|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: DRAFT Pittsburgh ips MinutesBlack_David@emc.com wrote: > > An important clarification has been pointed out in the DRAFT minutes. > The DRAFT minutes say: > > Consensus call > -------------- > There was a consensus call eventually. Should encryption be mandatory? > > The consensus in the room is that encryption of the stream should > not be mandatory. A lot of people were concerned about the overhead > it would imply on cheap devices. > > The consensus call question was actually "should implementation > of encryption be mandatory"? Since the consensus was "no", > implementation of encryption will not be required by the specification. Point of order, the concensus call MUST be made on the mailing list, the minutes only reflect the concensus of the room, not the WG. > Note that implementation of authentication and related data integrity > measures (e.g., that make it impossible to insert data into or hijack > an authenticated session) will be mandatory, per the AD (i.e., if they > are not mandatory in the spec that the WG produces, the spec > will be returned to the WG with instructions to make it so). For those not in the room, as David said the question was not to allow the possiblity of privacy but if it would be manditory to implement in order to be conforming to the Standard. Everyone seemed to agree that regardless of the outcome of the consensus, there MUST be a mechanism to negotiate privacy. In looking at who in the room was in favor of making privacy manditory to implement, it was clear that most were those that have already struggled with this question in the NFSv4 WG where it was made manditory to implement. The primary motivating factor in the NFSv4 WG for this decision was to ensure that a customer who buys a conforming implentation would have assurances that privacy was available if needed. As with the discussions in Pitt most NFSv4 participants believe that by default most customers and probably most implentations will negotiate away privacy for performance reasons. However, it was strongly felt that if it was not manditory to implement it wouldn't be implemented. NFS has long been burned by the reputation that it is insecure even though there have been defacto standard ways to make it secure for years. The root cause was the lack of availablity of implementations. Having lived through this for a long time, I strongly caution the WG that failing to make the set of authentication/integrity/privacy manditory to implement will doom the IPS standard to use only on isolated networks and not achieve the promise described in the drafts as no one will trust it. In recent trade-rag articles about IPS, security is already one of the leading causes of doubt to the success of the standard. -David
Home Last updated: Tue Sep 04 01:07:51 2001 6315 messages in chronological order |