From Internet-Drafts at ietf.org Tue Jun 6 12:50:02 2006 From: Internet-Drafts at ietf.org (Internet-Drafts@ietf.org) Date: Tue, 06 Jun 2006 15:50:02 -0400 Subject: [anonsec] I-D ACTION:draft-ietf-btns-prob-and-applic-03.txt Message-ID: ENCODING mime FILE /internet-drafts/draft-ietf-btns-prob-and-applic-03.txt -------------- next part -------------- From lha at it.su.se Wed Jun 21 05:13:04 2006 From: lha at it.su.se (=?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?=) Date: Wed, 21 Jun 2006 14:13:04 +0200 Subject: [anonsec] btns at ietf66 Message-ID: Hello working-group, I allocated 2h slot for us at ietf66, we are currently meeting on Tuesday at 15.20. The my proposed agenda was just published to the ietf meeting materials website, if you have any updates, please email me. Love -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://mailman.postel.org/pipermail/anonsec/attachments/20060621/be78f6e7/PGP.bin From pekka.nikander at nomadiclab.com Thu Jun 22 01:02:21 2006 From: pekka.nikander at nomadiclab.com (Pekka Nikander) Date: Thu, 22 Jun 2006 11:02:21 +0300 Subject: [anonsec] Leaving the IETF and stepping down from co-chairing BTNS Message-ID: <25330E34-6E02-495E-A32C-EAF2F9C87276@nomadiclab.com> Folks, After a long consideration, I have decided to leave the IETF for the time being. I still do care about the future of the Internet, but given my personality and interests I think that I will be more useful in the research than standardisation. Consequently, I have stepped down form my BTNS co-chair role, and Love will continue as the only chair, at least for the time being. It has been a pleasure to help BTNS to start, and I am sure that you will eventually finish with good results. --Pekka Nikander From Nicolas.Williams at sun.com Sat Jun 24 10:40:03 2006 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Sat, 24 Jun 2006 12:40:03 -0500 Subject: [anonsec] BTNS updates In-Reply-To: <17246.1142837232@sandelman.ottawa.on.ca> References: <20051206000303.GM17884@binky.Central.Sun.COM> <20060319222606.GJ27125@binky.Central.Sun.COM> <17246.1142837232@sandelman.ottawa.on.ca> Message-ID: <20060624174003.GA21559@binky.Central.Sun.COM> On Mon, Mar 20, 2006 at 12:47:12AM -0600, Michael Richardson wrote: > >> If there are two connections between peers, such as, in some > >> cases, two NFS mounts, but certainly if I used channel binding > >> for two SSH connections for which I had a (probably-non-btns) > >> /32<->/32 tunnel, would both instances see the same binding data? > > Nicolas> Most often, yes, but not necessarily. > > Okay. I am concerned about this. I have a nagging feeling that the > channel binding should be made unique between users, but I'm not sure > how to do this without introducing new {IKE,IKEv2} notifies. If the nodes are multi-user nodes then local security is necessary to protect one user from another on the same node. Having two channels with the same end-points and channel bindings, but used by different users should not pose any security problems as long as local security is maintained -- neither user should be allowed to interfere with or eavesdrop on the other's channel. Nico -- From mcr at sandelman.ottawa.on.ca Wed Jun 28 14:19:12 2006 From: mcr at sandelman.ottawa.on.ca (Michael Richardson) Date: Wed, 28 Jun 2006 17:19:12 -0400 Subject: [anonsec] forwarded from Pekka Savola References: <445F79E8.5070902@isi.edu> <445F7F47.2010709@isi.edu> <445FC7D8.2010505@isi.edu> <20060508225754.GK28062@binky.Central.Sun.COM> <445FDABC.3070407@isi.edu> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 482 bytes Desc: not available Url : http://mailman.postel.org/pipermail/anonsec/attachments/20060628/5a813dc8/attachment.bin From mcr at sandelman.ottawa.on.ca Wed Jun 28 15:07:31 2006 From: mcr at sandelman.ottawa.on.ca (Michael Richardson) Date: Wed, 28 Jun 2006 18:07:31 -0400 Subject: [anonsec] btns at ietf66 References: Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 482 bytes Desc: not available Url : http://mailman.postel.org/pipermail/anonsec/attachments/20060628/71b7535b/attachment.bin From Internet-Drafts at ietf.org Wed Jun 28 15:50:02 2006 From: Internet-Drafts at ietf.org (Internet-Drafts@ietf.org) Date: Wed, 28 Jun 2006 18:50:02 -0400 Subject: [anonsec] I-D ACTION:draft-ietf-btns-core-01.txt Message-ID: ENCODING mime FILE /internet-drafts/draft-ietf-btns-core-01.txt -------------- next part -------------- From lha at it.su.se Wed Jun 28 16:08:35 2006 From: lha at it.su.se (=?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?=) Date: Thu, 29 Jun 2006 01:08:35 +0200 Subject: [anonsec] btns at ietf66 In-Reply-To: References: Message-ID: 29 jun 2006 kl. 00.07 skrev Michael Richardson: > I would like some more details about the "Use of IPsec". > Is there something I should read ahead of time? Sam promised to make a presentation on his view of (IPsec) security and how BTNS would fit into it, I'm sure Sam can fill out any issues. > Nico and I have formulated a clearer statement of a problem that BTNS > will introduce to gateways that think that they have a workable > global PKI. > > It needs perhaps 15 minutes to explain, and I will try to write an > email to > the list outline the issue, and maybe some diagrams ahead of time. Ok, I'll allocate a time for that. > "Discuss API issues". - I think that's me as well. > -> defining the scope is the most important part. And part of that is figure out how to interact with other working groups that also have ideas on how to control IPsec to use in their protocols. Love -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://mailman.postel.org/pipermail/anonsec/attachments/20060629/07be2632/PGP.bin From mcr at sandelman.ottawa.on.ca Wed Jun 28 16:50:59 2006 From: mcr at sandelman.ottawa.on.ca (Michael Richardson) Date: Wed, 28 Jun 2006 19:50:59 -0400 Subject: [anonsec] btns at ietf66 In-Reply-To: Message from =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= of "Thu, 29 Jun 2006 01:08:35 +0200." References: Message-ID: <24641.1151538659@sandelman.ottawa.on.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "strand" == strand writes: >> "Discuss API issues". - I think that's me as well. -> defining the scope is the most important part. strand> And part of that is figure out how to interact with other strand> working groups that also have ideas on how to control IPsec strand> to use in their protocols. At this point, I think that the shim6 people still did not comprehend that the shim6/btns API intersect is empty. I guess I can do a venn diagram. I think that the shim6/hip intersect is non-empty, and that the hip/btns intersect is also non-empty, but I don't know if: hip - shim6 is != 0 and hip - btns is != 0 I.e. if btns and shim6 APIs can provide everything that HIP needs. My instinct is that this is a IRTF todo. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ "The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Finger me for keys iQEVAwUBRKMV4oCLcPvd0N1lAQLvrwf9HdhGzMWhFctf7HRxfqVC3RJMQn9xa3+7 RMPEo66TVY6ahhrPhGvNIJCP45lpLz2YNXhBQlIuRF+JusbNpKJ1eZaucSRtds3V 9W9PNSxjHZa5Yk0P2R1XAYGASea6pmTdivONEM3/I7fK1p49WHf9ILLWtA3Cr2Qb e6QFPWQZppAMJXib/svJAjRdng90EVObp0l0mIYMBlQsOfAvgKutNWdqBZ5pXcpc RwR1HRCDWAzHoCAfcBSrLWnBnt05Jq+WiVs4BHmbMDml3/lh0EC9g5Fy9OLzbG3l UpKRlxUkzhQc1aJj+BiZ+PYGGS+dVB6ktk8CfKyNFZ76opzx8H37Sw== =sggu -----END PGP SIGNATURE----- From Nicolas.Williams at sun.com Wed Jun 28 19:26:11 2006 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Wed, 28 Jun 2006 21:26:11 -0500 Subject: [anonsec] btns at ietf66 In-Reply-To: References: Message-ID: <20060629022611.GK5688@binky.Central.Sun.COM> On Wed, Jun 28, 2006 at 06:07:31PM -0400, Michael Richardson wrote: > Nico and I have formulated a clearer statement of a problem that BTNS > will introduce to gateways that think that they have a workable global PKI. More specifically, in the process of fleshing out detailed examples including detailed PADs and SPDs we figured out how to describe the IPsec wildcard PAD entry problem, and that multiple wildcard PAD entries have more security considerations than a single wildcard PAD entry at the end of a PAD. The problem can be addressed in several ways, though it isn't fully explored in the draft we submitted. > It needs perhaps 15 minutes to explain, and I will try to write an email to > the list outline the issue, and maybe some diagrams ahead of time. Yes, we'll have some materials to present on this. Nico --