RE: [node req] Question on Security considerations.

To: <housley at vigilsec.com>, <ipv6 at ietf.org>
Subject: RE: [node req] Question on Security considerations.
From: john.loughney at nokia.com
Date: Sat, 14 Feb 2004 19:50:03 +0200
Cc: <smb at research.att.com>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=unsubscribe>
Sender: ipv6-admin at ietf.org
Thread-index: AcPyfkFPybbwamstRk2D0yzhwZDGbwApI5wg
Thread-topic: [node req] Question on Security considerations.

Hi Russ,

> Please take a look at these two documents:
>     draft-ietf-ipsec-ikev2-algorithms-04.txt
>     draft-ietf-ipsec-esp-ah-algorithms-01.txt

Thanks for the pointers.  These look reasonable to add to the 
Node Req document.  Does anyone have problems with me putting
these as requirements in the Security section?

John

 
> At 03:07 PM 2/13/2004 +0200, john.loughney@nokia.com wrote:
> >Hi all,
> >
> >The Security AD commented the following:
> >
> > > For Section 8, RFCs 2401, 2402, and 2406 are currently 
> being revised by
> > > the IPsec group; that should be mentioned.
> >
> >This is no problem.
> >
> > > The crypto algorithm requirements should be better aligned with
> > > recommendations from the IPsec wg.  There's a draft that 
> lists 3DES as
> > > SHOULD, not MAY.
> >
> >Would it be appropriate to mention something like:
> >
> >         The Security Area RECOMMENDS the use of 3DES.
> >
> > > I think that IKEv? should be a SHOULD, not a MAY.  While 
> the IESG hasn't
> > > yet seen draft-bellovin-mandate-keymgmt, it will soon and 
> it describes
> > > automated key management as a "strong SHOULD".  That's 
> certainly the
> > > consensus in the security area.
> >
> >I think that the WG has gone through this several times, and 
> SHOULD has
> >always seemed problematic for some uses.  Does anyone have 
> any suggestions?
> >
> > > More generically, I don't think that this WG should 
> standardize weaker
> > > security requirements than the security area thinks are 
> appropriate,
> > > without strong justification.  (Stronger requirements are 
> fine -- they
> > > may have a different operational environment, or a 
> different threat
> > > model.)
> >
> >My general comment is that if this document can point to 
> existing RFCs
> >for the security requirements, then I am happy to mandate whatever
> >the pointers suggest (hint to the security area, provide pointers and
> >I will include them).
> >
> >thanks,
> >John
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Prev by Date: Re: [psg.com #246] [2461bisissue 246] Preferred lifetime > valid lifetime
Next by Date: Weekly posting summary for ipv6@ietf.org
Previous by thread: Re: [node req] Question on Security considerations.
Next by thread: [node req] Should I include points to current set of draft updates?
Index(es):
- Date
- Thread

RE: [node req] Question on Security considerations.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.