Re: DRAFT Pittsburgh ips Minutes

To: Black_David@emc.com, ips@ece.cmu.edu
Subject: Re: DRAFT Pittsburgh ips Minutes
From: David Robinson <David.Robinson@EBay.Sun.COM>
Date: Sat, 12 Aug 2000 18:28:58 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <0F31E5C394DAD311B60C00E029101A0704100EA7@corpmx9.isus.emc.com>
Sender: owner-ips@ece.cmu.edu

Black_David@emc.com wrote:
> 
> An important clarification has been pointed out in the DRAFT minutes.
> The DRAFT minutes say:
> 
>   Consensus call
>   --------------
>   There was a consensus call eventually. Should encryption be mandatory?
> 
>   The consensus in the room is that encryption of the stream should
>   not be mandatory. A lot of people were concerned about the overhead
>   it would imply on cheap devices.
> 
> The consensus call question was actually "should implementation
> of encryption be mandatory"?   Since the consensus was "no",
> implementation of encryption will not be required by the specification.

Point of order, the concensus call MUST be made on the mailing list,
the minutes only reflect the concensus of the room, not the WG.

> Note that implementation of authentication and related data integrity
> measures (e.g., that make it impossible to insert data into or hijack
> an authenticated session) will be mandatory, per the AD (i.e., if they
> are not mandatory in the spec that the WG produces, the spec
> will be returned to the WG with instructions to make it so).

For those not in the room, as David said the question was not to
allow the possiblity of privacy but if it would be manditory
to implement in order to be conforming to the Standard. Everyone
seemed to agree that regardless of the outcome of the consensus,
there MUST be a mechanism to negotiate privacy.

In looking at who in the room was in favor of making privacy
manditory to implement, it was clear that most were those that have
already struggled with this question in the NFSv4 WG where it was
made manditory to implement.  The primary motivating factor
in the NFSv4 WG for this decision was to ensure that a customer
who buys a conforming implentation would have assurances that
privacy was available if needed.  As with the discussions in Pitt
most NFSv4 participants believe that by default most customers and
probably most implentations will negotiate away privacy for performance
reasons.  

However, it was strongly felt that if it was not manditory
to implement it wouldn't be implemented.  NFS has long been burned
by the reputation that it is insecure even though there have been
defacto standard ways to make it secure for years. The root cause
was the lack of availablity of implementations.

Having lived through this for a long time, I strongly caution
the WG that failing to make the set of authentication/integrity/privacy
manditory to implement will doom the IPS standard to use only on
isolated networks and not achieve the promise described in the
drafts as no one will trust it. In recent trade-rag articles
about IPS, security is already one of the leading causes of doubt
to the success of the standard.

	-David

References:
- RE: DRAFT Pittsburgh ips Minutes
  - From: Black_David@emc.com

Prev by Date: RE: Towards Consensus on TCP Connections
Next by Date: RE: Towards Consensus on TCP Connections
Prev by thread: RE: DRAFT Pittsburgh ips Minutes
Next by thread: RE: DRAFT Pittsburgh ips Minutes
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:07:51 2001
6315 messages in chronological order