Re: [Isms] pre11 comments

To: <j.schoenwaelder at jacobs-university.de>, "Jeffrey Hutzelman" <jhutz+ at cmu.edu>
Subject: Re: [Isms] pre11 comments
From: "tom.petch" <cfinss at dial.pipex.com>
Date: Fri, 25 Jul 2008 10:03:25 +0200
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <006401c8dc30$bac0af30$51f780de@china.huawei.com><sd63rmy615.fsf@wes.hardakers.net><4F599A473EF04ECD99F4C358B291245E@xpsuperdvd2><sdskuqwoli.fsf@wes.hardakers.net><200807040057.m640v5DL015394@grapenut.srv.cs.cmu.edu><ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu> <20080724071719.GA5011@elstar.local>
Reply-to: "tom.petch" <cfinss at dial.pipex.com>
Sender: isms-bounces at ietf.org

----- Original Message -----
From: "Juergen Schoenwaelder" <j.schoenwaelder at jacobs-university.de>
To: "Jeffrey Hutzelman" <jhutz+ at cmu.edu>
Cc: <isms at ietf.org>; <jhutz at cmu.edu>
Sent: Thursday, July 24, 2008 9:17 AM
Subject: Re: [Isms] pre11 comments


> On Wed, Jul 23, 2008 at 02:07:22AM -0400, Jeffrey Hutzelman wrote:
>
> > [...] In order to simplify this somewhat and also address what I believe
> > is Wes's concern (which has nothing to do with securityLevel), I'd like
> > to propose a strawman.  Specifically, I propose that for TSM, the
> > securityName always take the form "TM:name", where TM is a token
> > indicating the secure transport model in use and name is a
> > transport-specific ID.  Obviously we'd need an IANA registry of possible
> > values for the TM token, and a new value would need to be allocated for
> > each token.
>
> Speaking as technical contributor...
>
> Assuming the TM allows operators to configure "name" mappings. Isn't
> that sufficient? Do we really have to enforce a specific mapping or
> are we not better served by simply discussing the issue in the
> documents and suggesting certain configurations options addressing the
> issue?
>
I agree; TM is the place to do the mapping.  This is a TM related issue and we
should fix it close to where the problem arises, namely in the TM.

(And, at the risk of being repetitive, there is a problem with a mapping table
in the SM with the ASIs as currently defined; fixable, but requiring a change to
the ASIs).

Tom Petch

> For some secure transports (e.g. TLS and DTLS), there might be valid
> reasons to not make a difference and so I prefer a clear separation of
> mechanism and policy here.
>
> /js
>
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

References:
- [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: David B. Nelson
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman
- Re: [Isms] pre11 comments
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] pre11 comments
Next by Date: Re: [Isms] pre11 comments
Previous by thread: [Isms] Multiple user namespaces (was RE: pre11 comments)
Next by thread: [Isms] Proposed SSH Transport Address Changes (and a quick nit)
Index(es):
- Date
- Thread

Re: [Isms] pre11 comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.