From msec-admin@securemulticast.org Wed Oct 2 07:20:49 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA14921 for ; Wed, 2 Oct 2002 07:20:48 -0400 (EDT) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 62E0653E8B; Wed, 2 Oct 2002 07:17:03 -0400 (EDT) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 1600D53E88 for ; Wed, 2 Oct 2002 07:16:35 -0400 (EDT) Received: (qmail 4714 invoked by uid 3269); 2 Oct 2002 11:21:43 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 4711 invoked from network); 2 Oct 2002 11:21:43 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 2 Oct 2002 11:21:43 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA14810; Wed, 2 Oct 2002 07:19:43 -0400 (EDT) Message-Id: <200210021119.HAA14810@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: mmusic@ietf.org, msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-baugher-mmusic-sdpmediasec-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 02 Oct 2002 07:19:42 -0400 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : SDP Security Descriptions for Media Streams Author(s) : M. Baugher Filename : draft-baugher-mmusic-sdpmediasec-00.txt Pages : 16 Date : 2002-10-1 This Internet Draft gives a generic cryptographic attribute to Session Description Protocol (SDP) media streams. The attribute describes a cryptographic key and other parameters, which serve to configure security for a media stream. This draft also defines the SRTP parameters for the attribute. The SDP crypto attribute requires the services of a data security protocol to secure the SDP message. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-baugher-mmusic-sdpmediasec-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-baugher-mmusic-sdpmediasec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-baugher-mmusic-sdpmediasec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-1141142.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-baugher-mmusic-sdpmediasec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-baugher-mmusic-sdpmediasec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-1141142.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Oct 3 07:13:51 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02158 for ; Thu, 3 Oct 2002 07:13:51 -0400 (EDT) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 1B7085416A; Thu, 3 Oct 2002 07:10:09 -0400 (EDT) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id B59A25416A for ; Thu, 3 Oct 2002 07:09:25 -0400 (EDT) Received: (qmail 81918 invoked by uid 3269); 3 Oct 2002 11:14:36 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 81915 invoked from network); 3 Oct 2002 11:14:36 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 3 Oct 2002 11:14:36 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02111; Thu, 3 Oct 2002 07:12:32 -0400 (EDT) Message-Id: <200210031112.HAA02111@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gkmarch-03.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 03 Oct 2002 07:12:32 -0400 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : Group Key Management Architecture Author(s) : M. Baugher Filename : draft-ietf-msec-gkmarch-03.txt Pages : 32 Date : 2002-10-2 This document presents a group key-management architecture for MSEC. The purpose of this document is to define the common architecture for MSEC group key-management protocols that support a variety of application, transport, and internetwork security protocols. To address these diverse uses, MSEC may need to standardize two or more group key management protocols that have common requirements, abstractions, overall design, and messages. The framework and guidelines in this document allow for a modular and flexible design of group key management protocols for a variety different settings that are specialized to application needs. Comments on this document should be sent to msec@securemulticast.org. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gkmarch-03.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gkmarch-03.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gkmarch-03.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-2140135.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gkmarch-03.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gkmarch-03.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-2140135.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Mon Oct 14 07:27:30 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA14741 for ; Mon, 14 Oct 2002 07:27:30 -0400 (EDT) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 6191953654; Mon, 14 Oct 2002 07:29:01 -0400 (EDT) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 7CDE053646 for ; Mon, 14 Oct 2002 07:28:03 -0400 (EDT) Received: (qmail 32049 invoked by uid 3269); 14 Oct 2002 11:28:03 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 32046 invoked from network); 14 Oct 2002 11:28:03 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 14 Oct 2002 11:28:03 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA14623; Mon, 14 Oct 2002 07:25:52 -0400 (EDT) Message-Id: <200210141125.HAA14623@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gdoi-06.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Mon, 14 Oct 2002 07:25:52 -0400 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : The Group Domain of Interpretation Author(s) : M. Baugher et al. Filename : draft-ietf-msec-gdoi-06.txt Pages : 41 Date : 2002-10-11 This document presents an ISAMKP Domain of Interpretation (DOI) for group key management to support secure group communications. The GDOI manages group security associations, which are used by IPSEC and potentially other data security protocols running at the IP or application layers. These security associations protect one or more key-encrypting keys, traffic-encrypting keys, or data shared by group members. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gdoi-06.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gdoi-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gdoi-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-11133822.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gdoi-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gdoi-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-11133822.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 06:20:18 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28382 for ; Tue, 29 Oct 2002 06:20:18 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 06F06537E2; Tue, 29 Oct 2002 06:22:03 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 1669053770 for ; Tue, 29 Oct 2002 06:21:19 -0500 (EST) Received: (qmail 93394 invoked by uid 3269); 29 Oct 2002 11:21:19 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 93391 invoked from network); 29 Oct 2002 11:21:18 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 29 Oct 2002 11:21:18 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28017; Tue, 29 Oct 2002 06:18:55 -0500 (EST) Message-Id: <200210291118.GAA28017@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ipsec@lists.tislabs.com, msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-bew-ipsec-signatures-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 06:18:54 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : The Use of RSA Signatures within ESP and AH Author(s) : B. Weis Filename : draft-bew-ipsec-signatures-00.txt Pages : 7 Date : 2002-10-28 This memo describes the use of the RSA Signature algorithm [RSA] as an authentication algorithm within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. The use of a digital signature algorithm such as RSA provides origin authentication, even when ESP and AH are used to secure group data flows. Further information on the other components necessary for ESP and AH implementations is provided by [ROADMAP]. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bew-ipsec-signatures-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-bew-ipsec-signatures-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-bew-ipsec-signatures-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-28163512.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-bew-ipsec-signatures-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-bew-ipsec-signatures-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-28163512.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 06:21:33 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28513 for ; Tue, 29 Oct 2002 06:21:33 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 21035537E7; Tue, 29 Oct 2002 06:22:06 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 69C4053770 for ; Tue, 29 Oct 2002 06:21:43 -0500 (EST) Received: (qmail 93417 invoked by uid 3269); 29 Oct 2002 11:21:43 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 93414 invoked from network); 29 Oct 2002 11:21:43 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 29 Oct 2002 11:21:43 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28153; Tue, 29 Oct 2002 06:19:20 -0500 (EST) Message-Id: <200210291119.GAA28153@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-mesp-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 06:19:20 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : MESP: Multicast Encapsulating Security Payload Author(s) : M. Baugher, R. Canetti et al. Filename : draft-ietf-msec-mesp-00.txt Pages : 16 Date : 2002-10-28 Multicast ESP (MESP) is a security protocol for IP multicast data. MESP extends the IPsec Encapsulating Security Payload (ESP) protocol for multicast operation and supports source message authentication for multicast packets. MESP offers three improvements to IPsec ESP for multicast operation. First, it allows a mix of group-secrecy, group-authentication, and source-authentication transforms to be applied to an MESP packet. Second, it extends ESP to authenticate messages sent by a member of the group using a digital signature or hybrid MAC and signature transform. And third, MESP identifies a security association (SA) using the IP address of the source in addition to the destination address and SPI. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-mesp-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-mesp-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-mesp-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-28163608.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-mesp-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-mesp-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-28163608.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 15:10:25 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA22716 for ; Tue, 29 Oct 2002 15:10:25 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 7132C5382E; Tue, 29 Oct 2002 15:12:15 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 5EC4953823 for ; Wed, 23 Oct 2002 03:18:21 -0400 (EDT) Received: (qmail 63586 invoked by uid 3269); 23 Oct 2002 07:18:21 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 63583 invoked from network); 23 Oct 2002 07:18:20 -0000 Received: from varis.cs.tut.fi (HELO cs.tut.fi) (130.230.4.42) by klesh.pair.com with SMTP; 23 Oct 2002 07:18:20 -0000 Received: from rampe (rampe.atm.tut.fi [130.230.52.68]) by cs.tut.fi (8.8.8/8.8.8) with SMTP id KAA20197; Wed, 23 Oct 2002 10:18:08 +0300 (EET DST) From: "Rami Lehtonen" To: , , , Cc: , "Juha Majalainen" , , Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Subject: [MSEC] Multicast Control Protocol (MCOP) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 23 Oct 2002 10:18:19 +0300 Content-Transfer-Encoding: 7bit FYI -- A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Multicast Control Protocol (MCOP) Author(s) : R. Lehtonen et al. Filename : draft-lehtonen-magma-mcop-01.txt Pages : 34 Date : 2002-10-18 In IP multicast all hosts that join a multicast group (*, G) or (S, G) can receive the multicast traffic. This draft introduces Multicast Control Protocol (MCOP) that makes it possible to selectively enable multicast receiving and sending. MCOP is used between Multicast Control Agent (MCA) and routers that have directly connected multicast sources or receivers. The receiver and source control is done by MCOP enabled routers based on the information received from the MCA. MCOP enabled routers filter IGMP/MLD reports and multicast packets before they reach the IGMP/MLD processing layer or multicast routing stack of the router. MCOP is independent of multicast routing protocols. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-lehtonen-magma-mcop-01.txt -- Comments can be sent to MAGMA working group and/or to the authors. - Rami _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 15:11:24 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA22776 for ; Tue, 29 Oct 2002 15:11:24 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8E1DF53831; Tue, 29 Oct 2002 15:12:17 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 362CB53558 for ; Tue, 29 Oct 2002 09:45:36 -0500 (EST) Received: (qmail 14294 invoked by uid 3269); 29 Oct 2002 14:45:36 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 14291 invoked from network); 29 Oct 2002 14:45:35 -0000 Received: from m5.sparta.com (157.185.61.1) by klesh.pair.com with SMTP; 29 Oct 2002 14:45:35 -0000 Received: from columbia.sparta.com (columbia.sparta.com [157.185.80.205]) by M5.sparta.com (8.12.3/8.12.3) with ESMTP id g9TEjXlU029846 for ; Tue, 29 Oct 2002 08:45:34 -0600 Received: from SNOWBALL (snowball.columbia.sparta.com [157.185.80.119]) by columbia.sparta.com (8.9.1a/8.9.1) with SMTP id JAA09033 for ; Tue, 29 Oct 2002 09:45:32 -0500 (EST) Message-ID: <005b01c27f5a$1c1d4660$7750b99d@SNOWBALL> From: "Peter Lough" To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0058_01C27F30.32AEA7E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: [MSEC] GSAKMP Light Cookies Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 09:47:30 -0500 This is a multi-part message in MIME format. ------=_NextPart_000_0058_01C27F30.32AEA7E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Based on recommendations by Logica, GSAKMP Light will be using Cookies = as an anti-clogging mechanism in it's next revision. The mechanism will = be based on ISAKMP/IKE. Additionally, GSAKMP is being replaced in it's = entirety by GSAKMP Light. The original GSAKMP was originally being = tracked to become an informational RFC; however, the three message = GSAKMP Light transaction is seen as a better overall solution and will = incorporate the information necessary from GSAKMP to stand alone as a = document. When GSAKMP Light is re-released, it will be released as = GSAKMP and will drop the mechanisms from the original five message = transactions that no longer apply to the three message transaction. Peter Lough SPARTA, Inc. ------=_NextPart_000_0058_01C27F30.32AEA7E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Based on recommendations by Logica, = GSAKMP Light=20 will be using Cookies as an anti-clogging mechanism in it's next = revision. =20 The mechanism will be based on ISAKMP/IKE.  Additionally, GSAKMP is = being=20 replaced in it's entirety by GSAKMP Light.  The original GSAKMP was = originally being tracked to become an informational RFC; however, the = three=20 message GSAKMP Light transaction is seen as a better overall solution = and will=20 incorporate the information necessary from GSAKMP to stand alone as a=20 document.  When GSAKMP Light is re-released, it will be released as = GSAKMP=20 and will drop the mechanisms from the original five message transactions = that no=20 longer apply to the three message transaction.
 
Peter Lough
SPARTA, Inc.
------=_NextPart_000_0058_01C27F30.32AEA7E0-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 20:35:37 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA04167 for ; Tue, 29 Oct 2002 20:35:36 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 883AE536EF; Tue, 29 Oct 2002 20:37:19 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id D3E2B53572 for ; Tue, 29 Oct 2002 15:35:02 -0500 (EST) Received: (qmail 76902 invoked by uid 3269); 29 Oct 2002 20:35:02 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 76899 invoked from network); 29 Oct 2002 20:35:01 -0000 Received: from sj-msg-core-4.cisco.com (171.71.163.54) by klesh.pair.com with SMTP; 29 Oct 2002 20:35:01 -0000 Received: from mira-sjc5-6.cisco.com (IDENT:mirapoint@mira-sjc5-6.cisco.com [171.71.163.23]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g9TKZ0ot014887; Tue, 29 Oct 2002 12:35:00 -0800 (PST) Received: from CSCOAMERA13263.cisco.com (sjc-vpn3-578.cisco.com [10.21.66.66]) by mira-sjc5-6.cisco.com (Mirapoint Messaging Server MOS 3.1.0.66-GA) with ESMTP id AAU21538; Tue, 29 Oct 2002 12:31:24 -0800 (PST) Message-Id: <5.1.1.5.2.20021029123356.0210f6d0@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 To: "Peter Lough" From: Mark Baugher Subject: Re: [MSEC] GSAKMP Light Cookies Cc: In-Reply-To: <005b01c27f5a$1c1d4660$7750b99d@SNOWBALL> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 12:34:56 -0800 hi Peter when I read that you all are incorporating additional ISAKMP features, I have to ask the question: What are the significant differentiators between GSAKMP Light and GDOI? regards, Mark At 09:47 AM 10/29/2002 -0500, Peter Lough wrote: > >Based on recommendations by Logica, GSAKMP Light will be using Cookies as >an anti-clogging mechanism in it's next revision. The mechanism will be >based on ISAKMP/IKE. Additionally, GSAKMP is being replaced in it's >entirety by GSAKMP Light. The original GSAKMP was originally being >tracked to become an informational RFC; however, the three message GSAKMP >Light transaction is seen as a better overall solution and will >incorporate the information necessary from GSAKMP to stand alone as a >document. When GSAKMP Light is re-released, it will be released as GSAKMP >and will drop the mechanisms from the original five message transactions >that no longer apply to the three message transaction. > >Peter Lough >SPARTA, Inc. _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 20:38:44 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA04221 for ; Tue, 29 Oct 2002 20:38:43 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 9DDD1537DA; Tue, 29 Oct 2002 20:40:33 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id E0D8453572 for ; Tue, 29 Oct 2002 15:35:32 -0500 (EST) Received: (qmail 76985 invoked by uid 3269); 29 Oct 2002 20:35:32 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 76982 invoked from network); 29 Oct 2002 20:35:31 -0000 Received: from sj-msg-core-1.cisco.com (171.71.163.11) by klesh.pair.com with SMTP; 29 Oct 2002 20:35:31 -0000 Received: from mira-sjc5-6.cisco.com (IDENT:mirapoint@mira-sjc5-6.cisco.com [171.71.163.23]) by sj-msg-core-1.cisco.com (8.12.2/8.12.2) with ESMTP id g9TKZVPP009123 for ; Tue, 29 Oct 2002 12:35:31 -0800 (PST) Received: from CSCOAMERA13263.cisco.com (sjc-vpn3-578.cisco.com [10.21.66.66]) by mira-sjc5-6.cisco.com (Mirapoint Messaging Server MOS 3.1.0.66-GA) with ESMTP id AAU21553; Tue, 29 Oct 2002 12:31:55 -0800 (PST) Message-Id: <5.1.1.5.2.20021029123521.0210f6d0@agora.rdrop.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 To: msec@securemulticast.org From: Mark Baugher Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] Re: I-D ACTION:draft-ietf-msec-mesp-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 12:35:28 -0800 Folks, We updated this draft to fix an error and also a diagram, which was very confusing. So, the I-D you should work from is at http://www.rdrop.com/users/mbaugher/I-D/draft-ietf-msec-mesp-00.txt thanks, Mark At 06:19 AM 10/29/2002 -0500, Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the Multicast Security Working Group of the IETF. > > Title : MESP: Multicast Encapsulating Security Payload > Author(s) : M. Baugher, R. Canetti et al. > Filename : draft-ietf-msec-mesp-00.txt > Pages : 16 > Date : 2002-10-28 > >Multicast ESP (MESP) is a security protocol for IP multicast data. >MESP extends the IPsec Encapsulating Security Payload (ESP) protocol >for multicast operation and supports source message authentication >for multicast packets. MESP offers three improvements to IPsec ESP >for multicast operation. First, it allows a mix of group-secrecy, >group-authentication, and source-authentication transforms to be >applied to an MESP packet. Second, it extends ESP to authenticate >messages sent by a member of the group using a digital signature or >hybrid MAC and signature transform. And third, MESP identifies a >security association (SA) using the IP address of the source in >addition to the destination address and SPI. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-msec-mesp-00.txt > >To remove yourself from the IETF Announcement list, send a message to >ietf-announce-request with the word unsubscribe in the body of the message. > >Internet-Drafts are also available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-msec-mesp-00.txt". > >A list of Internet-Drafts directories can be found in >http://www.ietf.org/shadow.html >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > >Internet-Drafts can also be obtained by e-mail. > >Send a message to: > mailserv@ietf.org. >In the body type: > "FILE /internet-drafts/draft-ietf-msec-mesp-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <2002-10-28163608.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-msec-mesp-00.txt > > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Oct 29 20:39:20 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA04239 for ; Tue, 29 Oct 2002 20:39:20 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0430153867; Tue, 29 Oct 2002 20:40:59 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id C9D085382A for ; Tue, 29 Oct 2002 18:34:01 -0500 (EST) Received: (qmail 5110 invoked by uid 3269); 29 Oct 2002 23:34:01 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 5107 invoked from network); 29 Oct 2002 23:34:01 -0000 Received: from sj-msg-core-3.cisco.com (171.70.157.152) by klesh.pair.com with SMTP; 29 Oct 2002 23:34:01 -0000 Received: from mira-sjc5-6.cisco.com (IDENT:mirapoint@mira-sjc5-6.cisco.com [171.71.163.23]) by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id g9TNXpxF021951 for ; Tue, 29 Oct 2002 15:33:53 -0800 (PST) Received: from CSCOAMERA13263.cisco.com (sjc-vpn3-578.cisco.com [10.21.66.66]) by mira-sjc5-6.cisco.com (Mirapoint Messaging Server MOS 3.1.0.66-GA) with ESMTP id AAU27132; Tue, 29 Oct 2002 15:30:18 -0800 (PST) Message-Id: <5.1.1.5.2.20021029153351.02119be8@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 To: msec@securemulticast.org From: Mark Baugher Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] Re: I-D ACTION:draft-ietf-msec-mesp-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 29 Oct 2002 15:33:53 -0800 Folks, We updated this draft to fix an error and also a diagram, which was very confusing. So, the I-D you should work from is at http://www.rdrop.com/users/mbaugher/I-D/draft-ietf-msec-mesp-00.txt thanks, Mark At 06:19 AM 10/29/2002 -0500, Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the Multicast Security Working Group of the IETF. > > Title : MESP: Multicast Encapsulating Security Payload > Author(s) : M. Baugher, R. Canetti et al. > Filename : draft-ietf-msec-mesp-00.txt > Pages : 16 > Date : 2002-10-28 > >Multicast ESP (MESP) is a security protocol for IP multicast data. >MESP extends the IPsec Encapsulating Security Payload (ESP) protocol >for multicast operation and supports source message authentication >for multicast packets. MESP offers three improvements to IPsec ESP >for multicast operation. First, it allows a mix of group-secrecy, >group-authentication, and source-authentication transforms to be >applied to an MESP packet. Second, it extends ESP to authenticate >messages sent by a member of the group using a digital signature or >hybrid MAC and signature transform. And third, MESP identifies a >security association (SA) using the IP address of the source in >addition to the destination address and SPI. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-msec-mesp-00.txt > >To remove yourself from the IETF Announcement list, send a message to >ietf-announce-request with the word unsubscribe in the body of the message. > >Internet-Drafts are also available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-msec-mesp-00.txt". > >A list of Internet-Drafts directories can be found in >http://www.ietf.org/shadow.html >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > >Internet-Drafts can also be obtained by e-mail. > >Send a message to: > mailserv@ietf.org. >In the body type: > "FILE /internet-drafts/draft-ietf-msec-mesp-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <2002-10-28163608.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-msec-mesp-00.txt > > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 08:08:54 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA13224 for ; Wed, 30 Oct 2002 08:08:53 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 4175C537A9; Wed, 30 Oct 2002 08:10:46 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id B953253623 for ; Wed, 30 Oct 2002 08:09:29 -0500 (EST) Received: (qmail 89306 invoked by uid 3269); 30 Oct 2002 13:09:29 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 89303 invoked from network); 30 Oct 2002 13:09:29 -0000 Received: from prue.eim.surrey.ac.uk (131.227.76.5) by klesh.pair.com with SMTP; 30 Oct 2002 13:09:29 -0000 Received: from ccsrnrpc16.ee.surrey.ac.uk ([131.227.88.65] helo=eim.surrey.ac.uk) by prue.eim.surrey.ac.uk with esmtp (Exim 3.33 #4) id 186sav-0001Io-00 for msec@securemulticast.org; Wed, 30 Oct 2002 13:09:13 +0000 Message-ID: <3DBFD9F8.9B313D72@eim.surrey.ac.uk> From: Haitham Cruickshank Organization: CCSR X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: msec@securemulticast.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-100.7 required=7.0 tests=AWL,NOSPAM_INC,SPAM_PHRASE_01_02,USER_AGENT_MOZILLA_XM, USER_IN_WHITELIST,X_ACCEPT_LANG version=2.43 X-Scanner: exiscan *186sav-0001Io-00*bWLr6DDHdtc* (SECM, UniS) Subject: [MSEC] msec - group security policy Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 13:09:12 +0000 Content-Transfer-Encoding: 7bit Hi All, Does anybody know, if there is a standard group policy token that can be used by secure group key management systems. This is important for people who are implementing GDOI or GSAKMP, where details of the policy functions and structures are required. Many thanks. Haitham -- Dr. Haitham S. Cruickshank Senior Research Fellow in Communications Centre for Communication Systems Research (CCSR) School of Electronics, Computing and Mathematics University of Surrey Guildford, Surrey GU2 7XH, UK Tel: +44 1483 686007 (indirect 689844) Fax: +44 1483 686011 e-mail: H.Cruickshank@surrey.ac.uk http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 09:42:38 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA16816 for ; Wed, 30 Oct 2002 09:42:37 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id A914453606; Wed, 30 Oct 2002 09:44:29 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id BA61B53674 for ; Wed, 30 Oct 2002 09:43:23 -0500 (EST) Received: (qmail 5815 invoked by uid 3269); 30 Oct 2002 14:43:23 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 5812 invoked from network); 30 Oct 2002 14:43:23 -0000 Received: from m5.sparta.com (157.185.61.1) by klesh.pair.com with SMTP; 30 Oct 2002 14:43:23 -0000 Received: from columbia.sparta.com (columbia.sparta.com [157.185.80.205]) by M5.sparta.com (8.12.3/8.12.3) with ESMTP id g9UEhKlU028363; Wed, 30 Oct 2002 08:43:21 -0600 Received: from SNOWBALL (snowball.columbia.sparta.com [157.185.80.119]) by columbia.sparta.com (8.9.1a/8.9.1) with SMTP id JAA19325; Wed, 30 Oct 2002 09:43:19 -0500 (EST) Message-ID: <005f01c28022$f8259090$7750b99d@SNOWBALL> From: "Peter Lough" To: "Haitham Cruickshank" Cc: References: <3DBFD9F8.9B313D72@eim.surrey.ac.uk> Subject: Re: [MSEC] msec - group security policy MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 09:45:18 -0500 Content-Transfer-Encoding: 7bit Haitham, To the best of my knowledge, GDOI does not use a policy token. Thomas Hardjono et al published an ID (draft-ietf-msec-gspt-01) last year on a Group Security Policy Token that described a set of elements that make up a policy token for a given group and defined a mapping for an IPSec Policy Token, but no standard exists. GSAKMP will be releasing the first revision of our policy token in the near future. Sunil Iyengar in your department has an advanced copy of it if you would like to review it. Our policy token was created as a general implementation that could provide a general use cryptographic key with extensible authorizations, access controls and mechanisms. The current plan is to release it as an appendix to GSAKMP and later move it to a stand alone specification. Peter Lough SPARTA, Inc. ----- Original Message ----- From: "Haitham Cruickshank" To: Sent: Wednesday, October 30, 2002 8:09 AM Subject: [MSEC] msec - group security policy > Hi All, > > Does anybody know, if there is a standard group policy token that can be > used by secure group key management systems. This is important for > people who are implementing GDOI or GSAKMP, where details of the policy > functions and structures are required. > > Many thanks. > Haitham > > -- > Dr. Haitham S. Cruickshank > > Senior Research Fellow in Communications > Centre for Communication Systems Research (CCSR) > School of Electronics, Computing and Mathematics > University of Surrey > Guildford, Surrey GU2 7XH, UK > > Tel: +44 1483 686007 (indirect 689844) > Fax: +44 1483 686011 > e-mail: H.Cruickshank@surrey.ac.uk > http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 10:36:10 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA20419 for ; Wed, 30 Oct 2002 10:36:10 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8D7D953633; Wed, 30 Oct 2002 10:38:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 9D8F25355A for ; Wed, 30 Oct 2002 10:37:44 -0500 (EST) Received: (qmail 19961 invoked by uid 3269); 30 Oct 2002 15:37:44 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 19958 invoked from network); 30 Oct 2002 15:37:44 -0000 Received: from prue.eim.surrey.ac.uk (131.227.76.5) by klesh.pair.com with SMTP; 30 Oct 2002 15:37:44 -0000 Received: from ccsrnrpc16.ee.surrey.ac.uk ([131.227.88.65] helo=eim.surrey.ac.uk) by prue.eim.surrey.ac.uk with esmtp (Exim 3.33 #4) id 186uuT-0006GB-00; Wed, 30 Oct 2002 15:37:33 +0000 Message-ID: <3DBFFCB9.46DC6DE4@eim.surrey.ac.uk> From: Haitham Cruickshank Organization: CCSR X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Lough Cc: msec@securemulticast.org Subject: Re: [MSEC] msec - group security policy References: <3DBFD9F8.9B313D72@eim.surrey.ac.uk> <005f01c28022$f8259090$7750b99d@SNOWBALL> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-102.2 required=7.0 tests=AWL,EMAIL_ATTRIBUTION,NOSPAM_INC,QUOTED_EMAIL_TEXT, REFERENCES,SPAM_PHRASE_01_02,USER_AGENT_MOZILLA_XM, USER_IN_WHITELIST,X_ACCEPT_LANG version=2.43 X-Scanner: exiscan *186uuT-0006GB-00*SO4Mh6diDlU* (SECM, UniS) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 15:37:29 +0000 Content-Transfer-Encoding: 7bit Hi Peter, Peter Lough wrote: > Haitham, > > To the best of my knowledge, GDOI does not use a policy token. Thomas > Hardjono et al published an ID (draft-ietf-msec-gspt-01) last year on a > Group Security Policy Token that described a set of elements that make up a > policy token for a given group and defined a mapping for an IPSec Policy > Token, but no standard exists. > > GSAKMP will be releasing the first revision of our policy token in the near > future. Sunil Iyengar in your department has an advanced copy of it if you > would like to review it. I know that, of course. > Our policy token was created as a general > implementation that could provide a general use cryptographic key with > extensible authorizations, access controls and mechanisms. That is good. My real question to msec group is to find consensus for a standard way to define and implement group security policies. > > > The current plan is to release it as an appendix to GSAKMP and later move it > to a stand alone specification. That is great and many thanks. Haitham > > > Peter Lough > SPARTA, Inc. > > ----- Original Message ----- > From: "Haitham Cruickshank" > To: > Sent: Wednesday, October 30, 2002 8:09 AM > Subject: [MSEC] msec - group security policy > > > Hi All, > > > > Does anybody know, if there is a standard group policy token that can be > > used by secure group key management systems. This is important for > > people who are implementing GDOI or GSAKMP, where details of the policy > > functions and structures are required. > > > > Many thanks. > > Haitham > > > > -- > > Dr. Haitham S. Cruickshank > > > > Senior Research Fellow in Communications > > Centre for Communication Systems Research (CCSR) > > School of Electronics, Computing and Mathematics > > University of Surrey > > Guildford, Surrey GU2 7XH, UK > > > > Tel: +44 1483 686007 (indirect 689844) > > Fax: +44 1483 686011 > > e-mail: H.Cruickshank@surrey.ac.uk > > http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > > > > > > _______________________________________________ > > msec mailing list > > msec@securemulticast.org > > http://www.pairlist.net/mailman/listinfo/msec > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec -- Dr. Haitham S. Cruickshank Senior Research Fellow in Communications Centre for Communication Systems Research (CCSR) School of Electronics, Computing and Mathematics University of Surrey Guildford, Surrey GU2 7XH, UK Tel: +44 1483 686007 (indirect 689844) Fax: +44 1483 686011 e-mail: H.Cruickshank@surrey.ac.uk http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 12:44:12 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28594 for ; Wed, 30 Oct 2002 12:44:12 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8C45B53821; Wed, 30 Oct 2002 12:46:03 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id CC69553633 for ; Wed, 30 Oct 2002 12:44:28 -0500 (EST) Received: (qmail 41891 invoked by uid 3269); 30 Oct 2002 17:44:28 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 41888 invoked from network); 30 Oct 2002 17:44:28 -0000 Received: from sj-msg-core-4.cisco.com (171.71.163.54) by klesh.pair.com with SMTP; 30 Oct 2002 17:44:28 -0000 Received: from mira-sjc5-6.cisco.com (IDENT:mirapoint@mira-sjc5-6.cisco.com [171.71.163.23]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g9UHhZot014497; Wed, 30 Oct 2002 09:43:53 -0800 (PST) Received: from CSCOAMERA13263.mbaugher.com (sjc-vpn3-710.cisco.com [10.21.66.198]) by mira-sjc5-6.cisco.com (Mirapoint Messaging Server MOS 3.1.0.66-GA) with ESMTP id AAU43914; Wed, 30 Oct 2002 09:39:53 -0800 (PST) Message-Id: <5.1.1.5.2.20021030094035.04a69908@agora.rdrop.com> X-Sender: mbaugher@agora.rdrop.com X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 To: Haitham Cruickshank From: Mark Baugher Subject: Re: [MSEC] msec - group security policy Cc: Peter Lough , msec@securemulticast.org In-Reply-To: <3DBFFCB9.46DC6DE4@eim.surrey.ac.uk> References: <3DBFD9F8.9B313D72@eim.surrey.ac.uk> <005f01c28022$f8259090$7750b99d@SNOWBALL> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 09:43:27 -0800 hello Haitham and Peter, GDOI does not incorporate the policy token. We would like to get an MSEC definition from the policy token. Speaking for myself, it would be a real service to the MSEC WG if some of the people working on the policy token would step up to the task of developing the MSEC I-D on this topic. It sounds like Peter said that he was going to do that? Peter, did you get my earlier question about ISAKMP, GDOI, and GSAKMP? Should I resend it? thanks, Mark At 03:37 PM 10/30/2002 +0000, Haitham Cruickshank wrote: >Hi Peter, > >Peter Lough wrote: > > > Haitham, > > > > To the best of my knowledge, GDOI does not use a policy token. Thomas > > Hardjono et al published an ID (draft-ietf-msec-gspt-01) last year on a > > Group Security Policy Token that described a set of elements that make up a > > policy token for a given group and defined a mapping for an IPSec Policy > > Token, but no standard exists. > > > > GSAKMP will be releasing the first revision of our policy token in the near > > future. Sunil Iyengar in your department has an advanced copy of it if you > > would like to review it. > >I know that, of course. > > > Our policy token was created as a general > > implementation that could provide a general use cryptographic key with > > extensible authorizations, access controls and mechanisms. > >That is good. My real question to msec group is to find consensus for a >standard way to define and implement group security policies. > > > > > > > The current plan is to release it as an appendix to GSAKMP and later > move it > > to a stand alone specification. > >That is great and many thanks. >Haitham > > > > > > > Peter Lough > > SPARTA, Inc. > > > > ----- Original Message ----- > > From: "Haitham Cruickshank" > > To: > > Sent: Wednesday, October 30, 2002 8:09 AM > > Subject: [MSEC] msec - group security policy > > > > > Hi All, > > > > > > Does anybody know, if there is a standard group policy token that can be > > > used by secure group key management systems. This is important for > > > people who are implementing GDOI or GSAKMP, where details of the policy > > > functions and structures are required. > > > > > > Many thanks. > > > Haitham > > > > > > -- > > > Dr. Haitham S. Cruickshank > > > > > > Senior Research Fellow in Communications > > > Centre for Communication Systems Research (CCSR) > > > School of Electronics, Computing and Mathematics > > > University of Surrey > > > Guildford, Surrey GU2 7XH, UK > > > > > > Tel: +44 1483 686007 (indirect 689844) > > > Fax: +44 1483 686011 > > > e-mail: H.Cruickshank@surrey.ac.uk > > > http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > > > > > > > > > > _______________________________________________ > > > msec mailing list > > > msec@securemulticast.org > > > http://www.pairlist.net/mailman/listinfo/msec > > > > > > > _______________________________________________ > > msec mailing list > > msec@securemulticast.org > > http://www.pairlist.net/mailman/listinfo/msec > >-- >Dr. Haitham S. Cruickshank > >Senior Research Fellow in Communications >Centre for Communication Systems Research (CCSR) >School of Electronics, Computing and Mathematics >University of Surrey >Guildford, Surrey GU2 7XH, UK > >Tel: +44 1483 686007 (indirect 689844) >Fax: +44 1483 686011 >e-mail: H.Cruickshank@surrey.ac.uk >http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > >_______________________________________________ >msec mailing list >msec@securemulticast.org >http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 12:50:34 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28929 for ; Wed, 30 Oct 2002 12:50:34 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id ECC3B53834; Wed, 30 Oct 2002 12:52:24 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id CDBB253816 for ; Wed, 30 Oct 2002 12:51:15 -0500 (EST) Received: (qmail 42995 invoked by uid 3269); 30 Oct 2002 17:51:15 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 42992 invoked from network); 30 Oct 2002 17:51:15 -0000 Received: from m5.sparta.com (157.185.61.1) by klesh.pair.com with SMTP; 30 Oct 2002 17:51:15 -0000 Received: from columbia.sparta.com (columbia.sparta.com [157.185.80.205]) by M5.sparta.com (8.12.3/8.12.3) with ESMTP id g9UHp5lU003080; Wed, 30 Oct 2002 11:51:06 -0600 Received: from robin (robin.columbia.sparta.com [157.185.80.228]) by columbia.sparta.com (8.9.1a/8.9.1) with ESMTP id MAA21941; Wed, 30 Oct 2002 12:51:02 -0500 (EST) Message-Id: <4.2.2.20021030125153.013d1160@pop.columbia.sparta.com> X-Sender: hh@pop.columbia.sparta.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 To: Mark Baugher , Haitham Cruickshank From: Hugh Harney Subject: Re: [MSEC] msec - group security policy Cc: Peter Lough , msec@securemulticast.org In-Reply-To: <5.1.1.5.2.20021030094035.04a69908@agora.rdrop.com> References: <3DBFFCB9.46DC6DE4@eim.surrey.ac.uk> <3DBFD9F8.9B313D72@eim.surrey.ac.uk> <005f01c28022$f8259090$7750b99d@SNOWBALL> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 12:53:00 -0500 Mark, We plan on coming up with a proposed MSEC definition of a policy token. We have one 80% completed and are finishing it up. I'm also putting together a detailed response on your earlier query. Hugh At 09:43 AM 10/30/02 -0800, Mark Baugher wrote: >hello Haitham and Peter, > GDOI does not incorporate the policy token. We would like to get an > MSEC definition from the policy token. Speaking for myself, it would be > a real service to the MSEC WG if some of the people working on the policy > token would step up to the task of developing the MSEC I-D on this > topic. It sounds like Peter said that he was going to do that? > > Peter, did you get my earlier question about ISAKMP, GDOI, and > GSAKMP? Should I resend it? > >thanks, Mark > >At 03:37 PM 10/30/2002 +0000, Haitham Cruickshank wrote: >>Hi Peter, >> >>Peter Lough wrote: >> >> > Haitham, >> > >> > To the best of my knowledge, GDOI does not use a policy token. Thomas >> > Hardjono et al published an ID (draft-ietf-msec-gspt-01) last year on a >> > Group Security Policy Token that described a set of elements that make >> up a >> > policy token for a given group and defined a mapping for an IPSec Policy >> > Token, but no standard exists. >> > >> > GSAKMP will be releasing the first revision of our policy token in the >> near >> > future. Sunil Iyengar in your department has an advanced copy of it >> if you >> > would like to review it. >> >>I know that, of course. >> >> > Our policy token was created as a general >> > implementation that could provide a general use cryptographic key with >> > extensible authorizations, access controls and mechanisms. >> >>That is good. My real question to msec group is to find consensus for a >>standard way to define and implement group security policies. >> >> > >> > >> > The current plan is to release it as an appendix to GSAKMP and later >> move it >> > to a stand alone specification. >> >>That is great and many thanks. >>Haitham >> >> > >> > >> > Peter Lough >> > SPARTA, Inc. >> > >> > ----- Original Message ----- >> > From: "Haitham Cruickshank" >> > To: >> > Sent: Wednesday, October 30, 2002 8:09 AM >> > Subject: [MSEC] msec - group security policy >> > >> > > Hi All, >> > > >> > > Does anybody know, if there is a standard group policy token that can be >> > > used by secure group key management systems. This is important for >> > > people who are implementing GDOI or GSAKMP, where details of the policy >> > > functions and structures are required. >> > > >> > > Many thanks. >> > > Haitham >> > > >> > > -- >> > > Dr. Haitham S. Cruickshank >> > > >> > > Senior Research Fellow in Communications >> > > Centre for Communication Systems Research (CCSR) >> > > School of Electronics, Computing and Mathematics >> > > University of Surrey >> > > Guildford, Surrey GU2 7XH, UK >> > > >> > > Tel: +44 1483 686007 (indirect 689844) >> > > Fax: +44 1483 686011 >> > > e-mail: H.Cruickshank@surrey.ac.uk >> > > http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ >> > > >> > > >> > > >> > > _______________________________________________ >> > > msec mailing list >> > > msec@securemulticast.org >> > > http://www.pairlist.net/mailman/listinfo/msec >> > > >> > >> > _______________________________________________ >> > msec mailing list >> > msec@securemulticast.org >> > http://www.pairlist.net/mailman/listinfo/msec >> >>-- >>Dr. Haitham S. Cruickshank >> >>Senior Research Fellow in Communications >>Centre for Communication Systems Research (CCSR) >>School of Electronics, Computing and Mathematics >>University of Surrey >>Guildford, Surrey GU2 7XH, UK >> >>Tel: +44 1483 686007 (indirect 689844) >>Fax: +44 1483 686011 >>e-mail: H.Cruickshank@surrey.ac.uk >>http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ >> >> >> >>_______________________________________________ >>msec mailing list >>msec@securemulticast.org >>http://www.pairlist.net/mailman/listinfo/msec > > >_______________________________________________ >msec mailing list >msec@securemulticast.org >http://www.pairlist.net/mailman/listinfo/msec ________________________________________________________ Hugh Harney hh@sparta.com 410-381-9400 x203 ________________________________________________________ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Oct 30 13:16:09 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA00518 for ; Wed, 30 Oct 2002 13:16:09 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 3802B5378B; Wed, 30 Oct 2002 13:18:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 26B4C5378B for ; Wed, 30 Oct 2002 13:16:15 -0500 (EST) Received: (qmail 48051 invoked by uid 3269); 30 Oct 2002 18:16:15 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 48048 invoked from network); 30 Oct 2002 18:16:15 -0000 Received: from prue.eim.surrey.ac.uk (131.227.76.5) by klesh.pair.com with SMTP; 30 Oct 2002 18:16:14 -0000 Received: from ccsrnrpc16.ee.surrey.ac.uk ([131.227.88.65] helo=eim.surrey.ac.uk) by prue.eim.surrey.ac.uk with esmtp (Exim 3.33 #4) id 186xNq-00047y-00; Wed, 30 Oct 2002 18:16:02 +0000 Message-ID: <3DC021DE.8D3AAC3F@eim.surrey.ac.uk> From: Haitham Cruickshank Organization: CCSR X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Mark Baugher Cc: Peter Lough , msec@securemulticast.org Subject: Re: [MSEC] msec - group security policy References: <3DBFD9F8.9B313D72@eim.surrey.ac.uk> <005f01c28022$f8259090$7750b99d@SNOWBALL> <5.1.1.5.2.20021030094035.04a69908@agora.rdrop.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-102.2 required=7.0 tests=AWL,EMAIL_ATTRIBUTION,NOSPAM_INC,QUOTED_EMAIL_TEXT, REFERENCES,SPAM_PHRASE_01_02,USER_AGENT_MOZILLA_XM, USER_IN_WHITELIST,X_ACCEPT_LANG version=2.43 X-Scanner: exiscan *186xNq-00047y-00*2azOOuizk36* (SECM, UniS) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 30 Oct 2002 18:15:58 +0000 Content-Transfer-Encoding: 7bit Hi Mark and Peter Mark Baugher wrote: > hello Haitham and Peter, > GDOI does not incorporate the policy token. We would like to get an > MSEC definition from the policy token. Speaking for myself, it would be a > real service to the MSEC WG if some of the people working on the policy > token would step up to the task of developing the MSEC I-D on this > topic. It sounds like Peter said that he was going to do that? Yes I totally agree with Mark that a policy token is an important issue and we would like it to be defined as soon as possible. We will be glad to provide input and feedback. Haitham > > > Peter, did you get my earlier question about ISAKMP, GDOI, and > GSAKMP? Should I resend it? > > thanks, Mark > > At 03:37 PM 10/30/2002 +0000, Haitham Cruickshank wrote: > >Hi Peter, > > > >Peter Lough wrote: > > > > > Haitham, > > > > > > To the best of my knowledge, GDOI does not use a policy token. Thomas > > > Hardjono et al published an ID (draft-ietf-msec-gspt-01) last year on a > > > Group Security Policy Token that described a set of elements that make up a > > > policy token for a given group and defined a mapping for an IPSec Policy > > > Token, but no standard exists. > > > > > > GSAKMP will be releasing the first revision of our policy token in the near > > > future. Sunil Iyengar in your department has an advanced copy of it if you > > > would like to review it. > > > >I know that, of course. > > > > > Our policy token was created as a general > > > implementation that could provide a general use cryptographic key with > > > extensible authorizations, access controls and mechanisms. > > > >That is good. My real question to msec group is to find consensus for a > >standard way to define and implement group security policies. > > > > > > > > > > > The current plan is to release it as an appendix to GSAKMP and later > > move it > > > to a stand alone specification. > > > >That is great and many thanks. > >Haitham > > > > > > > > > > > Peter Lough > > > SPARTA, Inc. > > > > > > ----- Original Message ----- > > > From: "Haitham Cruickshank" > > > To: > > > Sent: Wednesday, October 30, 2002 8:09 AM > > > Subject: [MSEC] msec - group security policy > > > > > > > Hi All, > > > > > > > > Does anybody know, if there is a standard group policy token that can be > > > > used by secure group key management systems. This is important for > > > > people who are implementing GDOI or GSAKMP, where details of the policy > > > > functions and structures are required. > > > > > > > > Many thanks. > > > > Haitham > > > > > > > > -- > > > > Dr. Haitham S. Cruickshank > > > > > > > > Senior Research Fellow in Communications > > > > Centre for Communication Systems Research (CCSR) > > > > School of Electronics, Computing and Mathematics > > > > University of Surrey > > > > Guildford, Surrey GU2 7XH, UK > > > > > > > > Tel: +44 1483 686007 (indirect 689844) > > > > Fax: +44 1483 686011 > > > > e-mail: H.Cruickshank@surrey.ac.uk > > > > http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > > > > > > > > > > > > > > _______________________________________________ > > > > msec mailing list > > > > msec@securemulticast.org > > > > http://www.pairlist.net/mailman/listinfo/msec > > > > > > > > > > _______________________________________________ > > > msec mailing list > > > msec@securemulticast.org > > > http://www.pairlist.net/mailman/listinfo/msec > > > >-- > >Dr. Haitham S. Cruickshank > > > >Senior Research Fellow in Communications > >Centre for Communication Systems Research (CCSR) > >School of Electronics, Computing and Mathematics > >University of Surrey > >Guildford, Surrey GU2 7XH, UK > > > >Tel: +44 1483 686007 (indirect 689844) > >Fax: +44 1483 686011 > >e-mail: H.Cruickshank@surrey.ac.uk > >http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ > > > > > > > >_______________________________________________ > >msec mailing list > >msec@securemulticast.org > >http://www.pairlist.net/mailman/listinfo/msec > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec -- Dr. Haitham S. Cruickshank Senior Research Fellow in Communications Centre for Communication Systems Research (CCSR) School of Electronics, Computing and Mathematics University of Surrey Guildford, Surrey GU2 7XH, UK Tel: +44 1483 686007 (indirect 689844) Fax: +44 1483 686011 e-mail: H.Cruickshank@surrey.ac.uk http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Oct 31 03:48:32 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA10561 for ; Thu, 31 Oct 2002 03:48:31 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 5F3C25367F; Thu, 31 Oct 2002 03:50:17 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 27B2253687 for ; Thu, 31 Oct 2002 03:48:24 -0500 (EST) Received: (qmail 9240 invoked by uid 3269); 31 Oct 2002 08:48:24 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 9237 invoked from network); 31 Oct 2002 08:48:23 -0000 Received: from thoth.sbs.de (192.35.17.2) by klesh.pair.com with SMTP; 31 Oct 2002 08:48:23 -0000 Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id g9V8mMx08623 for ; Thu, 31 Oct 2002 09:48:22 +0100 (MET) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id g9V8mMV23819 for ; Thu, 31 Oct 2002 09:48:22 +0100 (MET) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id g9V8mO5V006553 for ; Thu, 31 Oct 2002 09:48:24 +0100 (MET) From: "Steffen Fries" Organization: Siemens AG To: msec@securemulticast.org MIME-Version: 1.0 Reply-To: steffen.fries@siemens.com Message-ID: <3DC0FC65.18121.9E20725@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: [MSEC] MIKEY question Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 31 Oct 2002 09:48:21 +0100 Content-Transfer-Encoding: 7BIT Hi, I'm just working through SRTP and MIKEY protocols. Is it necessary to exchange also the SRTCP index in MIKEY. If yes, how is this parameter being transmitted? Steffen _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Oct 31 06:16:29 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA13307 for ; Thu, 31 Oct 2002 06:16:29 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 16A375363B; Thu, 31 Oct 2002 06:18:19 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 2786E53609 for ; Thu, 31 Oct 2002 06:16:55 -0500 (EST) Received: (qmail 23472 invoked by uid 3269); 31 Oct 2002 11:16:55 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 23469 invoked from network); 31 Oct 2002 11:16:55 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 31 Oct 2002 11:16:55 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA13027; Thu, 31 Oct 2002 06:14:19 -0500 (EST) Message-Id: <200210311114.GAA13027@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-tesla-spec-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 31 Oct 2002 06:14:14 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : TESLA: Multicast Source Authentication Transform Specification Author(s) : R. Canetti, A. Perrig, B. Whillock Filename : draft-ietf-msec-tesla-spec-00.txt Pages : 30 Date : 2002-10-30 Data authentication is an important component for many applications, for example audio and video Internet broadcasts, or data distribution by satellite. This document specifies TESLA, a secure source authen¡ tication mechanism for multicast or broadcast data streams. The com¡ panion draft draft-msec-tesla-intro-01.txt [1] introduces and describes TESLA in detail, this document specifies the format of the TESLA authentication field as it is used within the MESP header [2]. The main deterrents so far for a data authentication mechanism for multicast were seemingly conflicting requirements: tolerance to packet loss, low per-packet overhead, low computation overhead, scal¡ ability, no per-receiver state at the sender. The problem is particu¡ larly hard in settings with high packet loss rates and where lost packets are not retransmitted, and where the receiver wants to authenticate each packet it receives. TESLA provides multicast source authentication of individual data packets, regardless of the packet loss rate. In addition, TESLA features low overhead for both sender and receiver, and does not require per-receiver state at the sender. TESLA is secure as long as the sender and receiver are loosely time synchronized. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-spec-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-tesla-spec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-tesla-spec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2002-10-30155608.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-tesla-spec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-tesla-spec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2002-10-30155608.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Oct 31 07:14:46 2002 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA15416 for ; Thu, 31 Oct 2002 07:14:45 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 2DE825384F; Thu, 31 Oct 2002 07:16:18 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 267615366F for ; Thu, 31 Oct 2002 07:15:53 -0500 (EST) Received: (qmail 28385 invoked by uid 3269); 31 Oct 2002 12:15:53 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 28382 invoked from network); 31 Oct 2002 12:15:52 -0000 Received: from penguin-ext.wise.edt.ericsson.se (HELO penguin.wise.edt.ericsson.se) (193.180.251.47) by klesh.pair.com with SMTP; 31 Oct 2002 12:15:52 -0000 Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id g9VCFpQ3009427; Thu, 31 Oct 2002 13:15:51 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2655.55) id ; Thu, 31 Oct 2002 13:15:51 +0100 Message-ID: <4E85E49D1F0CBF4F96EA08E335750D7D028386A9@Esealnt877.al.sw.ericsson.se> From: "Elisabetta Carrara (EAB)" To: "'steffen.fries@siemens.com'" Cc: msec@securemulticast.org Subject: RE: [MSEC] MIKEY question MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 31 Oct 2002 13:16:06 +0100 Hi Steffen, no, we don't believe it is needed as we could not identify any serious attack. cheers /E > -----Original Message----- > From: Steffen Fries [mailto:steffen.fries@siemens.com] > Sent: den 31 oktober 2002 09:48 > To: msec@securemulticast.org > Subject: [MSEC] MIKEY question > > > Hi, > > I'm just working through SRTP and MIKEY protocols. > > Is it necessary to exchange also the SRTCP index in MIKEY. If > yes, how is this parameter being transmitted? > > Steffen > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec