Re: [Isms] pre11 comments

To: Jeffrey Hutzelman <jhutz+ at cmu.edu>
Subject: Re: [Isms] pre11 comments
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Thu, 24 Jul 2008 09:17:19 +0200
Cc: isms at ietf.org, jhutz at cmu.edu
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Jeffrey Hutzelman <jhutz+ at cmu.edu>, "David B. Nelson" <d.b.nelson at comcast.net>, isms at ietf.org, jhutz at cmu.edu
References: <006401c8dc30$bac0af30$51f780de@china.huawei.com> <sd63rmy615.fsf@wes.hardakers.net> <4F599A473EF04ECD99F4C358B291245E@xpsuperdvd2> <sdskuqwoli.fsf@wes.hardakers.net> <200807040057.m640v5DL015394@grapenut.srv.cs.cmu.edu> <ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu>
Reply-to: j.schoenwaelder at jacobs-university.de
Sender: isms-bounces at ietf.org
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Jul 23, 2008 at 02:07:22AM -0400, Jeffrey Hutzelman wrote:

> [...] In order to simplify this somewhat and also address what I believe 
> is Wes's concern (which has nothing to do with securityLevel), I'd like 
> to propose a strawman.  Specifically, I propose that for TSM, the 
> securityName always take the form "TM:name", where TM is a token 
> indicating the secure transport model in use and name is a 
> transport-specific ID.  Obviously we'd need an IANA registry of possible 
> values for the TM token, and a new value would need to be allocated for 
> each token.

Speaking as technical contributor...

Assuming the TM allows operators to configure "name" mappings. Isn't
that sufficient? Do we really have to enforce a specific mapping or
are we not better served by simply discussing the issue in the
documents and suggesting certain configurations options addressing the
issue?

For some secure transports (e.g. TLS and DTLS), there might be valid
reasons to not make a difference and so I prefer a clear separation of
mechanism and policy here.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] pre11 comments
  - From: tom.petch
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman

References:
- [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: David B. Nelson
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman

Prev by Date: Re: [Isms] Multi-namespace authentication
Next by Date: Re: [Isms] pre11 comments
Previous by thread: Re: [Isms] pre11 comments
Next by thread: Re: [Isms] pre11 comments
Index(es):
- Date
- Thread

Re: [Isms] pre11 comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.