SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: DRAFT Pittsburgh ips Minutes



    Black_David@emc.com wrote:
    > 
    > An important clarification has been pointed out in the DRAFT minutes.
    > The DRAFT minutes say:
    > 
    >   Consensus call
    >   --------------
    >   There was a consensus call eventually. Should encryption be mandatory?
    > 
    >   The consensus in the room is that encryption of the stream should
    >   not be mandatory. A lot of people were concerned about the overhead
    >   it would imply on cheap devices.
    > 
    > The consensus call question was actually "should implementation
    > of encryption be mandatory"?   Since the consensus was "no",
    > implementation of encryption will not be required by the specification.
    
    Point of order, the concensus call MUST be made on the mailing list,
    the minutes only reflect the concensus of the room, not the WG.
    
    > Note that implementation of authentication and related data integrity
    > measures (e.g., that make it impossible to insert data into or hijack
    > an authenticated session) will be mandatory, per the AD (i.e., if they
    > are not mandatory in the spec that the WG produces, the spec
    > will be returned to the WG with instructions to make it so).
    
    For those not in the room, as David said the question was not to
    allow the possiblity of privacy but if it would be manditory
    to implement in order to be conforming to the Standard. Everyone
    seemed to agree that regardless of the outcome of the consensus,
    there MUST be a mechanism to negotiate privacy.
    
    In looking at who in the room was in favor of making privacy
    manditory to implement, it was clear that most were those that have
    already struggled with this question in the NFSv4 WG where it was
    made manditory to implement.  The primary motivating factor
    in the NFSv4 WG for this decision was to ensure that a customer
    who buys a conforming implentation would have assurances that
    privacy was available if needed.  As with the discussions in Pitt
    most NFSv4 participants believe that by default most customers and
    probably most implentations will negotiate away privacy for performance
    reasons.  
    
    However, it was strongly felt that if it was not manditory
    to implement it wouldn't be implemented.  NFS has long been burned
    by the reputation that it is insecure even though there have been
    defacto standard ways to make it secure for years. The root cause
    was the lack of availablity of implementations.
    
    Having lived through this for a long time, I strongly caution
    the WG that failing to make the set of authentication/integrity/privacy
    manditory to implement will doom the IPS standard to use only on
    isolated networks and not achieve the promise described in the
    drafts as no one will trust it. In recent trade-rag articles
    about IPS, security is already one of the leading causes of doubt
    to the success of the standard.
    
    	-David
    


Home

Last updated: Tue Sep 04 01:07:51 2001
6315 messages in chronological order