CC:		sob@harvard.edu, chair@ietf.org, housley@vigilsec.com, statements@ietf.org

Subject:	Response to ASON control plane session security

Date:		Tue, 27 Jun 2006 14:01:45 -0400

To:		tsbsg15@itu.int, greg.jones@itu.int

From:		IETF Security Area Directors: hartmans-ietf@mit.edu, housley@vigilsec.com;

Purpose: for information

Apologies for getting this out today rather than yesterday: there was
an administrative error on my part.

AS requested, the IETF security area directors are providing input on
authentication and general security protocols for ASON control plane
protocols.  Since we were not given requirements for the ASON
protocols, we can only provide general recommendations.

If the control protocol is using a TCP connection, we Recommend
Transport Layer Security (RFC 4346).  If the control protocol is using
UDP, we recommend Datagram Transport Layer Security (RFC 4347).  These
protocols provide integrity, optional confidentiality and
authentication.  Authentication options include public keys, and
preshared keys.  If more flexible authentication is required, the
combination of SASL (RFC 4422) and TLS (RFC 4346) has proven effective
for application protocols.  This combination has not yet been used for
network control plane security.


Sincerely,

Sam Hartman
Russ Housley