Re: [Isms] pre11 comments

To: <isms at ietf.org>
Subject: Re: [Isms] pre11 comments
From: "David B. Nelson" <dnelson at elbrysnetworks.com>
Date: Thu, 3 Jul 2008 18:40:20 -0400
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <sd63rmy615.fsf@wes.hardakers.net>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Elbrys Networks, Inc.
References: <006401c8dc30$bac0af30$51f780de@china.huawei.com> <sd63rmy615.fsf@wes.hardakers.net>
Sender: isms-bounces at ietf.org
Thread-index: AcjdWWSeabg6lHqfTPmXu4QOBKzHEgAA2V3A

Wes Hardaker writes...

> This all means that *if* we want to allow separate authorization
> levels for different secure transports (and I'll argue that we
> do want to)...

Well, yeah, but where do we stop?  Someone might argue that the transport
protocol alone isn't enough.  Maybe they want to add cipher-suite into the
selection.  Or maybe key length, or maybe the specifics of the certificate
chain.  I could go on and on, specifying all sorts of security properties of
the transport that conceptually *could* make a significant difference in
*some* scenario.

I think that we should keep this very simple.  For that reason, I'm not
convinced that we need to sub-specify the TSM by its underlying protocol.
If a particular protocol is "compromised" the operator always has the option
to simply de-configure it.

Let's solve the "80% problem" and declare victory.

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] pre11 comments
  - From: Wes Hardaker

References:
- [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker

Prev by Date: Re: [Isms] pre11 comments
Next by Date: Re: [Isms] pre11 comments
Previous by thread: Re: [Isms] pre11 comments
Next by thread: Re: [Isms] pre11 comments
Index(es):
- Date
- Thread

Re: [Isms] pre11 comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.