Re: [Isms] pre11 comments

To: "David B. Nelson" <d.b.nelson at comcast.net>
Subject: Re: [Isms] pre11 comments
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Thu, 03 Jul 2008 19:59:17 -0700
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
Dkim-signature: v=0.5; a=rsa-sha1; c=relaxed; d=hardakers.net; h=received:from:to:cc:subject:organization:references:date:in-reply-to:message-id:user-agent:mime-version:content-type; q=dns/txt; s=wesmail; bh=QsRuEu7Bpi7Yiz5vs1MBDc9HEcg=; b=bhalmfs/fsFFprs17Rtf2btIqerfdj3P+B9Zx+2X3w4KJmFLlNm+kYAtI9hXy1zwbcm5zuvj/IWHHO70GutNhMUnuT9Ipy4p047uFKbgAXbx4JqpNhYAh8fzBj/oX+RnDnWzINrM7J/yy6dx321uqNBFt4FRT2LdRrYC73F+8NI=
In-reply-to: <00f401c8dd70$e2a997a0$6401a8c0@NEWTON603> (David B. Nelson's message of "Thu, 3 Jul 2008 20:57:08 -0400")
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
References: <006401c8dc30$bac0af30$51f780de@china.huawei.com> <sd63rmy615.fsf@wes.hardakers.net> <4F599A473EF04ECD99F4C358B291245E@xpsuperdvd2> <sdskuqwoli.fsf@wes.hardakers.net> <00f401c8dd70$e2a997a0$6401a8c0@NEWTON603>
Sender: isms-bounces at ietf.org
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

>>>>> On Thu, 3 Jul 2008 20:57:08 -0400, "David B. Nelson" <d.b.nelson at comcast.net> said:

DBN> Apparently the WG decided early on that, indeed, "any protected
DBN> transport will do". I think what you're effectively suggesting is
DBN> that we should *not* have a general TSM, but a series of xSMs,
DBN> where "x" is a specific secure transport protocol.

That was one of the suggestions that I said was possible if we wanted to
solve the issue. I also said it was the one that I think was already
decided against. The other one was a security name mapping. If you go
back to my original post, I mentioned a few options and one of which was
a mapping table in the

DBN> KSM surely falls into that pattern.

No, actually, it doesn't because it already was designed (in IETF
history of the past) to be a separate security model and wasn't based on
a tunnel transport and thus wasn't TSM based. So with KSM we already
had the ability to separate out KSM from USM. I'm simply looking for
a similar ability from future transport support.

DBN> Personally, I think it's very late for that kind of revision. However, if
DBN> it can be "hacked in" without much disruption, I see no fundamental
DBN> objection to adding that feature.

There wouldn't be little disruption (a minor wording change here or
there and a MIB table). I'd be happy to supply the text and table for
inclusion but I will wait until people think it's ok to consider
including before committing resources to it.
--
Wes Hardaker
Sparta, Inc.
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

References:
- [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: David B. Nelson
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: David B. Nelson

Prev by Date: Re: [Isms] pre11 comments
Next by Date: Re: [Isms] pre11 comments
Previous by thread: Re: [Isms] pre11 comments
Next by thread: Re: [Isms] pre11 comments
Index(es):
- Date
- Thread

Re: [Isms] pre11 comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.