mobile technologies, mobile IP authentication and higher layer application authentication. In other words, this document creates a standard for the use of EAP in application layer security, enabling operators and governments to tie the use of applications to link layer authentication mechanisms under their control. With EAP now implemented within network interface cards, this gives operators and governments granular control of what applications can be run on the Internet. Of course, the solution would not be complete by also allowing vendors or other SDOs to create their own security solutions without IETF review, while still being able to claim IETF standards compliance. How is this wonderful outcome accomplished? Section 8.1 states: Labels within the "ietf.org" organization are assigned based on the IETF CONSENSUS policy with specification recommended. Labels from other organizations may be registered with IANA by the person or organization controlling the domain with an assignment policy of SPECIFICATION REQUIRED. In other words, vendors and SDOs can self-assign labels, creating their own key hierarchies, without being required to register with IANA. A NOTE TO THE NAYSAYERS There are naysayers who will note that the document, by enabling use of EAP as a universal application layer security mechanism for the Internet, has exceeded both the HOKEY WG charter, as well as the RFC 3748 applicability statement. These nattering nabobs simply do not get it. Requiring WGs to stay within their charters is a barbaric practice that limits creativity and encourages boredom and even hooliganism. Some of the architecturally minded IETF participants may also note that by linking application layer security to the link layer, the IETF is effectively adding EAP to host requirements, since applications utilizing the key hierarchy established in this document will not be able to run on link layers that do not support EAP (such as Fibre Channel). In effect, the "waist" of the Internet has now been moved down into its shoes, which can, in some circumstances, make it difficult to walk. Again, these ivory tower Archi-snobs do not get it. Do you know how expensive it is to deploy new networking technologies or to develop a new product? Do you know how difficult it can be to pay for these things while being hampered by your whiny notions of interoperability and openness? Rather than "IP over everything", the new, improved Walled Garden Internet is based on "Everything over EAP". Stop your endless whining and get used to it. CODA As I noted earlier, by establishing EAP as a universal application layer security mechanism for the Internet, and by enabling vendors and SDOs to create their own "usages" without IETF approval or even publication, this document establishes a Walled Garden standard for the Internet. Such a standard has been particularly assisted by the IETF's Security Area, which has within a short time taken an interoperable security mechanism developed for a narrow range of uses, and turned it into a supremely general, non-interoperable, non-backwards compatible solution to every Internet problem, real or imagined. To paraphrase Tilda Swinton's Oscar Acceptance Speech: "To the IESG, you know, the seriousness and the dedication to your art... you rock, man!" _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: IETF Last Call on Walled Garden Standard for … Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Fred Baker
- Re: IETF Last Call on Walled Garden Standard for … Jari Arkko
- Re: IETF Last Call on Walled Garden Standard for … Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Hallam-Baker, Phillip
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- EAP applicability (Was: Re: IETF Last Call on Wal… Jari Arkko
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- Re: EAP applicability (Was: Re: IETF Last Call on… Lakshminath Dondeti
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- Re: EAP applicability (Was: Re: IETF Last Call on… Theodore Tso
- Re: EAP applicability (Was: Re: IETF Last Call on… Jari Arkko
- Re: IETF Last Call on Walled Garden Standard for … Lakshminath Dondeti
- Re: IETF Last Call on Walled Garden Standard for … Brian E Carpenter
- Re: EAP applicability (Was: Re: IETF Last Call on… Dan Harkins
- RE: IETF Last Call on Walled Garden Standard for … Narayanan, Vidya
- Re: EAP applicability (Was: Re: IETF Last Call on… Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Harald Tveit Alvestrand
- Re: IETF Last Call on Walled Garden Standard for … Lakshminath Dondeti
- RE: IETF Last Call on Walled Garden Standard for … Narayanan, Vidya
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Dan Harkins
- Re: IETF Last Call on Walled Garden Standard for … Yoshihiro Ohba
- EMSK key hierarchy and the DSRK Dan Harkins
- Re: EMSK key hierarchy and the DSRK Lakshminath Dondeti
- Re: EMSK key hierarchy and the DSRK Dan Harkins
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- RE: EAP applicability (Was: Re: IETF Last Call on… Dan Harkins
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- Re: [HOKEY] EMSK key hierarchy and the DSRK Yoshihiro Ohba
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- Re: IETF Last Call on Walled Garden Standard for … Yoshihiro Ohba
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior