From msec-admin@securemulticast.org Mon Nov 3 12:36:39 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA11844 for ; Mon, 3 Nov 2003 12:36:39 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 6CA035380D; Mon, 3 Nov 2003 12:36:12 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 08C1953910 for ; Mon, 3 Nov 2003 12:34:23 -0500 (EST) Received: (qmail 58709 invoked by uid 3269); 3 Nov 2003 17:34:23 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 58705 invoked from network); 3 Nov 2003 17:34:22 -0000 Received: from sj-iport-5.cisco.com (171.68.10.87) by klesh.pair.com with SMTP; 3 Nov 2003 17:34:22 -0000 Received: from cisco.com (64.102.124.13) by sj-iport-5.cisco.com with ESMTP; 03 Nov 2003 09:35:16 -0800 Received: from cscoamera13263.cisco.com (rtp-vpn2-88.cisco.com [10.82.240.88]) by rtp-core-2.cisco.com (8.12.9/8.12.6) with ESMTP id hA3HYJRM014123 for ; Mon, 3 Nov 2003 12:34:20 -0500 (EST) Message-Id: <6.0.0.22.2.20031103093302.038710f0@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 To: msec@securemulticast.org From: Mark Baugher Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] I see we conflict with avt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Mon, 03 Nov 2003 09:34:16 -0800 hi I thought we were going to request that we not conflict with avt and mmusic in the IETF schedule. I'm sure it's too late to change the schedule, so please pardon my whining. Mark _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 4 19:54:37 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA13641 for ; Tue, 4 Nov 2003 19:54:34 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8101A536BE; Tue, 4 Nov 2003 19:53:53 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id AE25A5368F for ; Tue, 4 Nov 2003 19:51:17 -0500 (EST) Received: (qmail 41784 invoked by uid 3269); 5 Nov 2003 00:51:17 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 41781 invoked from network); 5 Nov 2003 00:51:17 -0000 Received: from web12506.mail.yahoo.com (216.136.173.198) by klesh.pair.com with SMTP; 5 Nov 2003 00:51:17 -0000 Message-ID: <20031105005111.48768.qmail@web12506.mail.yahoo.com> Received: from [65.205.251.51] by web12506.mail.yahoo.com via HTTP; Tue, 04 Nov 2003 16:51:11 PST From: Thomas Hardjono To: msec@securemulticast.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [MSEC] MSEC Agenda for Minneapolis as of today Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 4 Nov 2003 16:51:11 -0800 (PST) Folks, Here is the MSEC Agenda as of today. Note that there is a strong possibility MSEC will not meet in Korea in March 2004. Thus, if you have some work items/issues to discuss, this coming MSEC meeting would be opportune. MSEC WG Agenda: --------------- - Review of WG status (T. Hardjono/R. Canetti) - GSAKMP Update (H. Harney/A. Colegrove) - MSEC and AAA/Diameter (G. Gross) - State of DHHMAC-04 (M. Euchner) Please email Ran/Thomas for corrections/additions. Note that at the moment MSEC will meet on: MONDAY, November 10, 2003 0900-1130 Morning Sessions Regards Thomas/Ran ---------- __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 5 09:06:14 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05980 for ; Wed, 5 Nov 2003 09:06:13 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 7AB85537C6; Wed, 5 Nov 2003 08:59:47 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 2FB265364F for ; Tue, 4 Nov 2003 13:39:53 -0500 (EST) Received: (qmail 69322 invoked by uid 3269); 4 Nov 2003 18:39:53 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 69319 invoked from network); 4 Nov 2003 18:39:53 -0000 Received: from peacock.verisign.com (65.205.251.73) by klesh.pair.com with SMTP; 4 Nov 2003 18:39:53 -0000 Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.10/) with ESMTP id hA4IdpPD029991; Tue, 4 Nov 2003 10:39:52 -0800 (PST) Received: from mou1thardjon-l1.verisign.com (mou1thardjon-l1.vcorp.ad.vrsn.com [10.25.161.230]) by mou1wnexc02.vcorp.ad.vrsn.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id V93QH24Q; Tue, 4 Nov 2003 10:39:51 -0800 Message-Id: <6.0.0.22.2.20031104103528.01d996e0@pop.mail.yahoo.com> X-Sender: thardjono@MOU1WNEXM03.verisign.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 To: msec@securemulticast.org From: Thomas Hardjono Cc: thardjono@verisign.com, canetti@watson.ibm.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] MSEC Agenda for Minneapolis as of today Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 04 Nov 2003 10:39:47 -0800 Folks, Here is the MSEC Agenda as of today. Note that there is a strong possibility MSEC will not meet in Korea in March 2004. Thus, if you have some work items/issues to discuss, this coming MSEC meeting would be opportune. MSEC WG Agenda: --------------- - Review of WG status (T. Hardjono/R. Canetti) - GSAKMP Update (H. Harney/A. Colegrove) - MSEC and AAA/Diameter (G. Gross) - State of DHHMAC-04 (M. Euchner) Please email Ran/Thomas for corrections/additions. Note that at the moment MSEC will meet on: MONDAY, November 10, 2003 0900-1130 Morning Sessions Regards Thomas/Ran ---------- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 11 23:01:17 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA06637 for ; Tue, 11 Nov 2003 23:01:17 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 84AE5536D0; Tue, 11 Nov 2003 22:56:37 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 19BB353649 for ; Tue, 11 Nov 2003 22:55:36 -0500 (EST) Received: (qmail 1179 invoked by uid 3269); 12 Nov 2003 03:55:36 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 1176 invoked from network); 12 Nov 2003 03:55:35 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 12 Nov 2003 03:55:35 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hAC3tP030582; Tue, 11 Nov 2003 22:55:25 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hAC3tPi43804; Tue, 11 Nov 2003 22:55:25 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hAC3tIn31084; Tue, 11 Nov 2003 22:55:19 -0500 From: canetti To: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [MSEC] Brief summary of msec meeting at 58th IETF Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 11 Nov 2003 22:55:18 -0500 (EST) Folks, Following is a brief summary of MSEC meeting in 58th IETF, and the expected deliverables within the coming months. (This is NOT the minutes. These will come later.) Ran and Thomas Status and discussion of active I-Ds: * MSEC architecture draft: Past preliminary revision of ADs, to be updated and submitted to IESG. (Was not discussed at the meeting.) * MIKEY draft: Got comments from IESG. Comments and proposed changes were presented. A revised draft to be submitted within few weeks. * GKM architecture draft: Passed WG last call. Comments and proposed changes presented. To be updated and handed over to the ADs within few weeks. * GSAKMP draft: New and greatly updated version was just submitted. Main changes were presented. To be ready for WG last call before next IETF meeting. * DHHMAC draft: Passed WG last call. Main outstanding issue: Does this draft has constituency within MSEC. In discussion some points of merit were pointed out, and it was decided to ask the authors of DHHMAC to elaborate in the daft on the uses of DHHMAC within msec, and hand DHHMAC to the ADs for IESG approval. * MESP document: Old draft to be updated considerably, to reflect the fact that msec has decided to work directly with ESP, following the incorporation of MSEC's needs into IPSEC's ESPbis. New version to be submitted before the next IETF meeting. Further discussion: * George Gross discussed the interaction of AAA with MSEC's policy token and key management. It was accepted that the duscussion be incorporated within the policy token document. * Ran suggested that there be an additional document that specifies the how MSEC's key management protocols can be used for application-layer data protection protocols such as SRTP or smime. The suggestion was favorably received. Additional expected deliverables before the next IETF: * First version of requirements document * Last call for the TESLA informational draft _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 03:44:25 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA11120 for ; Wed, 12 Nov 2003 03:44:24 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 9DD8253560; Wed, 12 Nov 2003 03:44:04 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 2A99253560 for ; Wed, 12 Nov 2003 03:42:31 -0500 (EST) Received: (qmail 86907 invoked by uid 3269); 12 Nov 2003 08:42:31 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 86904 invoked from network); 12 Nov 2003 08:42:30 -0000 Received: from mgw-x4.nokia.com (131.228.20.27) by klesh.pair.com with SMTP; 12 Nov 2003 08:42:30 -0000 Received: from esvir03nok.nokia.com (esvir03nokt.ntc.nokia.com [172.21.143.35]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id hAC8gSs21969 for ; Wed, 12 Nov 2003 10:42:29 +0200 (EET) Received: from esebh003.NOE.Nokia.com (unverified) by esvir03nok.nokia.com (Content Technologies SMTPRS 4.2.5) with ESMTP id ; Wed, 12 Nov 2003 10:42:28 +0200 Received: from esebh005.NOE.Nokia.com ([172.21.138.86]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6139); Wed, 12 Nov 2003 10:42:28 +0200 Received: from esebe022.NOE.Nokia.com ([172.21.138.113]) by esebh005.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Wed, 12 Nov 2003 10:42:28 +0200 Received: from trebe003.NOE.Nokia.com ([172.22.232.175]) by esebe022.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Wed, 12 Nov 2003 10:42:26 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF Message-ID: <2BF0AD29BC31FE46B7887732114404310357E7B8@trebe003.europe.nokia.com> Thread-Topic: [MSEC] Brief summary of msec meeting at 58th IETF Thread-Index: AcOo0ab2jDFdgoaPSHahjzcwvqhh9QAJwYXg From: To: , , , X-OriginalArrivalTime: 12 Nov 2003 08:42:26.0353 (UTC) FILETIME=[E62C6210:01C3A8F8] Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 10:42:25 +0200 Content-Transfer-Encoding: quoted-printable (Sorry for my ignorance but...) Why is Tesla going informational - it may not help the Internet = Community much there. Rod. > -----Original Message----- > From: msec-admin@securemulticast.org > Subject: [MSEC] Brief summary of msec meeting at 58th IETF >=20 > Folks, >=20 > Following is a brief summary of MSEC meeting in 58th IETF, and the > expected deliverables within the coming months. (This is NOT > the minutes. These will come later.) ... > * Last call for the TESLA informational draft _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 07:16:43 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA15271 for ; Wed, 12 Nov 2003 07:16:43 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0212153651; Wed, 12 Nov 2003 07:14:57 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 640B35354C for ; Wed, 12 Nov 2003 07:13:23 -0500 (EST) Received: (qmail 21273 invoked by uid 3269); 12 Nov 2003 12:13:19 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 21270 invoked from network); 12 Nov 2003 12:13:19 -0000 Received: from sj-iport-2-in.cisco.com (HELO sj-iport-2.cisco.com) (171.71.176.71) by klesh.pair.com with SMTP; 12 Nov 2003 12:13:19 -0000 Received: from cisco.com (171.71.177.238) by sj-iport-2.cisco.com with ESMTP; 12 Nov 2003 04:15:26 -0800 Received: from cscoamera13263.cisco.com (sjc-vpn4-147.cisco.com [10.21.80.147]) by sj-core-5.cisco.com (8.12.9/8.12.6) with ESMTP id hACCD2mZ027475; Wed, 12 Nov 2003 04:13:13 -0800 (PST) Message-Id: <6.0.0.22.2.20031112034931.0367b810@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 To: canetti From: Mark Baugher Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org, Euchner Martin ICN M SR 3 In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 04:12:59 -0800 Ran, At 07:55 PM 11/11/2003, canetti wrote: >Folks, > >Following is a brief summary of MSEC meeting in 58th IETF, and the >expected deliverables within the coming months. (This is NOT >the minutes. These will come later.) > > >Ran and Thomas > > >Status and discussion of active I-Ds: > >* MSEC architecture draft: Past preliminary revision of ADs, to be updated > and submitted to IESG. (Was not discussed at the meeting.) > >* MIKEY draft: Got comments from IESG. Comments and proposed changes were > presented. A revised draft to be submitted within few weeks. > >* GKM architecture draft: Passed WG last call. Comments and proposed changes > presented. To be updated and handed over to the ADs within few weeks. > >* GSAKMP draft: New and greatly updated version was just submitted. > Main changes were presented. To be ready for WG last call before > next IETF meeting. > >* DHHMAC draft: Passed WG last call. Main outstanding issue: Does this draft > has constituency within MSEC. In discussion some points of merit were > pointed out, and it was decided to ask the authors of DHHMAC to elaborate > in the daft on the uses of DHHMAC within msec, and hand DHHMAC to the ADs > for IESG approval. I recorded in the minutes that Steffen offered a rationale for including DHHMAC in MSEC, namely, DHHMAC better aligns MIKEY with the ITU H.323 teleconferencing security specification, H.325. We might want to discuss this further. We need people who have both read and understood the H.325 specification to evaluate this proposition. Mark >* MESP document: Old draft to be updated considerably, to reflect the fact > that msec has decided to work directly with ESP, following the > incorporation of MSEC's needs into IPSEC's ESPbis. New version to be > submitted before the next IETF meeting. > >Further discussion: > >* George Gross discussed the interaction of AAA with MSEC's policy token and > key management. It was accepted that the duscussion be incorporated > within the policy token document. > >* Ran suggested that there be an additional document that specifies the how > MSEC's key management protocols can be used for application-layer data > protection protocols such as SRTP or smime. The suggestion was favorably > received. > >Additional expected deliverables before the next IETF: > >* First version of requirements document >* Last call for the TESLA informational draft > > > >_______________________________________________ >msec mailing list >msec@securemulticast.org >http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 08:08:25 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16363 for ; Wed, 12 Nov 2003 08:08:25 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 7E11753647; Wed, 12 Nov 2003 08:08:05 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id C913953588 for ; Wed, 12 Nov 2003 08:07:24 -0500 (EST) Received: (qmail 29161 invoked by uid 3269); 12 Nov 2003 13:07:24 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 29157 invoked from network); 12 Nov 2003 13:07:24 -0000 Received: from david.siemens.de (192.35.17.14) by klesh.pair.com with SMTP; 12 Nov 2003 13:07:24 -0000 Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by david.siemens.de (8.11.7/8.11.7) with ESMTP id hACD73t04227; Wed, 12 Nov 2003 14:07:03 +0100 (MET) Received: from moody.mchh.siemens.de (moody.mchh.siemens.de [139.21.205.85]) by mail3.siemens.de (8.11.7/8.11.7) with ESMTP id hACD70d07767; Wed, 12 Nov 2003 14:07:00 +0100 (MET) Received: from mchh248e.mchh.siemens.de (mchh248e.mchh.siemens.de [139.21.200.58]) by moody.mchh.siemens.de (8.9.3/8.9.1) with ESMTP id OAA19643; Wed, 12 Nov 2003 14:06:52 +0100 (MET) Received: by mchh248e.mchh.siemens.de with Internet Mail Service (5.5.2653.19) id ; Wed, 12 Nov 2003 14:06:51 +0100 Message-ID: <8C878B55C96F924389908D4A7384842A48BD41@mchh2c7e.mchh.siemens.de> From: Euchner Martin To: "'Mark Baugher'" , canetti Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org, Euchner Martin Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 14:06:45 +0100 Mark, many thanks. This was roughly also my understanding from the far side, as far as I understood the outcome of the discussion from what Steffen reported to me. I'll try to provide clarifications for DHHMAC within H.235 usage and incorporate them into an updated ID (-05). That version will also address the other issues as presented. (Note: H.325 does not exist, so you certainly reference H.235) With kind regards Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Rapporteur Q.G/SG16 | Martin Euchner Phone: +49 89 722 55790 | Siemens AG.....................Fax : +49 89 722 62366 | ICN M SR 3 mailto:Martin.Euchner@siemens.com | mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://ietf.icn.siemens.de/sr3/Standardisation_Topics/security/ | D-81359 Muenchen Internet: http://www.siemens.de/ | __________________ | Germany ----------------------------------------------------------------------- -----Original Message----- From: Mark Baugher [mailto:mbaugher@cisco.com] Sent: Wednesday, November 12, 2003 1:13 PM To: canetti Cc: housley@vigilsec.com; smb@research.att.com; msec@securemulticast.org; Euchner Martin ICN M SR 3 Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF > >* DHHMAC draft: Passed WG last call. Main outstanding issue: Does this draft > has constituency within MSEC. In discussion some points of merit were > pointed out, and it was decided to ask the authors of DHHMAC to elaborate > in the daft on the uses of DHHMAC within msec, and hand DHHMAC to the ADs > for IESG approval. I recorded in the minutes that Steffen offered a rationale for including DHHMAC in MSEC, namely, DHHMAC better aligns MIKEY with the ITU H.323 teleconferencing security specification, H.325. We might want to discuss this further. We need people who have both read and understood the H.325 specification to evaluate this proposition. Mark _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 08:26:38 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16707 for ; Wed, 12 Nov 2003 08:26:37 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 364345365F; Wed, 12 Nov 2003 08:26:15 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 2AB3E53588 for ; Wed, 12 Nov 2003 08:25:06 -0500 (EST) Received: (qmail 34783 invoked by uid 3269); 12 Nov 2003 13:25:06 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 34780 invoked from network); 12 Nov 2003 13:25:06 -0000 Received: from sj-iport-5.cisco.com (171.68.10.87) by klesh.pair.com with SMTP; 12 Nov 2003 13:25:06 -0000 Received: from cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 12 Nov 2003 05:25:07 -0800 Received: from cscoamera13263.cisco.com (sjc-vpn3-223.cisco.com [10.21.64.223]) by sj-core-3.cisco.com (8.12.6/8.12.6) with ESMTP id hACDOwrY029347; Wed, 12 Nov 2003 05:25:00 -0800 (PST) Message-Id: <6.0.0.22.2.20031112052327.03942120@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 To: Euchner Martin From: Mark Baugher Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF Cc: canetti , housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org, Euchner Martin In-Reply-To: <8C878B55C96F924389908D4A7384842A48BD41@mchh2c7e.mchh.sieme ns.de> References: <8C878B55C96F924389908D4A7384842A48BD41@mchh2c7e.mchh.siemens.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 05:24:55 -0800 At 05:06 AM 11/12/2003, Euchner Martin wrote: >Mark, > >many thanks. This was roughly also my understanding from the far side, as >far as I understood the outcome of the discussion from what Steffen >reported to me. > >I'll try to provide clarifications for DHHMAC within H.235 usage and >incorporate them into an updated ID (-05). That version will also address >the other issues as presented. >(Note: H.325 does not exist, so you certainly reference H.235) yes, I mean H.235. thanks, Mark >With kind regards > >Martin Euchner. >----------------------------------------------------------------------- >| Dipl.-Inf. Rapporteur Q.G/SG16 >| Martin Euchner Phone: +49 89 722 55790 >| Siemens AG.....................Fax : +49 89 722 62366 >| ICN M SR 3 mailto:Martin.Euchner@siemens.com >| mailto:martin.euchner@ties.itu.int >| Hofmannstr. 51 Intranet: >http://ietf.icn.siemens.de/sr3/Standardisation_Topics/security/ >| D-81359 Muenchen Internet: http://www.siemens.de/ >| __________________ >| Germany >----------------------------------------------------------------------- > > -----Original Message----- >From: Mark Baugher [mailto:mbaugher@cisco.com] >Sent: Wednesday, November 12, 2003 1:13 PM >To: canetti >Cc: housley@vigilsec.com; smb@research.att.com; >msec@securemulticast.org; Euchner Martin ICN M SR 3 >Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF > > > >* DHHMAC draft: Passed WG last call. Main outstanding issue: Does this draft > > has constituency within MSEC. In discussion some points of merit were > > pointed out, and it was decided to ask the authors of DHHMAC to elaborate > > in the daft on the uses of DHHMAC within msec, and hand DHHMAC to the ADs > > for IESG approval. > >I recorded in the minutes that Steffen offered a rationale for >including DHHMAC in MSEC, namely, DHHMAC better aligns MIKEY with >the ITU H.323 teleconferencing security specification, H.325. >We might want to discuss this further. We need people who have >both read and understood the H.325 specification to evaluate this >proposition. > > >Mark _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 09:04:22 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17958 for ; Wed, 12 Nov 2003 09:04:22 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 739465367F; Wed, 12 Nov 2003 09:04:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 3A8AD53605 for ; Wed, 12 Nov 2003 09:03:29 -0500 (EST) Received: (qmail 42496 invoked by uid 3269); 12 Nov 2003 14:03:29 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 42493 invoked from network); 12 Nov 2003 14:03:29 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 12 Nov 2003 14:03:29 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hACE3P062024; Wed, 12 Nov 2003 09:03:25 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hACE3PW72656; Wed, 12 Nov 2003 09:03:25 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hACE3Op34466; Wed, 12 Nov 2003 09:03:24 -0500 From: canetti To: Rod.Walsh@nokia.com Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF In-Reply-To: <2BF0AD29BC31FE46B7887732114404310357E7B8@trebe003.europe.nokia.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 09:03:21 -0500 (EST) Rod, Thanks for asking, indeed the summary was not clear on that point. The plan is to have, in addition to the general informational draft on TESLA mentioned in the summary, a standards-track draft that describes how to use TESLA within ESP. (This is part of the update of the MESP draft.) In fact, let me use this chance to elaborate on the plans regarding the update of the MESP draft. The plan is to have the update address the following points: -The direct use of ESP rather than a separate transform (MESP) -How to do replay protection in case of multiple senders -How to do TESLA-based source authentication -How to do source authentication based on signing each packet Right now Mark Baugher, Brian Weis and myself have committed to working on it. More volunteers are welcome. Another issue here is whether to describe the three "How to do"s in a single draft or in three separate, more focused drafts. Our current tendency is to go for separate drafts. Any thougts, any one? Ran On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: > (Sorry for my ignorance but...) > > Why is Tesla going informational - it may not help the Internet Community much there. > > Rod. > > > > -----Original Message----- > > From: msec-admin@securemulticast.org > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > > > Folks, > > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > expected deliverables within the coming months. (This is NOT > > the minutes. These will come later.) > ... > > * Last call for the TESLA informational draft > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 09:10:28 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18203 for ; Wed, 12 Nov 2003 09:10:28 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0CCBE536B9; Wed, 12 Nov 2003 09:10:08 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 200EC536E3 for ; Wed, 12 Nov 2003 09:08:31 -0500 (EST) Received: (qmail 43165 invoked by uid 3269); 12 Nov 2003 14:08:31 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 43162 invoked from network); 12 Nov 2003 14:08:31 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 12 Nov 2003 14:08:31 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hACE7e0276450; Wed, 12 Nov 2003 09:07:40 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hACE7eo58038; Wed, 12 Nov 2003 09:07:40 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hACE7YZ25760; Wed, 12 Nov 2003 09:07:34 -0500 From: canetti To: Euchner Martin Cc: "'Mark Baugher'" , housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF In-Reply-To: <8C878B55C96F924389908D4A7384842A48BD41@mchh2c7e.mchh.siemens.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 09:07:33 -0500 (EST) Great. Thanks! Ran On Wed, 12 Nov 2003, Euchner Martin wrote: > Mark, > > many thanks. This was roughly also my understanding from the far side, as far as I understood the outcome of the discussion from what Steffen reported to me. > > I'll try to provide clarifications for DHHMAC within H.235 usage and incorporate them into an updated ID (-05). That version will also address the other issues as presented. > (Note: H.325 does not exist, so you certainly reference H.235) > > > > With kind regards > > Martin Euchner. > ----------------------------------------------------------------------- > | Dipl.-Inf. Rapporteur Q.G/SG16 > | Martin Euchner Phone: +49 89 722 55790 > | Siemens AG.....................Fax : +49 89 722 62366 > | ICN M SR 3 mailto:Martin.Euchner@siemens.com > | mailto:martin.euchner@ties.itu.int > | Hofmannstr. 51 Intranet: http://ietf.icn.siemens.de/sr3/Standardisation_Topics/security/ > | D-81359 Muenchen Internet: http://www.siemens.de/ > | __________________ > | Germany > ----------------------------------------------------------------------- > > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, November 12, 2003 1:13 PM > To: canetti > Cc: housley@vigilsec.com; smb@research.att.com; msec@securemulticast.org; Euchner Martin ICN M SR 3 > Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF > > > >* DHHMAC draft: Passed WG last call. Main outstanding issue: Does this draft > > has constituency within MSEC. In discussion some points of merit were > > pointed out, and it was decided to ask the authors of DHHMAC to elaborate > > in the daft on the uses of DHHMAC within msec, and hand DHHMAC to the ADs > > for IESG approval. > > I recorded in the minutes that Steffen offered a rationale for > including DHHMAC in MSEC, namely, DHHMAC better aligns MIKEY with > the ITU H.323 teleconferencing security specification, H.325. > We might want to discuss this further. We need people who have > both read and understood the H.325 specification to evaluate this > proposition. > > > Mark > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 12:04:26 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA27619 for ; Wed, 12 Nov 2003 12:04:25 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 5BEF7535F5; Wed, 12 Nov 2003 12:04:04 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 20A405355C for ; Wed, 12 Nov 2003 12:02:43 -0500 (EST) Received: (qmail 76781 invoked by uid 3269); 12 Nov 2003 17:02:43 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 76778 invoked from network); 12 Nov 2003 17:02:42 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 12 Nov 2003 17:02:42 -0000 Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by pigeon.verisign.com (8.12.10/) with ESMTP id hACH2d4u016545; Wed, 12 Nov 2003 09:02:39 -0800 (PST) Received: by mou1wnexc02.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id ; Wed, 12 Nov 2003 09:02:39 -0800 Message-ID: From: "Hardjono, Thomas" To: "'canetti'" , Rod.Walsh@nokia.com Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 09:02:35 -0800 Ran, I don't mind separate drafts or just 3 drafts, so long as we can do WG Last Call by February 2004 or earlier (in order for them to complete IESG Last Call by early May). Perhaps the fewer, the better. We'll need June and July to clear-up WG loose ends, before closing or rechartering MSEC WG. thomas ------ -----Original Message----- From: canetti [mailto:canetti@watson.ibm.com] Sent: Wednesday, November 12, 2003 9:03 AM To: Rod.Walsh@nokia.com Cc: housley@vigilsec.com; smb@research.att.com; msec@securemulticast.org Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF Rod, Thanks for asking, indeed the summary was not clear on that point. The plan is to have, in addition to the general informational draft on TESLA mentioned in the summary, a standards-track draft that describes how to use TESLA within ESP. (This is part of the update of the MESP draft.) In fact, let me use this chance to elaborate on the plans regarding the update of the MESP draft. The plan is to have the update address the following points: -The direct use of ESP rather than a separate transform (MESP) -How to do replay protection in case of multiple senders -How to do TESLA-based source authentication -How to do source authentication based on signing each packet Right now Mark Baugher, Brian Weis and myself have committed to working on it. More volunteers are welcome. Another issue here is whether to describe the three "How to do"s in a single draft or in three separate, more focused drafts. Our current tendency is to go for separate drafts. Any thougts, any one? Ran On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: > (Sorry for my ignorance but...) > > Why is Tesla going informational - it may not help the Internet > Community much there. > > Rod. > > > > -----Original Message----- > > From: msec-admin@securemulticast.org > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > > > Folks, > > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > expected deliverables within the coming months. (This is NOT the > > minutes. These will come later.) > ... > > * Last call for the TESLA informational draft > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 12:05:12 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA27759 for ; Wed, 12 Nov 2003 12:05:11 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 083075370F; Wed, 12 Nov 2003 12:04:10 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id D3FBA53588 for ; Wed, 12 Nov 2003 12:03:53 -0500 (EST) Received: (qmail 76969 invoked by uid 3269); 12 Nov 2003 17:03:53 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 76965 invoked from network); 12 Nov 2003 17:03:53 -0000 Received: from sj-iport-3-in.cisco.com (HELO sj-iport-3.cisco.com) (171.71.176.72) by klesh.pair.com with SMTP; 12 Nov 2003 17:03:53 -0000 Received: from cisco.com (171.71.177.254) by sj-iport-3.cisco.com with ESMTP; 12 Nov 2003 09:10:42 -0800 Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by sj-core-2.cisco.com (8.12.9/8.12.6) with ESMTP id hACH3jw5020881; Wed, 12 Nov 2003 09:03:45 -0800 (PST) Message-ID: <3FB267F1.8C606C35@cisco.com> From: Brian Weis X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: canetti Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 09:03:45 -0800 Content-Transfer-Encoding: 7bit canetti wrote: > > Rod, > > Thanks for asking, indeed the summary was not clear on that point. > The plan is to have, in addition to the general informational draft on > TESLA mentioned in the summary, a standards-track draft that describes how > to use TESLA within ESP. (This is part of the update of the MESP draft.) > > In fact, let me use this chance to elaborate on the plans regarding > the update of the MESP draft. The plan is to have the update address > the following points: > -The direct use of ESP rather than a separate transform (MESP) > -How to do replay protection in case of multiple senders > -How to do TESLA-based source authentication > -How to do source authentication based on signing each packet > > Right now Mark Baugher, Brian Weis and myself have committed to working on > it. More volunteers are welcome. > > Another issue here is whether to describe the three "How to do"s > in a single draft or in three separate, more focused drafts. Our current > tendency is to go for separate drafts. Any thougts, any one? My opinion is that we would be best off to have a data transforms document that describes the general issues of data transforms when applied to multicast packets. E.g., general issues with source authentication, and replay protection for multiple senders. This gives informational guidance to implements of data transforms, just as GKMARCH does for key management protocols. Then there need to be documents applying those concepts to specific data transforms. For example, we need normative documents to define how to deal with source authentication (e.g., TESLA) in ESP, following the rules in RFC 2406bis and RFC 2401bis. However, another document might describe how to do source authentication in the context of SRTP, which has different processing rules. I don't expect these documents to be much more complicated or involved than RFC 2404 ("The Use of HMAC-SHA-1-96 within ESP and AH"). The key is that they are focused, and provide exact guidance for an implementor of a particular data transform. As an example of what I've proposing see: http://www.ietf.org/internet-drafts/draft-bew-ipsec-signatures-01.txt Thanks, Brian > Ran > > On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: > > > (Sorry for my ignorance but...) > > > > Why is Tesla going informational - it may not help the Internet Community much there. > > > > Rod. > > > > > > > -----Original Message----- > > > From: msec-admin@securemulticast.org > > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > > > > > Folks, > > > > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > > expected deliverables within the coming months. (This is NOT > > > the minutes. These will come later.) > > ... > > > * Last call for the TESLA informational draft > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec -- Brian Weis Strategic Cryptographic Development, ITD, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 12:34:27 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29041 for ; Wed, 12 Nov 2003 12:34:26 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id BD76E53619; Wed, 12 Nov 2003 12:34:07 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 47EC053619 for ; Wed, 12 Nov 2003 12:32:41 -0500 (EST) Received: (qmail 82603 invoked by uid 3269); 12 Nov 2003 17:32:41 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 82600 invoked from network); 12 Nov 2003 17:32:41 -0000 Received: from sj-iport-5.cisco.com (171.68.10.87) by klesh.pair.com with SMTP; 12 Nov 2003 17:32:41 -0000 Received: from cisco.com (171.68.223.138) by sj-iport-5.cisco.com with ESMTP; 12 Nov 2003 09:32:45 -0800 Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by sj-core-4.cisco.com (8.12.6/8.12.6) with ESMTP id hACHWbiN011987; Wed, 12 Nov 2003 09:32:37 -0800 (PST) Message-ID: <3FB26EB4.865C29C9@cisco.com> From: Brian Weis X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: "Hardjono, Thomas" Cc: "'canetti'" , Rod.Walsh@nokia.com, housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 09:32:36 -0800 Content-Transfer-Encoding: 7bit Hi Thomas, I believe the smaller focused drafts would actually be easier to get done more efficiently. In fact, it seems that two of them are pretty much written (TESLA informational, ESP signatures) and could go to last call pretty quickly. Brian "Hardjono, Thomas" wrote: > > Ran, > > I don't mind separate drafts or just 3 drafts, so long as we can do WG Last > Call by February 2004 or earlier (in order for them to complete IESG Last > Call by early May). Perhaps the fewer, the better. > > We'll need June and July to clear-up WG loose ends, before closing or > rechartering MSEC WG. > > thomas > ------ > > -----Original Message----- > From: canetti [mailto:canetti@watson.ibm.com] > Sent: Wednesday, November 12, 2003 9:03 AM > To: Rod.Walsh@nokia.com > Cc: housley@vigilsec.com; smb@research.att.com; msec@securemulticast.org > Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF > > Rod, > > Thanks for asking, indeed the summary was not clear on that point. The plan > is to have, in addition to the general informational draft on TESLA > mentioned in the summary, a standards-track draft that describes how to use > TESLA within ESP. (This is part of the update of the MESP draft.) > > In fact, let me use this chance to elaborate on the plans regarding the > update of the MESP draft. The plan is to have the update address the > following points: -The direct use of ESP rather than a separate transform > (MESP) -How to do replay protection in case of multiple senders -How to do > TESLA-based source authentication -How to do source authentication based on > signing each packet > > Right now Mark Baugher, Brian Weis and myself have committed to working on > it. More volunteers are welcome. > > Another issue here is whether to describe the three "How to do"s > in a single draft or in three separate, more focused drafts. Our current > tendency is to go for separate drafts. Any thougts, any one? > > Ran > > On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: > > > (Sorry for my ignorance but...) > > > > Why is Tesla going informational - it may not help the Internet > > Community much there. > > > > Rod. > > > > > > > -----Original Message----- > > > From: msec-admin@securemulticast.org > > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > > > > > Folks, > > > > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > > expected deliverables within the coming months. (This is NOT the > > > minutes. These will come later.) > > ... > > > * Last call for the TESLA informational draft > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec -- Brian Weis Strategic Cryptographic Development, ITD, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 13:12:23 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA00558 for ; Wed, 12 Nov 2003 13:12:23 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 2D824535DD; Wed, 12 Nov 2003 13:12:05 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 06235535DD for ; Wed, 12 Nov 2003 13:10:17 -0500 (EST) Received: (qmail 90215 invoked by uid 3269); 12 Nov 2003 18:10:17 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 90212 invoked from network); 12 Nov 2003 18:10:17 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 12 Nov 2003 18:10:17 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hACIA60255336; Wed, 12 Nov 2003 13:10:06 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hACIA6L35072; Wed, 12 Nov 2003 13:10:06 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hACIA5e32484; Wed, 12 Nov 2003 13:10:05 -0500 From: canetti To: Brian Weis Cc: housley@vigilsec.com, smb@research.att.com, msec@securemulticast.org Subject: Re: [MSEC] Brief summary of msec meeting at 58th IETF In-Reply-To: <3FB267F1.8C606C35@cisco.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 13:10:04 -0500 (EST) Brian, I agree that in order to have a complete and good coverage of the data transforms area we need an "atchitectural" data transforms document on the level of GKMARCH. In fact, it was in the plans at some point in the past but got overlooked. Also documents specifying application/transport layer transforms within MSEC (such as SRTP) are welcome. So, in all, we're looking at the following set of drafts: 1 TESLA introductory (informational) 2 Data transforms architecture (informational) 3 ESP with digital signatures (standards track) 4 ESP with TESLA (standards track) 5 ESP with multiple senders (standards track) potential additional drafts: 6 SRTP within MSEC (with TESLA? signatures?) (standards track) 7 ESP with chained signatures (standards track) (this is Lakshminath's suggestion) Drafts 1, 3 are practically written. Also for 4 there is a pretty good rough draft. 5 should not be much work. 6 should be a medium-size task, whereas 2 and 7 are probably more work. Definitely we have all the knowledge needed for writing these drafts. Hopefully with enough volunteers we can get the writing done in time and keep Thomas happy.. :) Ran On Wed, 12 Nov 2003, Brian Weis wrote: > canetti wrote: > > > > Rod, > > > > Thanks for asking, indeed the summary was not clear on that point. > > The plan is to have, in addition to the general informational draft on > > TESLA mentioned in the summary, a standards-track draft that describes how > > to use TESLA within ESP. (This is part of the update of the MESP draft.) > > > > In fact, let me use this chance to elaborate on the plans regarding > > the update of the MESP draft. The plan is to have the update address > > the following points: > > -The direct use of ESP rather than a separate transform (MESP) > > -How to do replay protection in case of multiple senders > > -How to do TESLA-based source authentication > > -How to do source authentication based on signing each packet > > > > Right now Mark Baugher, Brian Weis and myself have committed to working on > > it. More volunteers are welcome. > > > > Another issue here is whether to describe the three "How to do"s > > in a single draft or in three separate, more focused drafts. Our current > > tendency is to go for separate drafts. Any thougts, any one? > > My opinion is that we would be best off to have a data transforms > document that describes the general issues of data transforms when > applied to multicast packets. E.g., general issues with source > authentication, and replay protection for multiple senders. This gives > informational guidance to implements of data transforms, just as GKMARCH > does for key management protocols. > > Then there need to be documents applying those concepts to specific data > transforms. For example, we need normative documents to define how to > deal with source authentication (e.g., TESLA) in ESP, following the > rules in RFC 2406bis and RFC 2401bis. However, another document might > describe how to do source authentication in the context of SRTP, which > has different processing rules. I don't expect these documents to be > much more complicated or involved than RFC 2404 ("The Use of > HMAC-SHA-1-96 within ESP and AH"). The key is that they are focused, and > provide exact guidance for an implementor of a particular data > transform. As an example of what I've proposing see: > http://www.ietf.org/internet-drafts/draft-bew-ipsec-signatures-01.txt > > Thanks, > Brian > > > Ran > > > > On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: > > > > > (Sorry for my ignorance but...) > > > > > > Why is Tesla going informational - it may not help the Internet Community much there. > > > > > > Rod. > > > > > > > > > > -----Original Message----- > > > > From: msec-admin@securemulticast.org > > > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > > > > > > > Folks, > > > > > > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > > > expected deliverables within the coming months. (This is NOT > > > > the minutes. These will come later.) > > > ... > > > > * Last call for the TESLA informational draft > > > > > > > _______________________________________________ > > msec mailing list > > msec@securemulticast.org > > http://www.pairlist.net/mailman/listinfo/msec > > -- > Brian Weis > Strategic Cryptographic Development, ITD, Cisco Systems > Telephone: +1 408 526 4796 > Email: bew@cisco.com > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 13:20:38 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA00945 for ; Wed, 12 Nov 2003 13:20:37 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0125F535F5; Wed, 12 Nov 2003 13:20:17 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 0D256535EA for ; Wed, 12 Nov 2003 13:19:25 -0500 (EST) Received: (qmail 92987 invoked by uid 3269); 12 Nov 2003 18:19:24 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 92984 invoked from network); 12 Nov 2003 18:19:24 -0000 Received: from sj-iport-1-in.cisco.com (HELO sj-iport-1.cisco.com) (171.71.176.70) by klesh.pair.com with SMTP; 12 Nov 2003 18:19:24 -0000 Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by sj-core-2.cisco.com (8.12.9/8.12.6) with ESMTP id hACIJMw5009710 for ; Wed, 12 Nov 2003 10:19:22 -0800 (PST) Message-ID: <3FB279A9.BCA268E3@cisco.com> From: Brian Weis X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: msec@securemulticast.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: [MSEC] GDOI reference implementation Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 10:19:21 -0800 Content-Transfer-Encoding: 7bit FYI, a release of the GDOI reference implementation complying with RFC 3457 is now available on http://www.vovida.org. Look for GDOI under the "Protocols" section. Brian -- Brian Weis Strategic Cryptographic Development, ITD, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 14:32:25 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03195 for ; Wed, 12 Nov 2003 14:32:24 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 28DFF535CD; Wed, 12 Nov 2003 14:32:04 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 128035359B for ; Wed, 12 Nov 2003 14:31:04 -0500 (EST) Received: (qmail 7868 invoked by uid 3269); 12 Nov 2003 19:31:04 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 7861 invoked from network); 12 Nov 2003 19:31:03 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 12 Nov 2003 19:31:03 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hACJV10203392 for ; Wed, 12 Nov 2003 14:31:01 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hACJV1V76342 for ; Wed, 12 Nov 2003 14:31:01 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hACJV0725818 for ; Wed, 12 Nov 2003 14:31:00 -0500 From: canetti To: msec@securemulticast.org Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/Mixed; BOUNDARY="=====================_2167436==_" Content-ID: Subject: [MSEC] Minutes of MSEC meeting in 58th IETF Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 14:30:59 -0500 (EST) This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --=====================_2167436==_ Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; FORMAT=flowed Content-ID: Folks, Here are the minutes of the meeting, as taken by Mark Baugher. Thanks, Mark! Ran and Thomas --=====================_2167436==_ Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: Content-Description: Content-Disposition: ATTACHMENT; FILENAME="msec-58.txt" 10 Nov 2003 MSEC WG 58th IETF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Welcome - Thomas Hardjono o no changes to agenda o Review of WG status: I-D Milestones since last IETF foil - www.securemulticast.org/msec-drafts.htm gives the draft status - Ran: mesp features have been incorporated into IPsec ESPbis - Thomas: Multicast issues draft could go to informational - Russ: If ESPbis has incorporated everything then should drop this; the consensus is to drop it - No status on secure feedback - Ran: have nothing on how key management works with application layer data protection - Mark: Hard to do this without having a particular app data security protocol in the pipeline but there is some work underway on multicast transport-layer security - Ran: We should define this in anticipation of an application-security protocol - Andrea: GSAKMP is supporting an app protocol that is not an IETF standard; Ran thought that the API and object definition would be of interest - Brian: Is this specifically an API? Ran: Yes. Brian: not sure we need to do an API in the MSEC WG. The thing of interest is the objects and bindings in the protocol for doing this. - Thomas: We need to discuss policy token; we'll do this after Andrea's presentation MIKEY - Elisabetta o IESG evaluation reviewed (see foilset) - Brian: Is a new PRF RFC required or is this is an extension? Elisabetta said that this was an extension mechanism. - Russ: some means are needed to signal the use of a new PRF - General discussion on the need to decouple MIKE from the mmusic key-mgt. - Russ recommends to not reference the key-mgt document from MIKEY o Status is that a revised I-D is needed for IESG last call GKMARCH - Ran (see foils) o There are two outstanding issues from WG Last Call, one being peer controllers - George: From receiver, what's important is how the controller is authenticated. Will next draft allow re-key from peers? - Brian: It seems important to allow for this. o we will incorporate needed changes and resubmit to WG last call GSAKMP - Andrea (see foils) o Changes from last I-D and new additions presented - Ran: are cookies still include in request to join? - Andrea: yes o Draft 04 is out is out and 05 will follow for possible last call - Thomas: Policy token is now broken into two pieces with a generic piece. Would GDOI use them? - Brian: Yes, GDOI could use the policy token o Ran: We are going to be asked about having two separate group key management protocols when GSAKMP goes to the IESG last call in the future. Do we need two? - Mark: historically the difference was between the ISAKMP header that GDOI used and GSAKMP did not. Now there are a lot of different functions in GSAKMP - Brian: GSAKMP also is closely tied to the policy token - Thomas: There is an important application for GSAKMP that is distinct from GDOI just as there was a need for GDOI to leverage the IKE installed base. We need to move GSAKMP forward - George: There is something to be said for parallel development of the two protocols; could focus on rekey message as a unifying message, e.g. GDOI uses a great variety of different authorization methods and these distinctions are a concern for the registration protocol and not the rekey protocol - Thomas: When will GSAKMP be ready for last call? How about June or July? - Andrea thought that was reasonable DHHMAC - Steffen (see foils) o Changes from last I-D o version 05 will be done by xmas and this is recommended as a last call document - Ran: is there a constituency for this? - Mark: This aligns MIKEY with H.325? Steffen said 'yes' - Betta: Is this needed for H.323? Steffen said 'yes' - Thomas: Is there opposition to moving this forward? - Mark: The motivation would be to align this IETF protocol (MIKEY) with H.235 (would like to do the same with SRTP as well). - Ran: Should take to WG last call - Thomas: We can do this with draft 05 is submitted MSEC & AAA - George (see foils) o Status given and motivation for including AAA/Diameter in MSEC focus o GDOI could leverage ISAKMP/IKE AAA work but GDOI does not separate KS from GC functions; - Mark: What is the distinction? - George: GC does registration but does not have the key for the group - Mark: This distinction is not generally well-defined in msec - George: This was discussed in the MSEC architecture - Brian: KS could be closest to member but the GC would do registration - Mark: In general, this problem is difficult and not yet solved in security systems, viz. X.509 PKI across domains - George: Large-scale multicast groups are likely to be multi-realm and we will need to solve this in MSEC - Andrea: It is unlikely to be able to separate these functions since there is always a potential collusion problem o GSAKMP uses the Diameter "push" model as opposed to the GDOI "pull" model o Have not yet decided how to introduce this to msec - Thomas: Can't this be in the generic policy token I-D? - George: It will at least influence the design of the generic policy token and could be completely defined there Wrap Up o Thomas took a show of hands and found ~9 persons were planning to attend o Ran might attend so there may be an msec meeting at IETF 59 --=====================_2167436==_-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 12 14:42:29 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03752 for ; Wed, 12 Nov 2003 14:42:28 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 3586353614; Wed, 12 Nov 2003 14:42:08 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 179215359B for ; Wed, 12 Nov 2003 14:41:53 -0500 (EST) Received: (qmail 9817 invoked by uid 3269); 12 Nov 2003 19:41:53 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 9813 invoked from network); 12 Nov 2003 19:41:52 -0000 Received: from mgw-x1.nokia.com (131.228.20.21) by klesh.pair.com with SMTP; 12 Nov 2003 19:41:52 -0000 Received: from esvir05nok.ntc.nokia.com (esvir05nokt.ntc.nokia.com [172.21.143.37]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id hACJfpA13363 for ; Wed, 12 Nov 2003 21:41:51 +0200 (EET) Received: from esebh004.NOE.Nokia.com (unverified) by esvir05nok.ntc.nokia.com (Content Technologies SMTPRS 4.2.5) with ESMTP id ; Wed, 12 Nov 2003 21:41:49 +0200 Received: from esebh005.NOE.Nokia.com ([172.21.138.86]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Wed, 12 Nov 2003 21:41:49 +0200 Received: from esebe022.NOE.Nokia.com ([172.21.138.113]) by esebh005.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Wed, 12 Nov 2003 21:41:49 +0200 Received: from trebe003.NOE.Nokia.com ([172.22.232.175]) by esebe022.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Wed, 12 Nov 2003 21:41:49 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF Message-ID: <2BF0AD29BC31FE46B7887732114404310357E7C5@trebe003.europe.nokia.com> Thread-Topic: [MSEC] Brief summary of msec meeting at 58th IETF Thread-Index: AcOpJcBnpE/K8pM4St2QWdtnqN1UIwALnMqA From: To: Cc: , , X-OriginalArrivalTime: 12 Nov 2003 19:41:49.0269 (UTC) FILETIME=[03824850:01C3A955] Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Nov 2003 21:41:48 +0200 Content-Transfer-Encoding: quoted-printable Thanks Ran for the clarification. As a MSEC-newbie I can offer the non-scientific opinion that size = matters. Since I intend to read all these, a nice readable size would be = very helpful in segmenting the work into grey-matter digestable chunks. So many small drafts would probably help resolve issues better is the = readability should be better and more encapsulated (not less than 3 = pages :) Cheers, Rod. > -----Original Message----- > From: ext canetti [mailto:canetti@watson.ibm.com] > Sent: Wednesday, November 12, 2003 8:03 AM > To: Walsh Rod (NRC/Tampere) > Cc: housley@vigilsec.com; smb@research.att.com;=20 > msec@securemulticast.org > Subject: RE: [MSEC] Brief summary of msec meeting at 58th IETF >=20 >=20 >=20 > Rod, >=20 > Thanks for asking, indeed the summary was not clear on that point. > The plan is to have, in addition to the general informational draft on > TESLA mentioned in the summary, a standards-track draft that=20 > describes how > to use TESLA within ESP. (This is part of the update of the =20 > MESP draft.)=20 >=20 > In fact, let me use this chance to elaborate on the plans regarding > the update of the MESP draft. The plan is to have the update address > the following points: > -The direct use of ESP rather than a separate transform (MESP) > -How to do replay protection in case of multiple senders > -How to do TESLA-based source authentication > -How to do source authentication based on signing each packet=20 >=20 > Right now Mark Baugher, Brian Weis and myself have committed=20 > to working on > it. More volunteers are welcome. >=20 > Another issue here is whether to describe the three "How to do"s=20 > in a single draft or in three separate, more focused drafts.=20 > Our current > tendency is to go for separate drafts. Any thougts, any one? >=20 > Ran >=20 > On Wed, 12 Nov 2003 Rod.Walsh@nokia.com wrote: >=20 > > (Sorry for my ignorance but...) > >=20 > > Why is Tesla going informational - it may not help the=20 > Internet Community much there. > >=20 > > Rod. > >=20 > >=20 > > > -----Original Message----- > > > From: msec-admin@securemulticast.org > > > Subject: [MSEC] Brief summary of msec meeting at 58th IETF > > >=20 > > > Folks, > > >=20 > > > Following is a brief summary of MSEC meeting in 58th IETF, and the > > > expected deliverables within the coming months. (This is NOT > > > the minutes. These will come later.) > > ... > > > * Last call for the TESLA informational draft > >=20 >=20 >=20 _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 09:14:25 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27528 for ; Thu, 13 Nov 2003 09:14:24 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0103953754; Thu, 13 Nov 2003 09:14:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 4ACAE536B7 for ; Thu, 13 Nov 2003 08:01:07 -0500 (EST) Received: (qmail 32727 invoked by uid 3269); 13 Nov 2003 13:01:07 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 32724 invoked from network); 13 Nov 2003 13:01:07 -0000 Received: from prue.eim.surrey.ac.uk (131.227.76.5) by klesh.pair.com with SMTP; 13 Nov 2003 13:01:07 -0000 Received: from ccsrnrpc13.ee.surrey.ac.uk ([131.227.88.62] helo=eim.surrey.ac.uk) by prue.eim.surrey.ac.uk with esmtp (Exim 3.33 #4) id 1AKH52-0005gT-00 for msec@securemulticast.org; Thu, 13 Nov 2003 13:00:12 +0000 Message-ID: <3FB3805C.2D6A277F@eim.surrey.ac.uk> From: Sunil Iyengar Organization: CCSR, University of Surrey X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: msec mailing list Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-105.4 required=5.5 tests=BAYES_01,USER_AGENT_MOZILLA_XM,USER_IN_WHITELIST version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Scanner: exiscan *1AKH52-0005gT-00*5GmaUELzK3.* (SECM, UniS) Subject: [MSEC] reliability of rekey messages Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 13:00:12 +0000 Content-Transfer-Encoding: 7bit Hello Msec Group members, Just wondering if there is any plan of action to address reliability of rekey messages as part of key management or this out of scope of msec. Cheers Sunny -- *********************************************************** Sunil Iyengar, Research Fellow, Networks Group, Centre For Communication And Systems Research(CCSR), School of Electronics, Computing & Mathematics, University Of Surrey, Guildford GU2 7XH, Surrey, England, United Kingdom. Office: +44 (0)1483 686008 *********************************************************** _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 11:31:29 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA06247 for ; Thu, 13 Nov 2003 11:31:28 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id E62105389E; Thu, 13 Nov 2003 11:20:26 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id A2E1053897 for ; Thu, 13 Nov 2003 11:19:05 -0500 (EST) Received: (qmail 73810 invoked by uid 3269); 13 Nov 2003 16:19:05 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 73807 invoked from network); 13 Nov 2003 16:19:05 -0000 Received: from m4.sparta.com (157.185.61.2) by klesh.pair.com with SMTP; 13 Nov 2003 16:19:05 -0000 Received: from ambrosius.sparta.com (beta5.sparta.com [157.185.63.21]) by m4.sparta.com (8.12.8/8.12.8) with ESMTP id hADGJ3wo010594; Thu, 13 Nov 2003 10:19:03 -0600 Received: from columbia.sparta.com (lilo.columbia.SPARTA.COM [157.185.80.32]) by ambrosius.sparta.com (8.12.8/8.12.8) with ESMTP id hADGJ23L030909; Thu, 13 Nov 2003 10:19:02 -0600 Received: from columbia.sparta.com (dhcp-15.columbia.sparta.com [157.185.80.15]) by columbia.sparta.com (8.12.10+Sun/8.12.10) with ESMTP id hADGJ2ux014867; Thu, 13 Nov 2003 11:19:02 -0500 (EST) Message-ID: <3FB3AEF0.9010004@columbia.sparta.com> From: Andrea Colegrove User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sunil Iyengar Cc: "msec@securemulticast.org" Subject: Re: [MSEC] reliability of rekey messages References: <3FB3805C.2D6A277F@eim.surrey.ac.uk> In-Reply-To: <3FB3805C.2D6A277F@eim.surrey.ac.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 11:18:56 -0500 Content-Transfer-Encoding: 7bit Hi, Sunny, I am not sure if it answers your question, but in the msec policy token we are planning on adding a "knob" to specify what, if any, reliability will be used on rekey messages. --- Andrea Sunil Iyengar wrote: >Hello Msec Group members, > >Just wondering if there is any plan of action to address reliability of >rekey messages as part of key management or this out of scope of msec. > >Cheers >Sunny >-- >*********************************************************** >Sunil Iyengar, >Research Fellow, Networks Group, >Centre For Communication And Systems Research(CCSR), >School of Electronics, Computing & Mathematics, >University Of Surrey, Guildford GU2 7XH, >Surrey, England, United Kingdom. >Office: +44 (0)1483 686008 >*********************************************************** > > > >_______________________________________________ >msec mailing list >msec@securemulticast.org >http://www.pairlist.net/mailman/listinfo/msec > > > > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 11:54:33 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07702 for ; Thu, 13 Nov 2003 11:54:30 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 2D6A753556; Thu, 13 Nov 2003 11:54:09 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 8BCDD5355B for ; Thu, 13 Nov 2003 11:45:44 -0500 (EST) Received: (qmail 78852 invoked by uid 3269); 13 Nov 2003 16:45:44 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 78849 invoked from network); 13 Nov 2003 16:45:44 -0000 Received: from zrc2s0jx.nortelnetworks.com (47.103.122.112) by klesh.pair.com with SMTP; 13 Nov 2003 16:45:44 -0000 Received: from zsc3c028.us.nortel.com (zsc3c028.us.nortel.com [47.81.138.28]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id hADGjYJ01446; Thu, 13 Nov 2003 10:45:34 -0600 (CST) Received: from zbl6c002.us.nortel.com (zbl6c002.corpeast.baynetworks.com [132.245.205.52]) by zsc3c028.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id W32H0RP0; Thu, 13 Nov 2003 08:45:34 -0800 Received: from nortelnetworks.com (LDONDETI-2 [47.17.22.109]) by zbl6c002.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id WTQ07R5Z; Thu, 13 Nov 2003 11:45:33 -0500 Message-ID: <3FB3B51E.2000802@nortelnetworks.com> X-Sybari-Space: 00000000 00000000 00000000 00000000 From: "Dondeti, Lakshminath" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: canetti Cc: msec@securemulticast.org Subject: Re: [MSEC] Minutes of MSEC meeting in 58th IETF References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 11:45:18 -0500 Content-Transfer-Encoding: 7bit Do we need to do another WG last call on the revised GKMarch? Was there a discussion on local recovery that George brought up? regards, Lakshminath canetti wrote: > > > Folks, > > Here are the minutes of the meeting, as taken by Mark Baugher. Thanks, > Mark! > > Ran and Thomas > >GKMARCH - Ran (see foils) > o There are two outstanding issues from WG Last Call, one being > peer controllers > - George: From receiver, what's important is how the controller > is authenticated. Will next draft allow re-key from peers? > - Brian: It seems important to allow for this. > o we will incorporate needed changes and resubmit to WG last call > > > > > > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 12:48:49 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10508 for ; Thu, 13 Nov 2003 12:48:47 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id CA98C53840; Thu, 13 Nov 2003 12:45:48 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id B7860537C7 for ; Thu, 13 Nov 2003 12:36:01 -0500 (EST) Received: (qmail 91131 invoked by uid 3269); 13 Nov 2003 17:36:01 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 91128 invoked from network); 13 Nov 2003 17:36:01 -0000 Received: from igw2.watson.ibm.com (129.34.20.6) by klesh.pair.com with SMTP; 13 Nov 2003 17:36:01 -0000 Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57]) by igw2.watson.ibm.com (8.11.7-20030924/8.11.4) with ESMTP id hADHYd0253516; Thu, 13 Nov 2003 12:34:39 -0500 Received: from ornavella.watson.ibm.com (localhost [127.0.0.1]) by sp1n293en1.watson.ibm.com (8.11.7-20030924/8.11.7) with ESMTP id hADHYcB72552; Thu, 13 Nov 2003 12:34:38 -0500 Received: from localhost (canetti@localhost) by ornavella.watson.ibm.com (AIX5.1/8.11.6p2/8.11.0/03-06-2002) with ESMTP id hADHYbr34668; Thu, 13 Nov 2003 12:34:37 -0500 From: canetti To: "Dondeti, Lakshminath" Cc: msec@securemulticast.org Subject: Re: [MSEC] Minutes of MSEC meeting in 58th IETF In-Reply-To: <3FB3B51E.2000802@nortelnetworks.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 12:34:36 -0500 (EST) Lakshminath, On Thu, 13 Nov 2003, Dondeti, Lakshminath wrote: > Do we need to do another WG last call on the revised GKMarch? No. The updated draft would go directly to the ADs for IESG review. > Was there a discussion on local recovery that George brought up? > Yes, and the general feeling was that it's ok to add his suggestion. Indeed, it is not a fully specified solution, but neither is the solution via direct connection to the GC/KS or via a web site. It should be understood as a general directive. Ran > regards, > Lakshminath > > canetti wrote: > > > > > > > Folks, > > > > Here are the minutes of the meeting, as taken by Mark Baugher. Thanks, > > Mark! > > > > Ran and Thomas > > > >GKMARCH - Ran (see foils) > > o There are two outstanding issues from WG Last Call, one being > > peer controllers > > - George: From receiver, what's important is how the controller > > is authenticated. Will next draft allow re-key from peers? > > - Brian: It seems important to allow for this. > > o we will incorporate needed changes and resubmit to WG last call > > > > > > > > > > > > > > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 14:13:21 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13399 for ; Thu, 13 Nov 2003 14:13:19 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 9EAFE537ED; Thu, 13 Nov 2003 14:12:58 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id D5D4D537E5 for ; Thu, 13 Nov 2003 14:11:41 -0500 (EST) Received: (qmail 9901 invoked by uid 3269); 13 Nov 2003 19:11:41 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 9898 invoked from network); 13 Nov 2003 19:11:41 -0000 Received: from sj-iport-5.cisco.com (171.68.10.87) by klesh.pair.com with SMTP; 13 Nov 2003 19:11:41 -0000 Received: from cisco.com (171.68.223.138) by sj-iport-5.cisco.com with ESMTP; 13 Nov 2003 11:11:45 -0800 Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by sj-core-4.cisco.com (8.12.6/8.12.6) with ESMTP id hADJBYiN007272; Thu, 13 Nov 2003 11:11:38 -0800 (PST) Message-ID: <3FB3D766.5EC30A5C@cisco.com> From: Brian Weis X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: Sunil Iyengar Cc: msec mailing list Subject: Re: [MSEC] reliability of rekey messages References: <3FB3805C.2D6A277F@eim.surrey.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 11:11:34 -0800 Content-Transfer-Encoding: 7bit Hi Sunil, See Section 5.3 of http://www.ietf.org/internet-drafts/draft-ietf-msec-gkmarch-06.txt for a discussion of rekey reliability. Brian Sunil Iyengar wrote: > > Hello Msec Group members, > > Just wondering if there is any plan of action to address reliability of > rekey messages as part of key management or this out of scope of msec. > > Cheers > Sunny > -- > *********************************************************** > Sunil Iyengar, > Research Fellow, Networks Group, > Centre For Communication And Systems Research(CCSR), > School of Electronics, Computing & Mathematics, > University Of Surrey, Guildford GU2 7XH, > Surrey, England, United Kingdom. > Office: +44 (0)1483 686008 > *********************************************************** > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec -- Brian Weis Strategic Cryptographic Development, ITD, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Nov 13 20:16:24 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA02934 for ; Thu, 13 Nov 2003 20:16:23 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 97CBC53650; Thu, 13 Nov 2003 20:16:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id B9961535DF for ; Thu, 13 Nov 2003 20:14:44 -0500 (EST) Received: (qmail 74888 invoked by uid 3269); 14 Nov 2003 01:14:44 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 74885 invoked from network); 14 Nov 2003 01:14:44 -0000 Received: from sj-iport-4.cisco.com (171.68.10.86) by klesh.pair.com with SMTP; 14 Nov 2003 01:14:44 -0000 Received: from cscoamera13263.cisco.com (sjc-vpn3-28.cisco.com [10.21.64.28]) by sj-core-4.cisco.com (8.12.6/8.12.6) with ESMTP id hAE1EeiO027605; Thu, 13 Nov 2003 17:14:41 -0800 (PST) Message-Id: <6.0.0.22.2.20031113171352.03ba8a60@mira-sjc5-6.cisco.com> X-Sender: mbaugher@mira-sjc5-6.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 To: "Dondeti, Lakshminath" From: Mark Baugher Subject: Re: [MSEC] Minutes of MSEC meeting in 58th IETF Cc: canetti , msec@securemulticast.org In-Reply-To: <3FB3B51E.2000802@nortelnetworks.com> References: <3FB3B51E.2000802@nortelnetworks.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 13 Nov 2003 17:14:39 -0800 I expect that all we need to do is copy the WG and ensure that the person who raised the specific point reviews the changes that address it. Mark At 08:45 AM 11/13/2003, Dondeti, Lakshminath wrote: >Do we need to do another WG last call on the revised GKMarch? Was there a >discussion on local recovery that George brought up? > >regards, >Lakshminath > >canetti wrote: > >> >> >>Folks, >> >>Here are the minutes of the meeting, as taken by Mark Baugher. Thanks, Mark! >> >>Ran and Thomas >> >>GKMARCH - Ran (see foils) >> o There are two outstanding issues from WG Last Call, one being >> peer controllers >> - George: From receiver, what's important is how the controller >> is authenticated. Will next draft allow re-key from peers? >> - Brian: It seems important to allow for this. >> o we will incorporate needed changes and resubmit to WG last call >> >> >> >> >> > > >_______________________________________________ >msec mailing list >msec@securemulticast.org >http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Mon Nov 24 05:28:39 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA02794 for ; Mon, 24 Nov 2003 05:28:38 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 2C42E535F3; Mon, 24 Nov 2003 05:27:22 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id EC0D0536CB for ; Mon, 24 Nov 2003 05:24:56 -0500 (EST) Received: (qmail 92457 invoked by uid 3269); 24 Nov 2003 10:24:56 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 92452 invoked from network); 24 Nov 2003 10:24:56 -0000 Received: from thoth.sbs.de (192.35.17.2) by klesh.pair.com with SMTP; 24 Nov 2003 10:24:56 -0000 Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by thoth.sbs.de (8.11.7/8.11.7) with ESMTP id hAOAOtJ03922; Mon, 24 Nov 2003 11:24:55 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail3.siemens.de (8.11.7/8.11.7) with ESMTP id hAOAOsF08732; Mon, 24 Nov 2003 11:24:54 +0100 (MET) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.10/8.12.10/$SiemensCERT: mail/cert.mc.pre,v 1.56 2003/11/06 20:07:28 ust Exp $) with ESMTP id hAOAOoBe038147; Mon, 24 Nov 2003 11:24:54 +0100 (CET) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id hAOAOoEk023457; Mon, 24 Nov 2003 11:24:50 +0100 (MET) From: "Steffen Fries" Organization: Siemens AG To: "Elisabetta Carrara (EAB)" MIME-Version: 1.0 Reply-To: steffen.fries@siemens.com Cc: msec@securemulticast.org Message-ID: <3FC1EA82.2785.E62C1A7@localhost> Priority: normal In-reply-to: <4E85E49D1F0CBF4F96EA08E335750D7D02838741@Esealnt877.al.sw.ericsson.se> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: [MSEC] MIKEY Question Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Mon, 24 Nov 2003 11:24:50 +0100 Content-Transfer-Encoding: 7BIT Hi Elisabetta, do you have any recommendation in which SIP return message the second MIKEY message in case of DH based key exchange should be sent? It might be a matter of implementation, but imagine a scenario, where a caller sends a SETUP to a callee (including the MIKEY message). Now, he gets a RINGING back. Should the ringing already contain the second MIKEY message or the OK? In case of RINGING, the call may not be completed, and thus, the MIKEY data have been exchanged without actually being used. In case of okay, the callee may already start sending RTP data before the OK message arrives at the caller. Is there any recommendation, which message should be taken? Regards Steffen _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 03:46:15 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA08743 for ; Tue, 25 Nov 2003 03:46:14 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 11895535A8; Tue, 25 Nov 2003 03:45:36 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 02C6F535A8 for ; Tue, 25 Nov 2003 03:43:49 -0500 (EST) Received: (qmail 99122 invoked by uid 3269); 25 Nov 2003 08:43:49 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 99118 invoked from network); 25 Nov 2003 08:43:49 -0000 Received: from posti-a.luukku.com (193.209.83.72) by klesh.pair.com with SMTP; 25 Nov 2003 08:43:49 -0000 Received: by postig.luukku.com (Postfix, from userid 99) id 7B6FA200193; Tue, 25 Nov 2003 10:43:44 +0200 (EET) Received: from suksi (suksig.luukku.com [192.194.195.98]) by postig.luukku.com (Postfix) with ESMTP id 65E67200035 for ; Tue, 25 Nov 2003 10:43:44 +0200 (EET) Message-ID: <1069749824386.janne.i.771960.DkzwXb39jm3_4UtNRW6kUA@luukku.com> From: Janne Ihatsu To: msec@securemulticast.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [194.157.113.161] Subject: [MSEC] Any implementations? Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 10:43:44 +0200 (EET) Content-Transfer-Encoding: quoted-printable Hi! Are there how many implementations of "MSEC results" available? I mean some= kind of products that provide security for multicast traffic by using thes= e MSEC research methods (GDOI, GSAKMP, MIKEY, TESLA..etc). I know that GDOI implementation by Brian Weis is available but if I am unde= rstanding correctly, this is just for testing purposes. There is also GSAKMP implemen= tation (by SPARTA?). There are also commercial products. For example UDcast's product UDcrypt ad= vertises that it is "providing MSEC key distribution compliance and adapted= GCKS". But this UDcrypt is mainly intended for DVS-B systems. If I want to secure multicast traffic (for example videostream through LAN)= , is this possible yet? Regards,=20 Janne I ............................................................ Maksuton s=E4hk=F6posti aina k=E4yt=F6ss=E4 http://luukku.com Kuukausimaksuton MTV3 Internet-liittym=E4 www.mtv3.fi/liittyma _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 09:52:32 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA19695 for ; Tue, 25 Nov 2003 09:52:31 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id E186A537E5; Tue, 25 Nov 2003 09:51:06 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 544425375E for ; Tue, 25 Nov 2003 09:49:30 -0500 (EST) Received: (qmail 59299 invoked by uid 3269); 25 Nov 2003 14:49:29 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 59296 invoked from network); 25 Nov 2003 14:49:24 -0000 Received: from penguin-ext.wise.edt.ericsson.se (193.180.251.47) by klesh.pair.com with SMTP; 25 Nov 2003 14:49:24 -0000 Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by penguin-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8) with ESMTP id hAPEnJSs001735; Tue, 25 Nov 2003 15:49:22 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2657.72) id ; Tue, 25 Nov 2003 15:48:47 +0100 Message-ID: <1F55F6582266314A85A55F6241509B67078E55A0@Esealnt863.al.sw.ericsson.se> From: "Karl Norrman (KI/EAB)" To: "'janne.i@luukku.com'" Cc: "'msec@securemulticast.org'" Subject: RE: [MSEC] Any implementations? MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 10:51:31 +0100 Hello Janne! Ericsson is planning to release a reference implementation of the MIKEY protocol. Regards, Karl >-------- Original Message -------- >Subject: [MSEC] Any implementations? >Date: Tue, 25 Nov 2003 09:43:44 +0100 >From: "Janne Ihatsu" >To: > >Hi! > >Are there how many implementations of "MSEC results" >available? I mean >some kind of products that provide security for multicast traffic by >using these MSEC research methods (GDOI, GSAKMP, MIKEY, TESLA..etc). > >I know that GDOI implementation by Brian Weis is available >but if I am >understanding >correctly, this is just for testing purposes. There is also GSAKMP >implementation (by SPARTA?). > >There are also commercial products. For example UDcast's >product UDcrypt >advertises that it is "providing MSEC key distribution compliance and >adapted GCKS". But this UDcrypt is mainly intended for DVS-B systems. > >If I want to secure multicast traffic (for example >videostream through >LAN), is this possible yet? > >Regards, >Janne I > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 10:30:35 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA22840 for ; Tue, 25 Nov 2003 10:30:34 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id AD03453745; Tue, 25 Nov 2003 10:30:15 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id C083553745 for ; Tue, 25 Nov 2003 10:30:07 -0500 (EST) Received: (qmail 66261 invoked by uid 3269); 25 Nov 2003 15:30:07 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 66258 invoked from network); 25 Nov 2003 15:30:06 -0000 Received: from david.siemens.de (192.35.17.14) by klesh.pair.com with SMTP; 25 Nov 2003 15:30:06 -0000 Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.11.7/8.11.7) with ESMTP id hAPFU0629917; Tue, 25 Nov 2003 16:30:00 +0100 (MET) Received: from moody.mchh.siemens.de (moody.mchh.siemens.de [139.21.205.85]) by mail1.siemens.de (8.11.7/8.11.7) with ESMTP id hAPFU0916333; Tue, 25 Nov 2003 16:30:00 +0100 (MET) Received: from mchh246e.mchh.siemens.de (mchh246e.mchh.siemens.de [139.21.200.56]) by moody.mchh.siemens.de (8.9.3/8.9.1) with ESMTP id QAA07209; Tue, 25 Nov 2003 16:29:59 +0100 (MET) Received: by mchh246e.mchh.siemens.de with Internet Mail Service (5.5.2656.59) id ; Tue, 25 Nov 2003 16:30:01 +0100 Message-ID: <8C878B55C96F924389908D4A7384842A48BD9D@mchh2c7e.mchh.siemens.de> From: Euchner Martin To: "'Karl Norrman (KI/EAB)'" , Euchner Martin Cc: "'msec@securemulticast.org'" Subject: RE: [MSEC] Any implementations? MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) Content-Type: text/plain; charset="iso-8859-1" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 16:29:58 +0100 Karl, this is really great information! Many thanks to Ericsson for taking this step. I'm looking forward to the release. With kind regards Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Rapporteur Q.G/SG16 | Martin Euchner Phone: +49 89 722 55790 | Siemens AG.....................Fax : +49 89 722 62366 | ICN M SR 3 mailto:Martin.Euchner@siemens.com | mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://ietf.icn.siemens.de/sr3/Standardisation_Topics/security/ | D-81359 Muenchen Internet: http://www.siemens.de/ | __________________ | Germany ----------------------------------------------------------------------- -----Original Message----- From: Karl Norrman (KI/EAB) [mailto:karl.norrman@ericsson.com] Sent: Tuesday, November 25, 2003 10:52 AM To: 'janne.i@luukku.com' Cc: 'msec@securemulticast.org' Subject: RE: [MSEC] Any implementations? Hello Janne! Ericsson is planning to release a reference implementation of the MIKEY protocol. Regards, Karl >-------- Original Message -------- >Subject: [MSEC] Any implementations? >Date: Tue, 25 Nov 2003 09:43:44 +0100 >From: "Janne Ihatsu" >To: > >Hi! > >Are there how many implementations of "MSEC results" >available? I mean >some kind of products that provide security for multicast traffic by >using these MSEC research methods (GDOI, GSAKMP, MIKEY, TESLA..etc). > >I know that GDOI implementation by Brian Weis is available >but if I am >understanding >correctly, this is just for testing purposes. There is also GSAKMP >implementation (by SPARTA?). > >There are also commercial products. For example UDcast's >product UDcrypt >advertises that it is "providing MSEC key distribution compliance and >adapted GCKS". But this UDcrypt is mainly intended for DVS-B systems. > >If I want to secure multicast traffic (for example >videostream through >LAN), is this possible yet? > >Regards, >Janne I > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 10:32:49 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23107 for ; Tue, 25 Nov 2003 10:32:48 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 3FD3A53830; Tue, 25 Nov 2003 10:32:31 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 05F6B5385D for ; Tue, 25 Nov 2003 10:30:59 -0500 (EST) Received: (qmail 66346 invoked by uid 3269); 25 Nov 2003 15:30:59 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 66343 invoked from network); 25 Nov 2003 15:30:58 -0000 Received: from m4.sparta.com (157.185.61.2) by klesh.pair.com with SMTP; 25 Nov 2003 15:30:58 -0000 Received: from ambrosius.sparta.com (beta5.sparta.com [157.185.63.21]) by m4.sparta.com (8.12.8/8.12.8) with ESMTP id hAPFUswo008969; Tue, 25 Nov 2003 09:30:54 -0600 Received: from columbia.sparta.com (lilo.columbia.SPARTA.COM [157.185.80.32]) by ambrosius.sparta.com (8.12.8/8.12.8) with ESMTP id hAPFUr3L003649; Tue, 25 Nov 2003 09:30:53 -0600 Received: from sparta.com (dhcp-1.columbia.sparta.com [157.185.80.1]) by columbia.sparta.com (8.12.10+Sun/8.12.10) with ESMTP id hAPFUrqs027631; Tue, 25 Nov 2003 10:30:53 -0500 (EST) Subject: Re: [MSEC] Any implementations? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v552) Cc: msec@securemulticast.org To: Janne Ihatsu From: Hugh Harney In-Reply-To: <1069749824386.janne.i.771960.DkzwXb39jm3_4UtNRW6kUA@luukku.com> Message-Id: <5B19151E-1F5C-11D8-9BD2-000A956E63C6@sparta.com> Content-Transfer-Encoding: quoted-printable X-Mailer: Apple Mail (2.552) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 10:30:53 -0500 Content-Transfer-Encoding: quoted-printable Hello Janne, It seems that you want products not reference code. SPARTA has built some real systems using GSAKMP, but these are not open=20= the box types of systems. Our reference code is on sourceforge. Hugh On Tuesday, November 25, 2003, at 03:43 AM, Janne Ihatsu wrote: > Hi! > > Are there how many implementations of "MSEC results" available? I mean=20= > some kind of products that provide security for multicast traffic by=20= > using these MSEC research methods (GDOI, GSAKMP, MIKEY, TESLA..etc). > > I know that GDOI implementation by Brian Weis is available but if I am=20= > understanding > correctly, this is just for testing purposes. There is also GSAKMP=20 > implementation (by SPARTA?). > > There are also commercial products. For example UDcast's product=20 > UDcrypt advertises that it is "providing MSEC key distribution=20 > compliance and adapted GCKS". But this UDcrypt is mainly intended for=20= > DVS-B systems. > > If I want to secure multicast traffic (for example videostream through=20= > LAN), is this possible yet? > > Regards, > Janne I > > ............................................................ > Maksuton s=E4hk=F6posti aina k=E4yt=F6ss=E4 http://luukku.com > Kuukausimaksuton MTV3 Internet-liittym=E4 www.mtv3.fi/liittyma > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > > > Hugh Harney Sparta, = Inc. hh@sparta.com 7075 Samuel = Morse Drive (410) 872-1515 x203 Columbia, MD, = 21046 _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 12:41:20 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28997 for ; Tue, 25 Nov 2003 12:41:19 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id C02CA537A6; Tue, 25 Nov 2003 12:40:45 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id E752B537BC for ; Tue, 25 Nov 2003 12:38:19 -0500 (EST) Received: (qmail 89632 invoked by uid 3269); 25 Nov 2003 17:38:20 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 89629 invoked from network); 25 Nov 2003 17:38:19 -0000 Received: from smtp2.su.se (130.237.93.212) by klesh.pair.com with SMTP; 25 Nov 2003 17:38:19 -0000 Received: from localhost (smtp2.su.se [127.0.0.1]) by smtp2.su.se (Postfix) with ESMTP id EFDCA20033D; Tue, 25 Nov 2003 18:38:18 +0100 (CET) Received: from smtp2.su.se ([127.0.0.1]) by localhost (smtp2.su.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29886-11; Tue, 25 Nov 2003 18:38:18 +0100 (CET) Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27]) by smtp2.su.se (Postfix) with ESMTP id B02CD20011C; Tue, 25 Nov 2003 18:38:18 +0100 (CET) Received: from SeadMuftic (r2d2.cpi.seas.gwu.edu [128.164.82.43]) by unni.dsv.su.se (Postfix) with SMTP id E5FAA8B347; Tue, 25 Nov 2003 18:38:17 +0100 (CET) Message-Id: <3.0.32.20031125123817.00afe550@mail.dsv.su.se> X-Sender: sead@mail.dsv.su.se X-Mailer: Windows Eudora Pro Version 3.0 (32) To: Euchner Martin , "'Karl Norrman (KI/EAB)'" From: Sead Muftic Cc: "'msec@securemulticast.org'" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Virus-Scanned: by amavisd-new at su.se Subject: [MSEC] Secure group applications based on GSAKMP Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 12:38:19 -0500 Martin and other friends: > >this is really great information! Many thanks to Ericsson for taking this step. I'm looking forward to the release. > Since this topic generated a lots of interest, I am enclosing the copy of my E-mail which I originally sent only to Janne. ---------------------------------------------------------------------------- ---- We have the full implementation of the secure group system based on GSAKMP. It originated from the project sponsored by NSA and we tested interoperability with Sparta's GSAKMP engines. Our implementation is fully functional system, has nice GUIs for group administrators, group controllers and users. It has been only through alpha testing phase. Currently it only supports secure IM, but we are testing secure forum and secure sharing of documents, based on Web Services. Please contact me if you need any further information. For instance, I can send you a couple of PPT slides where you can see how the system looks like. Also, I may send you the manual. The system may be extended to perform protection of any other type of an application, since in principle it is a "backbone" of security services for different types of secure group applications. ---------------------------------------------------------------------------- ----- Regards, Sead Muftic CSPRI/GWU _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 14:01:29 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02224 for ; Tue, 25 Nov 2003 14:01:28 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 6B9E8535ED; Tue, 25 Nov 2003 13:59:21 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 6E30353570 for ; Tue, 25 Nov 2003 13:56:02 -0500 (EST) Received: (qmail 3280 invoked by uid 3269); 25 Nov 2003 18:56:02 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 3274 invoked from network); 25 Nov 2003 18:56:00 -0000 Received: from m4.sparta.com (157.185.61.2) by klesh.pair.com with SMTP; 25 Nov 2003 18:56:00 -0000 Received: from ambrosius.sparta.com (beta5.sparta.com [157.185.63.21]) by m4.sparta.com (8.12.8/8.12.8) with ESMTP id hAPItxwo013189 for ; Tue, 25 Nov 2003 12:55:59 -0600 Received: from columbia.sparta.com (lilo.columbia.SPARTA.COM [157.185.80.32]) by ambrosius.sparta.com (8.12.8/8.12.8) with ESMTP id hAPItv3L014099 for ; Tue, 25 Nov 2003 12:55:58 -0600 Received: from sparta.com (dhcp-1.columbia.sparta.com [157.185.80.1]) by columbia.sparta.com (8.12.10+Sun/8.12.10) with ESMTP id hAPItvqs002102 for ; Tue, 25 Nov 2003 13:55:57 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v552) Content-Type: text/plain; charset=US-ASCII; format=flowed From: Hugh Harney To: msec@securemulticast.org Content-Transfer-Encoding: 7bit Message-Id: <002F50C9-1F79-11D8-95C2-000A956E63C6@sparta.com> X-Mailer: Apple Mail (2.552) Subject: [MSEC] GSAKMP on SourceForge Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 13:55:56 -0500 Content-Transfer-Encoding: 7bit All, I just found the GSAKMP code on SourceForge. It is not fully updated to the newest spec, but it is free for use. http://gsakmp.sourceforge.net http://gsakmp.sourceforge.net/download.html Hugh Harney Sparta, Inc. hh@sparta.com 7075 Samuel Morse Drive (410) 872-1515 x203 Columbia, MD, 21046 _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 18:00:48 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA15749 for ; Tue, 25 Nov 2003 18:00:47 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8BA6253956; Tue, 25 Nov 2003 17:56:23 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 93B35537CA for ; Tue, 25 Nov 2003 15:26:27 -0500 (EST) Received: (qmail 22011 invoked by uid 3269); 25 Nov 2003 20:26:27 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 22008 invoked from network); 25 Nov 2003 20:26:27 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 25 Nov 2003 20:26:27 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA07673; Tue, 25 Nov 2003 15:26:10 -0500 (EST) Message-Id: <200311252026.PAA07673@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-arch-04.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 15:26:09 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : The Multicast Security Architecture Author(s) : T. Hardjono, B. Weis Filename : draft-ietf-msec-arch-04.txt Pages : 24 Date : 2003-11-25 This document provides an overview and rationale of the multicast security architecture used for large multicast groups. The document begins by introducing a Multicast Security Reference Framework, and proceeds to identify the security services that may be part of a secure multicast solution. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-arch-04.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-arch-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-arch-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-11-25151922.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-arch-04.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-arch-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-11-25151922.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 18:07:40 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA16372 for ; Tue, 25 Nov 2003 18:07:39 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 9E9325399E; Tue, 25 Nov 2003 17:57:37 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 9D007535CE for ; Tue, 25 Nov 2003 16:23:31 -0500 (EST) Received: (qmail 32830 invoked by uid 3269); 25 Nov 2003 21:23:31 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 32827 invoked from network); 25 Nov 2003 21:23:31 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 25 Nov 2003 21:23:31 -0000 Received: from mou1wnexc01.vcorp.ad.vrsn.com (verisign.com [65.205.251.53]) by pigeon.verisign.com (8.12.10/) with ESMTP id hAPLNSPB015395; Tue, 25 Nov 2003 13:23:29 -0800 (PST) Received: by mou1wnexc01.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id ; Tue, 25 Nov 2003 13:23:28 -0800 Message-ID: From: "Hardjono, Thomas" To: "'msec@securemulticast.org'" Cc: "'canetti'" , "'Russ Housley'" , "'smb@research.att.com'" , "'thardjono@yahoo.com'" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: [MSEC] WG Last Call for TESLA-Intro draft (closing date 19 December 2003 ) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 13:23:26 -0800 Folks, The authors of the TESLA-Intro draft have indicated that they think the draft is ready for WG Last Call. Note that this draft is for an Informational RFC, and is different from the TESLA-Spec draft. You can get the latest version here: http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-intro-01.txt Therefore, I would like to begin WG Last Call for the TESLA-Intro draft, with a closing date of 19 December 2003. Please send your comments to the list a.s.a.p. Regards. thomas ------ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 18:18:01 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA17503 for ; Tue, 25 Nov 2003 18:18:01 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 8B062537FF; Tue, 25 Nov 2003 17:58:16 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 874195359C for ; Tue, 25 Nov 2003 16:29:11 -0500 (EST) Received: (qmail 33761 invoked by uid 3269); 25 Nov 2003 21:29:11 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 33756 invoked from network); 25 Nov 2003 21:29:11 -0000 Received: from peacock.verisign.com (65.205.251.73) by klesh.pair.com with SMTP; 25 Nov 2003 21:29:11 -0000 Received: from MOU1WNEXC03.vcorp.ad.vrsn.com ([65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hAPLTALR017880 for ; Tue, 25 Nov 2003 13:29:10 -0800 (PST) Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id ; Tue, 25 Nov 2003 13:29:10 -0800 Message-ID: From: "Hardjono, Thomas" To: "'msec@securemulticast.org'" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: [MSEC] Slides and minutes from MSEC at IETF-58 in Minn. now online Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 13:29:08 -0800 Folks, The slides and minutes of the MSEC WG meeting at IETF-58 in Minneapolis is now online at the MSEC website: http://www.securemulticast.org/msec-meetings.htm cheers, thomas ------ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Nov 25 18:23:31 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA17664 for ; Tue, 25 Nov 2003 18:23:30 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id E8D9F539BF; Tue, 25 Nov 2003 17:58:25 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 07A7D535C0 for ; Tue, 25 Nov 2003 16:43:40 -0500 (EST) Received: (qmail 36245 invoked by uid 3269); 25 Nov 2003 21:43:39 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 36242 invoked from network); 25 Nov 2003 21:43:39 -0000 Received: from peacock.verisign.com (65.205.251.73) by klesh.pair.com with SMTP; 25 Nov 2003 21:43:39 -0000 Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.10/) with ESMTP id hAPLhbLR021615 for ; Tue, 25 Nov 2003 13:43:37 -0800 (PST) Received: by mou1wnexc02.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id ; Tue, 25 Nov 2003 13:43:37 -0800 Message-ID: From: "Hardjono, Thomas" To: "'msec@securemulticast.org'" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: [MSEC] WG Last Call for TESLA-Intro draft (closing date 19 December 2003 ) Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Nov 2003 13:43:37 -0800 Folks, The authors of the TESLA-Intro draft have indicated that they think the draft is ready for WG Last Call. Note that this draft is for an Informational RFC, and is different from the TESLA-Spec draft. You can get the latest version here: http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-intro-01.txt Therefore, I would like to begin WG Last Call for the TESLA-Intro draft, with a closing date of 19 December 2003. Please send your comments to the list a.s.a.p. Regards. thomas ------ _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Nov 26 03:37:56 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA27444 for ; Wed, 26 Nov 2003 03:37:56 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 337525382A; Wed, 26 Nov 2003 03:33:14 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 921C45358C for ; Wed, 26 Nov 2003 03:31:37 -0500 (EST) Received: (qmail 73688 invoked by uid 3269); 26 Nov 2003 08:31:37 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 73658 invoked from network); 26 Nov 2003 08:31:37 -0000 Received: from goliath.siemens.de (192.35.17.28) by klesh.pair.com with SMTP; 26 Nov 2003 08:31:37 -0000 Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by goliath.siemens.de (8.11.7/8.11.7) with ESMTP id hAQ8VWV26770; Wed, 26 Nov 2003 09:31:33 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail3.siemens.de (8.11.7/8.11.7) with ESMTP id hAQ8VVF07622; Wed, 26 Nov 2003 09:31:31 +0100 (MET) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.10/8.12.10/$SiemensCERT: mail/cert.mc.pre,v 1.56 2003/11/06 20:07:28 ust Exp $) with ESMTP id hAQ8VUSr060368; Wed, 26 Nov 2003 09:31:31 +0100 (CET) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id hAQ8VUEk018048; Wed, 26 Nov 2003 09:31:30 +0100 (MET) From: "Steffen Fries" Organization: Siemens AG To: "Karl Norrman (KI/EAB)" MIME-Version: 1.0 Subject: RE: [MSEC] Any implementations? Reply-To: steffen.fries@siemens.com Cc: msec@securemulticast.org Message-ID: <3FC472EF.14902.4879DAB@localhost> Priority: normal In-reply-to: <1F55F6582266314A85A55F6241509B67078E55A0@Esealnt863.al.sw.ericsson.se> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 26 Nov 2003 09:31:27 +0100 Content-Transfer-Encoding: 7BIT Hi Karl, that is good the hear. I already talked to Frederik and Elisabetta regarding this step. What is the plan from Ericsson releasing the reference implementation in terms of time? Regards Steffen From: "Karl Norrman (KI/EAB)" To: "'janne.i@luukku.com'" Copies to: "'msec@securemulticast.org'" Subject: RE: [MSEC] Any implementations? Date sent: Tue, 25 Nov 2003 10:51:31 +0100 > Hello Janne! > > Ericsson is planning to release a reference implementation of the > MIKEY protocol. > > Regards, > Karl > > >-------- Original Message -------- > >Subject: [MSEC] Any implementations? > >Date: Tue, 25 Nov 2003 09:43:44 +0100 > >From: "Janne Ihatsu" > >To: > > > >Hi! > > > >Are there how many implementations of "MSEC results" > >available? I mean > >some kind of products that provide security for multicast traffic by > >using these MSEC research methods (GDOI, GSAKMP, MIKEY, TESLA..etc). > > >I know that GDOI implementation by Brian Weis is available >but if > I am >understanding >correctly, this is just for testing purposes. > There is also GSAKMP >implementation (by SPARTA?). > >There are also > commercial products. For example UDcast's >product UDcrypt > >advertises that it is "providing MSEC key distribution compliance > and >adapted GCKS". But this UDcrypt is mainly intended for DVS-B > systems. > >If I want to secure multicast traffic (for example > >videostream through >LAN), is this possible yet? > >Regards, >Janne > I > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Nov 28 04:48:28 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA19922 for ; Fri, 28 Nov 2003 04:48:26 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 7AC35538C9; Fri, 28 Nov 2003 04:48:06 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 041A75369E for ; Fri, 28 Nov 2003 04:47:49 -0500 (EST) Received: (qmail 20390 invoked by uid 3269); 28 Nov 2003 09:47:49 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 20387 invoked from network); 28 Nov 2003 09:47:48 -0000 Received: from penguin-ext.wise.edt.ericsson.se (193.180.251.47) by klesh.pair.com with SMTP; 28 Nov 2003 09:47:48 -0000 Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by penguin-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8) with ESMTP id hAS9liSs014321; Fri, 28 Nov 2003 10:47:44 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2657.72) id ; Fri, 28 Nov 2003 10:47:47 +0100 Message-ID: <4E85E49D1F0CBF4F96EA08E335750D7D062EFF2A@Esealnt877.al.sw.ericsson.se> From: "Elisabetta Carrara (KI/EAB)" To: "'steffen.fries@siemens.com'" Cc: msec@securemulticast.org MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" Subject: [MSEC] RE: MIKEY Question Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 28 Nov 2003 10:43:36 +0100 Hi Steffen, one issue with provisional responses is that they might be sent not reliably (however SIP has an extension mechanism to add reliability to them). It seems then better to use the formulation "the offer and the answer to the offer" (the answer is intended as the first reliable answer). You might have implementations accepting some clipping at the beginning, otherwise they might e.g. use the reliable provisional response. Please also look at the new security pre-condition draft in mmusic (Mark is one of the authors), I understand it is exactly to avoid RTP arriving before the security is set up. Cheers /Elisabetta > -----Original Message----- > From: Steffen Fries [mailto:steffen.fries@siemens.com] > Sent: den 24 november 2003 11:25 > To: Elisabetta Carrara (KI/EAB) > Cc: msec@securemulticast.org > Subject: MIKEY Question > > > Hi Elisabetta, > > do you have any recommendation in which SIP return message the > second MIKEY message in case of DH based key exchange should be > sent? > It might be a matter of implementation, but imagine a scenario, > where a caller sends a SETUP to a callee (including the MIKEY > message). Now, he gets a RINGING back. Should the ringing > already contain the second MIKEY message or the OK? In case of > RINGING, the call may not be completed, and thus, the MIKEY > data have been exchanged without actually being used. In case > of okay, the callee may already start sending RTP data before > the OK message arrives at the caller. > > Is there any recommendation, which message should be taken? > > Regards > Steffen > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec