Re: [Isms] What granularity of attributes do we need for the securetransport?

[Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>]

On Thu, Apr 03, 2008 at 05:41:20PM -0700, Randy Presuhn wrote:
 
> The strength of encryption provded by a given security model when the
> securityLevel is authPriv must be taken into account when formulating
> an access control policy.  Consequently, from the choice of securityModel
> one needs to be able to, at the very least, infer what the minimum level
> of protection provided by authPriv would be.

I like to point to the minutes of the ISMS meeting at the 64th IETF
<http://tools.ietf.org/wg/isms/minutes?item=minutes64.html>:

 [12] There was some notion in the room to allow SSH to always provide
      auth/priv services, even in cases where less is requested by the
      SNMP security level parameter.
          
      SSH supports a null cipher. The security considerations perhaps
      should explain that usage of the null cipher is generally not
      expected, even though implementations might support it for
      special cases (e.g. someone running ISMS over a secure IPsec
      tunnel or environments where encryption is illegal).

Security people were in the room when this was discussed and part of
the discussion was also that the SSHTM can blindly trust the SSH layer
without having to peek into the internals of the session state. Since
this meeting, we have worked under the assumption that the SSHTM can
trust the SSH layer to provide proper security. Unless there is a
major new argument, I would prefer to stick with this decision.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms