From saag-bounces@ietf.org Fri Nov 14 14:57:10 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 551C23A6A9D; Fri, 14 Nov 2008 14:57:10 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B65AD3A6A9D for ; Fri, 14 Nov 2008 14:57:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5xIVVRFruog for ; Fri, 14 Nov 2008 14:57:07 -0800 (PST) Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by core3.amsl.com (Postfix) with ESMTP id 8EDD53A677E for ; Fri, 14 Nov 2008 14:57:06 -0800 (PST) Received: from facesaver.epoch.ncsc.mil (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id mAEMuiJu016909; Fri, 14 Nov 2008 22:56:44 GMT Received: from [144.51.25.2] (moss-terrapins [144.51.25.2]) by facesaver.epoch.ncsc.mil (8.13.1/8.13.1) with ESMTP id mAEMuekY005757; Fri, 14 Nov 2008 17:56:40 -0500 From: "David P. Quigley" To: paul.moore@hp.com, latten@austin.ibm.com, Kurt.Zeilenga@Isode.com, saag@ietf.org, Nicolas.Williams@sun.com, Jarrett.Lu@sun.com, hartmans-ietf@mit.edu, doi-discuss@opensolaris.org Date: Fri, 14 Nov 2008 17:36:17 -0500 Message-Id: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9) Subject: [saag] Date and Time for Security Label Bar BOF X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Hello, For those who were interested in the Security Label Bar BOF we will be holding it on Wednesday in the evening after the Operations and Administration Plenary (roughly 8 or 8:30). I'm tentatively setting this time so if you have other suggestions or believe it should be earlier feel free to suggest another time. I will try to find a location for the BOF once I arrive on Sunday and once I have found it I will post the location to the mailing list. I will not have access to this email account while at IETF but I will be subscribed to the SAAG and doi-discuss mailing lists with a travel account. The bar BOF is meeting to discuss a consistent definition of Domains of Interpretation and will also consist of discussion on the management and administration of DOIs as well. A conversation about this has already started on the DOI Discussion mailing list which can be found at the link below[1]. We hope to start with the definition defined in the CALIPSO draft and see what changes need to be made to allow it to support work being done with Labeled IPSec and Labeled NFS. While we are meeting to discuss DOIs, if there are additional topics relating to security labels feel free to notify me and I will put them on the agenda. Dave Quigley [1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Fri Nov 14 17:49:56 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C97293A6A67; Fri, 14 Nov 2008 17:49:56 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 90E5D3A6A67 for ; Fri, 14 Nov 2008 17:49:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.046 X-Spam-Level: X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKG0E0o7zAiH for ; Fri, 14 Nov 2008 17:49:54 -0800 (PST) Received: from sca-es-mail-1.sun.com (sca-es-mail-1.Sun.COM [192.18.43.132]) by core3.amsl.com (Postfix) with ESMTP id C2ED43A6980 for ; Fri, 14 Nov 2008 17:49:54 -0800 (PST) Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id mAF1nnk4001558 for ; Fri, 14 Nov 2008 17:49:51 -0800 (PST) Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0KAC00D01QDZOB00@fe-sfbay-10.sun.com> (original mail from Jarrett.Lu@Sun.COM) for saag@ietf.org; Fri, 14 Nov 2008 17:49:49 -0800 (PST) Received: from [129.146.108.117] by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0KAC0049SQF0ID30@fe-sfbay-10.sun.com>; Fri, 14 Nov 2008 17:49:48 -0800 (PST) Date: Fri, 14 Nov 2008 17:49:48 -0800 From: Jarrett Lu In-reply-to: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> To: "David P. Quigley" Message-id: <491E2ABC.5000900@sun.com> MIME-version: 1.0 References: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> User-Agent: Thunderbird 2.0.0.17 (X11/20081023) Cc: doi-discuss@opensolaris.org, Nicolas.Williams@Sun.COM, Kurt.Zeilenga@Isode.com, saag@ietf.org, latten@austin.ibm.com, hartmans-ietf@mit.edu Subject: Re: [saag] [doi-discuss] Date and Time for Security Label Bar BOF X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Hi, Can we do this BOF on Sunday or Monday evening? Tuesday would work for me, but it conflicts with the social event. I need to leave on Wednesday, and I really like to be at the BOF. Thanks. Jarrett David P. Quigley wrote: > Hello, > > For those who were interested in the Security Label Bar BOF we will be holding > it on Wednesday in the evening after the Operations and Administration Plenary > (roughly 8 or 8:30). I'm tentatively setting this time so if you have other > suggestions or believe it should be earlier feel free to suggest another time. I > will try to find a location for the BOF once I arrive on Sunday and once I have > found it I will post the location to the mailing list. I will not have access to > this email account while at IETF but I will be subscribed to the SAAG and > doi-discuss mailing lists with a travel account. > > The bar BOF is meeting to discuss a consistent definition of Domains of > Interpretation and will also consist of discussion on the management and > administration of DOIs as well. A conversation about this has already started on > the DOI Discussion mailing list which can be found at the link below[1]. We hope > to start with the definition defined in the CALIPSO draft and see what changes > need to be made to allow it to support work being done with Labeled IPSec and > Labeled NFS. > > While we are meeting to discuss DOIs, if there are additional topics relating to > security labels feel free to notify me and I will put them on the agenda. > > Dave Quigley > > > [1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss > > > _______________________________________________ > doi-discuss mailing list > doi-discuss@opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/doi-discuss > _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Sat Nov 15 08:05:51 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9E593A6809; Sat, 15 Nov 2008 08:05:51 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B34428C0E0 for ; Fri, 14 Nov 2008 16:21:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ys9Jkbg+RGb5 for ; Fri, 14 Nov 2008 16:21:56 -0800 (PST) Received: from e33.co.us.ibm.com (e33.co.us.ibm.com [32.97.110.151]) by core3.amsl.com (Postfix) with ESMTP id 91AFC3A67B4 for ; Fri, 14 Nov 2008 16:21:56 -0800 (PST) Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com [9.17.195.106]) by e33.co.us.ibm.com (8.13.1/8.13.1) with ESMTP id mAF0LSUW007885 for ; Fri, 14 Nov 2008 17:21:28 -0700 Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by d03relay04.boulder.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id mAF0Lt50124926 for ; Fri, 14 Nov 2008 17:21:55 -0700 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id mAF0Ltg0004838 for ; Fri, 14 Nov 2008 17:21:55 -0700 Received: from austin.ibm.com (netmail1.austin.ibm.com [9.41.248.175]) by d03av04.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id mAF0LtYA004834; Fri, 14 Nov 2008 17:21:55 -0700 Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id mAF0Ls4j043214; Fri, 14 Nov 2008 18:21:54 -0600 Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1]) by faith.austin.ibm.com (8.14.2/8.12.8) with ESMTP id mAF001WQ001061; Fri, 14 Nov 2008 18:00:01 -0600 Received: (from jml@localhost) by faith.austin.ibm.com (8.14.2/8.14.2/Submit) id mAF000VD001060; Fri, 14 Nov 2008 18:00:00 -0600 X-Authentication-Warning: faith.austin.ibm.com: jml set sender to latten@austin.ibm.com using -f From: Joy Latten To: "David P. Quigley" In-Reply-To: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> References: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> Date: Fri, 14 Nov 2008 18:00:00 -0600 Message-Id: <1226707200.2735.12.camel@faith.austin.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 (2.12.3-3.fc8) X-Mailman-Approved-At: Sat, 15 Nov 2008 08:05:51 -0800 Cc: doi-discuss@opensolaris.org, Nicolas.Williams@sun.com, Kurt.Zeilenga@Isode.com, saag@ietf.org, Jarrett.Lu@sun.com, hartmans-ietf@mit.edu Subject: Re: [saag] Date and Time for Security Label Bar BOF X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Hi David, I won't be at the coming IETF meeting, but I would most definitely like to help or participate any way that I can. Please let me know what I can do to assist from afar. :-) Thanks!! regards, Joy Latten On Fri, 2008-11-14 at 17:36 -0500, David P. Quigley wrote: > Hello, > > For those who were interested in the Security Label Bar BOF we will be holding > it on Wednesday in the evening after the Operations and Administration Plenary > (roughly 8 or 8:30). I'm tentatively setting this time so if you have other > suggestions or believe it should be earlier feel free to suggest another time. I > will try to find a location for the BOF once I arrive on Sunday and once I have > found it I will post the location to the mailing list. I will not have access to > this email account while at IETF but I will be subscribed to the SAAG and > doi-discuss mailing lists with a travel account. > > The bar BOF is meeting to discuss a consistent definition of Domains of > Interpretation and will also consist of discussion on the management and > administration of DOIs as well. A conversation about this has already started on > the DOI Discussion mailing list which can be found at the link below[1]. We hope > to start with the definition defined in the CALIPSO draft and see what changes > need to be made to allow it to support work being done with Labeled IPSec and > Labeled NFS. > > While we are meeting to discuss DOIs, if there are additional topics relating to > security labels feel free to notify me and I will put them on the agenda. > > Dave Quigley > > > [1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss > _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Sat Nov 15 11:31:43 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0B833A67D1; Sat, 15 Nov 2008 11:31:43 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F8063A67D1 for ; Sat, 15 Nov 2008 11:31:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKz8FZWriuDx for ; Sat, 15 Nov 2008 11:31:41 -0800 (PST) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by core3.amsl.com (Postfix) with ESMTP id D398F3A6403 for ; Sat, 15 Nov 2008 11:31:41 -0800 (PST) Received: by rv-out-0506.google.com with SMTP id b25so1819678rvf.49 for ; Sat, 15 Nov 2008 11:31:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=XmaUbwHJ06gHE9dsQY+3ur4vM06FR5bRYOGUwdhUmVM=; b=a7gfsu8OyCAoZplQYmQ2BRPBCGNvpqjx+csARtg1sR0cDlS3G2+UdFPivYjgInbYST A2h9F2YqLIOPZeidLbGxVC5mrXV6FlnFXQU8kUczav4HLkzAz5RlA8D7MNPTs0PX5Z1I X/+VbqxDNjDlKYUBy/vtaGYXrjhysIpUQVfuE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=JeyWPN5XTOYu64y7yZQKFPi/V6ogKDud3TX7OIXi7P4Bhmr0W8YyoBRqhZCQ/gRocs aRq9N3quhQZ80VcvdERYhNJLvJkDyvWYOWDe4OF/I8dj2hD3zAZGHHHe04HU/95xIVmk crlRU93/6Ku6Cs1Olgo1/0U6RfNl004KgdRLM= Received: by 10.142.50.15 with SMTP id x15mr1067159wfx.323.1226777501397; Sat, 15 Nov 2008 11:31:41 -0800 (PST) Received: by 10.142.173.16 with HTTP; Sat, 15 Nov 2008 11:31:41 -0800 (PST) Message-ID: <678210550811151131w56123c6bib39c13bf93e4c16a@mail.gmail.com> Date: Sat, 15 Nov 2008 14:31:41 -0500 From: "David Quigley" To: "Jarrett Lu" In-Reply-To: <491E2ABC.5000900@sun.com> MIME-Version: 1.0 References: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> <491E2ABC.5000900@sun.com> Cc: doi-discuss@opensolaris.org, Nicolas.Williams@sun.com, Kurt.Zeilenga@isode.com, saag@ietf.org, latten@austin.ibm.com, hartmans-ietf@mit.edu Subject: Re: [saag] [doi-discuss] Date and Time for Security Label Bar BOF X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0724635108==" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org --===============0724635108== Content-Type: multipart/alternative; boundary="----=_Part_25745_32776418.1226777501401" ------=_Part_25745_32776418.1226777501401 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline We can do Monday evening. I thought people might be a bit weary from traveling so I pushed it to a bit later in the week. If those who have expressed a desire to attend don't mind we can we can probably try for 2000 on Monday since the last session that day runs till 1930. On Fri, Nov 14, 2008 at 8:49 PM, Jarrett Lu wrote: > Hi, > > Can we do this BOF on Sunday or Monday evening? Tuesday would > work for me, but it conflicts with the social event. I need to leave on > Wednesday, and I really like to be at the BOF. > > Thanks. > > Jarrett > > > > David P. Quigley wrote: > >> Hello, >> >> For those who were interested in the Security Label Bar BOF we will be >> holding >> it on Wednesday in the evening after the Operations and Administration >> Plenary >> (roughly 8 or 8:30). I'm tentatively setting this time so if you have >> other >> suggestions or believe it should be earlier feel free to suggest another >> time. I >> will try to find a location for the BOF once I arrive on Sunday and once I >> have >> found it I will post the location to the mailing list. I will not have >> access to >> this email account while at IETF but I will be subscribed to the SAAG and >> doi-discuss mailing lists with a travel account. >> >> The bar BOF is meeting to discuss a consistent definition of Domains of >> Interpretation and will also consist of discussion on the management and >> administration of DOIs as well. A conversation about this has already >> started on >> the DOI Discussion mailing list which can be found at the link below[1]. >> We hope >> to start with the definition defined in the CALIPSO draft and see what >> changes >> need to be made to allow it to support work being done with Labeled IPSec >> and >> Labeled NFS. >> >> While we are meeting to discuss DOIs, if there are additional topics >> relating to >> security labels feel free to notify me and I will put them on the agenda. >> >> Dave Quigley >> >> >> [1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss >> >> >> _______________________________________________ >> doi-discuss mailing list >> doi-discuss@opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/doi-discuss >> >> > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > ------=_Part_25745_32776418.1226777501401 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline We can do Monday evening. I thought people might be a bit weary from traveling so I pushed it to a bit later in the week. If those who have expressed a desire to attend don't mind we can we can probably try for 2000 on Monday since the last session that day runs till 1930.

On Fri, Nov 14, 2008 at 8:49 PM, Jarrett Lu <Jarrett.Lu@sun.com> wrote:
Hi,

Can we do this BOF on Sunday or Monday evening? Tuesday would
work for me, but it conflicts with the social event. I need to leave on
Wednesday, and I really like to be at the BOF.

Thanks.

Jarrett




David P. Quigley wrote:
Hello,

For those who were interested in the Security Label Bar BOF we will be holding
it on Wednesday in the evening after the Operations and Administration Plenary
(roughly 8 or 8:30). I'm tentatively setting this time so if you have other
suggestions or believe it should be earlier feel free to suggest another time. I
will try to find a location for the BOF once I arrive on Sunday and once I have
found it I will post the location to the mailing list. I will not have access to
this email account while at IETF but I will be subscribed to the SAAG and
doi-discuss mailing lists with a travel account.

The bar BOF is meeting to discuss a consistent definition of Domains of
Interpretation and will also consist of discussion on the management and
administration of DOIs as well. A conversation about this has already started on
the DOI Discussion mailing list which can be found at the link below[1]. We hope
to start with the definition defined in the CALIPSO draft and see what changes
need to be made to allow it to support work being done with Labeled IPSec and
Labeled NFS.

While we are meeting to discuss DOIs, if there are additional topics relating to
security labels feel free to notify me and I will put them on the agenda.

Dave Quigley


[1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss


_______________________________________________
doi-discuss mailing list
doi-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/doi-discuss
 

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

------=_Part_25745_32776418.1226777501401-- --===============0724635108== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag --===============0724635108==-- From saag-bounces@ietf.org Mon Nov 17 06:16:21 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7702E28C0F5; Mon, 17 Nov 2008 06:16:21 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C825728C0E9 for ; Mon, 17 Nov 2008 06:16:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmkG1w8yQBIg for ; Mon, 17 Nov 2008 06:16:19 -0800 (PST) Received: from g4t0014.houston.hp.com (g4t0014.houston.hp.com [15.201.24.17]) by core3.amsl.com (Postfix) with ESMTP id 3301F28C0FD for ; Mon, 17 Nov 2008 06:16:18 -0800 (PST) Received: from g5t0030.atlanta.hp.com (g5t0030.atlanta.hp.com [16.228.8.142]) by g4t0014.houston.hp.com (Postfix) with ESMTP id 21C622431C; Mon, 17 Nov 2008 14:16:17 +0000 (UTC) Received: from ldl.fc.hp.com (ldl.fc.hp.com [15.11.146.30]) by g5t0030.atlanta.hp.com (Postfix) with ESMTP id 557B52400A; Mon, 17 Nov 2008 14:15:34 +0000 (UTC) Received: from localhost (ldl.fc.hp.com [127.0.0.1]) by ldl.fc.hp.com (Postfix) with ESMTP id 7C84039C017; Mon, 17 Nov 2008 07:15:34 -0700 (MST) X-Virus-Scanned: Debian amavisd-new at ldl.fc.hp.com Received: from ldl.fc.hp.com ([127.0.0.1]) by localhost (ldl.fc.hp.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u3vHYDIYLjmw; Mon, 17 Nov 2008 07:15:33 -0700 (MST) Received: from flek.lan (squirrel.fc.hp.com [15.11.146.57]) by ldl.fc.hp.com (Postfix) with ESMTP id B457D39C00D; Mon, 17 Nov 2008 07:15:33 -0700 (MST) From: Paul Moore Organization: Hewlett-Packard To: doi-discuss@opensolaris.org Date: Mon, 17 Nov 2008 09:15:32 -0500 User-Agent: KMail/1.9.10 References: <1226702177.25837.33.camel@moss-terrapins.epoch.ncsc.mil> <491E2ABC.5000900@sun.com> <678210550811151131w56123c6bib39c13bf93e4c16a@mail.gmail.com> In-Reply-To: <678210550811151131w56123c6bib39c13bf93e4c16a@mail.gmail.com> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200811170915.33011.paul.moore@hp.com> Cc: Nicolas.Williams@sun.com, Kurt.Zeilenga@isode.com, saag@ietf.org, latten@austin.ibm.com, Jarrett Lu , hartmans-ietf@mit.edu Subject: Re: [saag] [doi-discuss] Date and Time for Security Label Bar BOF X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org On Saturday 15 November 2008 2:31:41 pm David Quigley wrote: > We can do Monday evening. I thought people might be a bit weary from > traveling so I pushed it to a bit later in the week. If those who > have expressed a desire to attend don't mind we can we can probably > try for 2000 on Monday since the last session that day runs till > 1930. Unfortunately I won't be able to make it (I'm not at the IETF this week), if anyone manages to take notes I'd really appreciate it if they could post them to the list. Thanks. -- paul moore linux @ hp _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Mon Nov 17 09:12:17 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DDB63A6A4E; Mon, 17 Nov 2008 09:12:17 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7BA93A677D for ; Mon, 17 Nov 2008 09:12:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGENTqaf3vOi for ; Mon, 17 Nov 2008 09:12:14 -0800 (PST) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by core3.amsl.com (Postfix) with ESMTP id AC9583A6911 for ; Mon, 17 Nov 2008 09:12:13 -0800 (PST) Received: by yx-out-2324.google.com with SMTP id 8so1457224yxg.49 for ; Mon, 17 Nov 2008 09:12:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=FUY+h9fiUTdn1zb7w/gO9UzWdtZaHGx94DeU7cgsFPk=; b=MxfOLbPeZn2+4EsMv+F9y9hVw4DyD7zEwD9eiy0KIL9ii0fYtZaPVD7QHSbT2ns4tb JntX9/qF2ibdCUlXeK7TaUBMEGnZflj88GYur8hPNxNU5/+cv8tZsX598ZFFOUX6KQ3w CsxJZcwLQ+lWoIac98WBTbwi3D9UJgzbXKwKw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=Yx/cOqwQmJq8vvx8vCEN510vxNEgQUtrGhWehhBOJihUD4adboumf4m5e+qImVY2/u ysR3Bi0icb6Z8V6yIIBNubsDt56FQ6Jy5JBreRnDqlJhkfTovAIPjc+4Z7R+7NoDeHjF /PykPVKfsetqi6ssy1iNIOT2LoBcEmPOULlVA= Received: by 10.142.237.20 with SMTP id k20mr2070571wfh.305.1226941931733; Mon, 17 Nov 2008 09:12:11 -0800 (PST) Received: by 10.142.173.16 with HTTP; Mon, 17 Nov 2008 09:12:11 -0800 (PST) Message-ID: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> Date: Mon, 17 Nov 2008 11:12:11 -0600 From: "David Quigley" To: saag@ietf.org, 73attendees@ietf.org MIME-Version: 1.0 Subject: [saag] Security Label BOF Location and Time X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0241346969==" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org --===============0241346969== Content-Type: multipart/alternative; boundary="----=_Part_47317_768673.1226941931720" ------=_Part_47317_768673.1226941931720 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello, The Security Label Bar BOF will start by meeting in the lobby of the Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I have a list of local restaurants/pubs from the concierge and it lists an Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of the Hilton. If people prefer to stay at the hotel we can also use the restaurant down stairs as well. I figure if we go to one of the pubs people can eat there if they like or just go for drinks if they have already eaten. Since I haven't received any other topics people wish to discuss the agenda at the moment contains one item (all be it a complex one). Background: Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different. Discussion Topics: Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO document has a good starting point for a definition but it is very MLS centric. In addition to the two documents mentioned above there is also are also a couple of documents floating around pertaining to labeled IPSec which also contain a definition of DOIs. Once these make there way to the working group there will be four documents which will have the concept of a DOI. In this meeting I would like to see what changes need to be made to the CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially Labeled IPSec. Once we come up with this we can draw up an initial draft of a document outlining DOIs which these documents could use as a normative reference. In addition to this I would also like to see a discussion on the administration and management of the DOI space.If people with experience handling DOIs are present it would be useful to hear some issues that have been encountered in traditional systems. Dave Quigley ------=_Part_47317_768673.1226941931720 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Hello,

  &nb= sp; The Security Label Bar BOF will start by meeting in the lobby of= the Hilton at 8pm. From there we can choose one of the nearby pubs to go t= o. I have a list of local restaurants/pubs from the concierge and it lists = an Irish pub (The Local) and a British pub (Brit's Pub) within two bloc= ks of the Hilton. If people prefer to stay at the hotel we can also use the= restaurant down stairs as well. I figure if we go to one of the pubs peopl= e can eat there if they like or just go for drinks if they have already eat= en.

 

Since I haven't received any other topics people wi= sh to discuss the agenda at the moment contains one item (all be it a compl= ex one).

 

Background:

 

Originally the term Security Label consisted of MLS and= Integrity labels as they were used in the orange book. Since then there ha= ve been other forms of mandatory access control(MAC) and some MAC systems s= uch as SELinux which implement several of the forms within the same system(= Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems th= e policy is very rigid with the model being built into the operating system= . In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea = of flexibility of policy and mechanism have made it such that even if two s= ystems use the same MAC model they may each possess completely different po= licies. Because of this the idea of a Domain of Interpretation(DOI) has bec= ome more important. Conceptually a DOI is a collection of systems where a l= abel has a consistant semantic meaning across all of those systems. Traditi= onally MLS labels were represented as integers and bit fields so a DOI in t= his context defined what bits corresponded to which categories and what lev= els were present. In more recent systems labels are more directly represent= ed as strings. For example in a DTE system a label may be httpd_content_t a= nd two systems may possess this label but the semantics of it may be differ= ent.

 

Discussion Topics:

 

Since several drafts exist that use security labels (CA= LIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI.= The CALIPSO document has a good starting point for a definition but it is = very MLS centric. In addition to the two documents mentioned above there is= also are also a couple of documents floating around pertaining to labeled = IPSec which also contain a definition of DOIs. Once these make there way to= the working group there will be four documents which will have the concept= of a DOI.

 

In this meeting I would like to see what changes need t= o be made to the CALIPSO DOI definition that makes it suitable to Labeled N= FS and potentially Labeled IPSec. Once we come up with this we can draw up = an initial draft of a document outlining DOIs which these documents could u= se as a normative reference. In addition to this I would also like to see a= discussion on the administration and management of the DOI space.If people= with experience handling DOIs are present  it would be useful to hear some issues that have been encoun= tered in traditional systems.

 

Dave Quigley

------=_Part_47317_768673.1226941931720-- --===============0241346969== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag --===============0241346969==-- From saag-bounces@ietf.org Mon Nov 17 09:55:00 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 657E228C158; Mon, 17 Nov 2008 09:55:00 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E561B28C15B for ; Mon, 17 Nov 2008 09:54:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdTsZNoSuzcr for ; Mon, 17 Nov 2008 09:54:58 -0800 (PST) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by core3.amsl.com (Postfix) with ESMTP id 8D85D28C10E for ; Mon, 17 Nov 2008 09:54:58 -0800 (PST) Received: by yx-out-2324.google.com with SMTP id 8so1468956yxg.49 for ; Mon, 17 Nov 2008 09:54:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=DDfiwL4j8+ggNqSCqPAji0UqMyMl1r/0xuu63LGCOik=; b=Mbcp5d0efOISj07q0BMbn9rCIopYkiQgpYrjttbSPtTnv8lAvVYHAysZQ5VBLALI0p hvLlvko+LW0q1g8RLaV7iivFwYbaZV0E75ZhyHZkDqDl6xsoPP1eT62uynKFdQjjc7Bs uad3DdgRdq9fQ/ChEZR5OptDBx22+H9z0i1qM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=n5RkUcQ2BnEIGaQlZqsup0rQok9BCRu3pV4Vx+2HmqB5Y14N/UUpo1CRUw8IKaThHn 9uspGHC7eAxqsqqLbZ86zA7e8vjfdIgFIp4au6TYvWNRLenkRx0mtx+xbqRJZL5Ez3v3 vlCAW3tJjF4aBwetND0oEyhNMW2SUcpoCASDc= Received: by 10.142.165.14 with SMTP id n14mr2093123wfe.129.1226944496965; Mon, 17 Nov 2008 09:54:56 -0800 (PST) Received: by 10.142.173.16 with HTTP; Mon, 17 Nov 2008 09:54:56 -0800 (PST) Message-ID: <678210550811170954g24368876pfa8813ad41852633@mail.gmail.com> Date: Mon, 17 Nov 2008 11:54:56 -0600 From: "David Quigley" To: saag@ietf.org, 73attendees@ietf.org In-Reply-To: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> MIME-Version: 1.0 References: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> Subject: Re: [saag] Security Label BOF Location and Time X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0811536108==" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org --===============0811536108== Content-Type: multipart/alternative; boundary="----=_Part_48374_6429256.1226944496949" ------=_Part_48374_6429256.1226944496949 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Just to clarify that is 8pm Today (Monday) that we are meeting. Dave On Mon, Nov 17, 2008 at 11:12 AM, David Quigley wrote: > Hello, > > The Security Label Bar BOF will start by meeting in the lobby of the > Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I > have a list of local restaurants/pubs from the concierge and it lists an > Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of > the Hilton. If people prefer to stay at the hotel we can also use the > restaurant down stairs as well. I figure if we go to one of the pubs people > can eat there if they like or just go for drinks if they have already eaten. > > > > Since I haven't received any other topics people wish to discuss the agenda > at the moment contains one item (all be it a complex one). > > > > Background: > > > > Originally the term Security Label consisted of MLS and Integrity labels as > they were used in the orange book. Since then there have been other forms of > mandatory access control(MAC) and some MAC systems such as SELinux which > implement several of the forms within the same system(Domain Type > Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is > very rigid with the model being built into the operating system. In more > recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of > flexibility of policy and mechanism have made it such that even if two > systems use the same MAC model they may each possess completely different > policies. Because of this the idea of a Domain of Interpretation(DOI) has > become more important. Conceptually a DOI is a collection of systems where a > label has a consistant semantic meaning across all of those systems. > Traditionally MLS labels were represented as integers and bit fields so a > DOI in this context defined what bits corresponded to which categories and > what levels were present. In more recent systems labels are more directly > represented as strings. For example in a DTE system a label may be > httpd_content_t and two systems may possess this label but the semantics of > it may be different. > > > > Discussion Topics: > > > > Since several drafts exist that use security labels (CALIPSO, Labeled > NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO > document has a good starting point for a definition but it is very MLS > centric. In addition to the two documents mentioned above there is also are > also a couple of documents floating around pertaining to labeled IPSec which > also contain a definition of DOIs. Once these make there way to the working > group there will be four documents which will have the concept of a DOI. > > > > In this meeting I would like to see what changes need to be made to the > CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially > Labeled IPSec. Once we come up with this we can draw up an initial draft of > a document outlining DOIs which these documents could use as a normative > reference. In addition to this I would also like to see a discussion on the > administration and management of the DOI space.If people with experience > handling DOIs are present it would be useful to hear some issues that > have been encountered in traditional systems. > > > > Dave Quigley > ------=_Part_48374_6429256.1226944496949 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Just to clarify that is 8pm Today (Monday) that we are meeting.

Dave

On Mon, Nov 17, 2008 at 11:12 AM, David Quigley = <quigleys= travels@gmail.com> wrote:

= Hello,

    The Security Label Bar BOF will start= by meeting in the lobby of the Hilton at 8pm. From there we can choose one= of the nearby pubs to go to. I have a list of local restaurants/pubs from = the concierge and it lists an Irish pub (The Local) and a British pub (Brit= 's Pub) within two blocks of the Hilton. If people prefer to stay at th= e hotel we can also use the restaurant down stairs as well. I figure if we = go to one of the pubs people can eat there if they like or just go for drin= ks if they have already eaten.

=  

= Since I haven't received any other topics people wish to discuss the ag= enda at the moment contains one item (all be it a complex one).

=  

= Background:

=  

= Originally the term Security Label consisted of MLS and Integrity labels as= they were used in the orange book. Since then there have been other forms = of mandatory access control(MAC) and some MAC systems such as SELinux which= implement several of the forms within the same system(Domain Type Enforcem= ent (DTE), RBAC and MLS). In traditional MAC systems the policy is very rig= id with the model being built into the operating system. In more recent MAC= systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of po= licy and mechanism have made it such that even if two systems use the same = MAC model they may each possess completely different policies. Because of t= his the idea of a Domain of Interpretation(DOI) has become more important. = Conceptually a DOI is a collection of systems where a label has a consistan= t semantic meaning across all of those systems. Traditionally MLS labels we= re represented as integers and bit fields so a DOI in this context defined = what bits corresponded to which categories and what levels were present. In= more recent systems labels are more directly represented as strings. For e= xample in a DTE system a label may be httpd_content_t and two systems may p= ossess this label but the semantics of it may be different.

=  

= Discussion Topics:

=  

= Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4= ) there is a need for a consistent definition of a DOI. The CALIPSO documen= t has a good starting point for a definition but it is very MLS centric. In= addition to the two documents mentioned above there is also are also a cou= ple of documents floating around pertaining to labeled IPSec which also con= tain a definition of DOIs. Once these make there way to the working group t= here will be four documents which will have the concept of a DOI.

=  

= In this meeting I would like to see what changes need to be made to the CAL= IPSO DOI definition that makes it suitable to Labeled NFS and potentially L= abeled IPSec. Once we come up with this we can draw up an initial draft of = a document outlining DOIs which these documents could use as a normative re= ference. In addition to this I would also like to see a discussion on the a= dministration and management of the DOI space.If people with experience han= dling DOIs are present  it would be useful to hear some i= ssues that have been encountered in traditional systems.

=  

= Dave Quigley


------=_Part_48374_6429256.1226944496949-- --===============0811536108== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag --===============0811536108==-- From saag-bounces@ietf.org Mon Nov 17 16:53:09 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D55EC28C15B; Mon, 17 Nov 2008 16:53:09 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 102DD3A6A93; Mon, 17 Nov 2008 16:53:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.446 X-Spam-Level: X-Spam-Status: No, score=-5.446 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HN0nBZCI9xSI; Mon, 17 Nov 2008 16:53:07 -0800 (PST) Received: from sca-es-mail-2.sun.com (sca-es-mail-2.Sun.COM [192.18.43.133]) by core3.amsl.com (Postfix) with ESMTP id 35E6B3A6A92; Mon, 17 Nov 2008 16:53:07 -0800 (PST) Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id mAI0gxAL012021; Mon, 17 Nov 2008 16:42:59 -0800 (PST) Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0KAI002017BF2V00@fe-sfbay-10.sun.com> (original mail from Jarrett.Lu@Sun.COM); Mon, 17 Nov 2008 16:42:59 -0800 (PST) Received: from [130.129.77.252] by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0KAI007Q07BMYXC0@fe-sfbay-10.sun.com>; Mon, 17 Nov 2008 16:42:59 -0800 (PST) Date: Mon, 17 Nov 2008 16:42:58 -0800 From: Jarrett Lu In-reply-to: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> To: David Quigley Message-id: <49220F92.4040905@sun.com> MIME-version: 1.0 References: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> User-Agent: Thunderbird 2.0.0.17 (X11/20081023) Cc: 73attendees@ietf.org, saag@ietf.org Subject: Re: [saag] [73attendees] Security Label BOF Location and Time X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org David Quigley wrote: > > Background: > > > > Originally the term Security Label consisted of MLS and Integrity > labels as they were used in the orange book. Since then there have > been other forms of mandatory access control(MAC) and some MAC systems > such as SELinux which implement several of the forms within the same > system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional > MAC systems the policy is very rigid with the model being built into > the operating system. In more recent MAC systems (SELinux, Trusted > BSD, Solaris FMAC) the idea of flexibility of policy and mechanism > have made it such that even if two systems use the same MAC model they > may each possess completely different policies. Because of this the > idea of a Domain of Interpretation(DOI) has become more important. > Conceptually a DOI is a collection of systems where a label has a > consistant semantic meaning across all of those systems. Traditionally > MLS labels were represented as integers and bit fields so a DOI in > this context defined what bits corresponded to which categories and > what levels were present. In more recent systems labels are more > directly represented as strings. For example in a DTE system a label > may be httpd_content_t and two systems may possess this label but the > semantics of it may be different. > This is a significant departure from the DOI definition that I understood. As you mentioned above, using same DOI implies all systems agree to same label interpretation and hence enforce same label policies. I don't quite understand the rationale in wanting to change that definition to accommodate DTE MAC systems. Labels can be represented by strings or bitmaps (e.g. CIPSO). What's important is that systems interpret the labels the same way, and a DOI value is used to ensure that. If a label has different meanings on different systems, what do you need a DOI for? Just to be able interpret a well formed label? I'd think the ability to interpret a label is implicit. If one doesn't recognize a label based on label definition, the packet should be dropped. We can discuss this some more. This post is for people who are interested in the topic but can't attend the BOF. Jarrett _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Mon Nov 17 16:55:29 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 61F283A6AA3; Mon, 17 Nov 2008 16:55:29 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6C6128C15B for ; Mon, 17 Nov 2008 16:55:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.298 X-Spam-Level: X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cl0xVH1vdPqp for ; Mon, 17 Nov 2008 16:55:28 -0800 (PST) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.175]) by core3.amsl.com (Postfix) with ESMTP id E02B13A6A9C for ; Mon, 17 Nov 2008 16:55:27 -0800 (PST) Received: by wf-out-1314.google.com with SMTP id 27so3009236wfd.31 for ; Mon, 17 Nov 2008 16:55:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=cLTA603te3Tn82jcDGA4PhVl8ACzfL9WDvkd94O4cYE=; b=Jgi7uJX8I5A2qB6QrAXDzDkWZlAAiyVrjGLQewAzEdonha6BymS6aN7fwaIEPByH1X zichO7Ec/TVqie0vWDQyL2+wVHxyUt7UbtKQ2/eiuH+N49micXRyC/x3YuB4t+YgrptW dFDUwDaQNhlIw8Crbsr6vRtKxlgXiG49WL3F4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=jTtO6VG8GvrSMEZPsfMSicHBMgsvFnDddoyUptmkjD538sjYajY0KTGZLMfEBO+hIH YbzRcZyUPwJqzkIqSOeAwvIc3N/DD44Bd6BosH7k88cRwdUYMF8lI55a5Jt/a5YrWKSc hsonH1BzkndJJIZm9euEQNATNb0o+NJ2Vu6rk= Received: by 10.142.161.13 with SMTP id j13mr57551wfe.123.1226969727503; Mon, 17 Nov 2008 16:55:27 -0800 (PST) Received: by 10.142.173.16 with HTTP; Mon, 17 Nov 2008 16:55:27 -0800 (PST) Message-ID: <678210550811171655m306aae7dke45c1a5536590deb@mail.gmail.com> Date: Mon, 17 Nov 2008 18:55:27 -0600 From: "David Quigley" To: "Jarrett Lu" In-Reply-To: <49220F92.4040905@sun.com> MIME-Version: 1.0 References: <678210550811170912i67701d84o7751c4effec67a51@mail.gmail.com> <49220F92.4040905@sun.com> Cc: 73attendees@ietf.org, saag@ietf.org Subject: Re: [saag] [73attendees] Security Label BOF Location and Time X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1855941150==" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org --===============1855941150== Content-Type: multipart/alternative; boundary="----=_Part_55049_16851609.1226969727485" ------=_Part_55049_16851609.1226969727485 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Mon, Nov 17, 2008 at 6:42 PM, Jarrett Lu wrote: > David Quigley wrote: > >> >> Background: >> >> >> Originally the term Security Label consisted of MLS and Integrity labels >> as they were used in the orange book. Since then there have been other forms >> of mandatory access control(MAC) and some MAC systems such as SELinux which >> implement several of the forms within the same system(Domain Type >> Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is >> very rigid with the model being built into the operating system. In more >> recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of >> flexibility of policy and mechanism have made it such that even if two >> systems use the same MAC model they may each possess completely different >> policies. Because of this the idea of a Domain of Interpretation(DOI) has >> become more important. Conceptually a DOI is a collection of systems where a >> label has a consistant semantic meaning across all of those systems. >> Traditionally MLS labels were represented as integers and bit fields so a >> DOI in this context defined what bits corresponded to which categories and >> what levels were present. In more recent systems labels are more directly >> represented as strings. For example in a DTE system a label may be >> httpd_content_t and two systems may possess this label but the semantics of >> it may be different. >> >> > This is a significant departure from the DOI definition that I > understood. As you mentioned above, using same DOI implies > all systems agree to same label interpretation and hence enforce > same label policies. I don't quite understand the rationale in > wanting to change that definition to accommodate DTE MAC > systems. Labels can be represented by strings or bitmaps (e.g. > CIPSO). What's important is that systems interpret the labels > the same way, and a DOI value is used to ensure that. If a label > has different meanings on different systems, what do you need a > DOI for? Just to be able interpret a well formed label? I'd think the > ability to interpret a label is implicit. If one doesn't recognize a > label based on label definition, the packet should be dropped. > > We can discuss this some more. This post is for people who are > interested in the topic but can't attend the BOF. > > > Jarrett > I didn't mean to imply that there was any accomodation of DTE in there. Your definition is correct and seems to be an isomorph of what I said. There shouldn't be anything in there that implies a particular mechanism for labels I was just giving some examples of the way they are currently done for those who don't know anything about the topic. If a label has two different meanings on two different system it is even more important to know what DOI it is in so you don't confuse the foreign form of that label for the local one. Sam is going to be at the meeting and said he will be taking notes so there should be a record posted after the meeting about what was discussed. Dave ------=_Part_55049_16851609.1226969727485 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

On Mon, Nov 17, 2008 at 6:42 PM, Jarrett Lu <Jarrett.Lu@sun.com<= /a>> wrote:
David Quigley wrote:

Background:

 Originally the term Security Label consisted of MLS and Integrity labels a= s they were used in the orange book. Since then there have been other forms= of mandatory access control(MAC) and some MAC systems such as SELinux whic= h implement several of the forms within the same system(Domain Type Enforce= ment (DTE), RBAC and MLS). In traditional MAC systems the policy is very ri= gid with the model being built into the operating system. In more recent MA= C systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of p= olicy and mechanism have made it such that even if two systems use the same= MAC model they may each possess completely different policies. Because of = this the idea of a Domain of Interpretation(DOI) has become more important.= Conceptually a DOI is a collection of systems where a label has a consista= nt semantic meaning across all of those systems. Traditionally MLS labels w= ere represented as integers and bit fields so a DOI in this context defined= what bits corresponded to which categories and what levels were present. I= n more recent systems labels are more directly represented as strings. For = example in a DTE system a label may be httpd_content_t and two systems may = possess this label but the semantics of it may be different.


This is a significant departure from the DOI def= inition that I
understood. As you mentioned above, using same DOI implie= s
all systems agree to same label interpretation and hence enforce
same label policies. I don't quite understand the rationale in
wanti= ng to change that definition to accommodate DTE MAC
systems. Labels can = be represented by strings or bitmaps (e.g.
CIPSO). What's important = is that systems interpret the labels
the same way, and a DOI value is used to ensure that. If a label
has dif= ferent meanings on different systems, what do you need a
DOI for? Just t= o be able interpret a well formed label? I'd think the
ability to in= terpret a label is implicit. If one doesn't recognize a
label based on label definition, the packet should be dropped.

We ca= n discuss this some more. This post is for people who are
interested in = the topic but can't attend the BOF.


Jarrett
 
 
I didn't mean to imply that there was any accomodation of DTE in t= here. Your definition is correct and seems to be an isomorph of what I said= . There shouldn't be anything in there that implies a particular mechan= ism for labels I was just giving some examples of the way they are currentl= y done for those who don't know anything about the topic. If a label ha= s two different meanings on two different system it is even more important = to know what DOI it is in so you don't confuse the foreign form of that= label for the local one. Sam is going to be at the meeting and said he wil= l be taking notes so there should be a record posted after the meeting abou= t what was discussed.
 
Dave
------=_Part_55049_16851609.1226969727485-- --===============1855941150== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag --===============1855941150==-- From saag-bounces@ietf.org Wed Nov 19 08:57:17 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 32D3A28C152; Wed, 19 Nov 2008 08:57:17 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1218E28C156 for ; Wed, 19 Nov 2008 08:57:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_21=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpEAeW15F4lq for ; Wed, 19 Nov 2008 08:57:14 -0800 (PST) Received: from bacon.cs.umd.edu (server-nat-4.cs.umd.edu [128.8.127.147]) by core3.amsl.com (Postfix) with ESMTP id 0E69828C151 for ; Wed, 19 Nov 2008 08:57:13 -0800 (PST) X-CSD-MailScanner-Watermark: 1227718626.38791@Q8CY16lL/FtGaAmLrXgB0w Received: from [130.129.27.183] ([130.129.27.183]) (authenticated bits=0) by bacon.cs.umd.edu (8.13.1/8.14.1) with ESMTP id mAJGv5DM007551 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 19 Nov 2008 11:57:05 -0500 Message-ID: <49244561.7060308@ltsnet.net> Date: Wed, 19 Nov 2008 11:57:05 -0500 From: Charles Clancy User-Agent: Thunderbird 2.0.0.17 (X11/20080925) MIME-Version: 1.0 To: saag@ietf.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (bacon.cs.umd.edu [172.24.3.34]); Wed, 19 Nov 2008 11:57:06 -0500 (EST) X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information X-MailScanner-ID: mAJGv5DM007551 X-CSD-MailScanner: Found to be clean X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-50, required 5, autolearn=not spam, ALL_TRUSTED -50.00) X-CSD-MailScanner-From: clancy@ltsnet.net Subject: [saag] HOKEY Meeting Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org SAAG, HOKEY met on Wednesday morning at 0900. Since the last IETF meeting, the ERX and EMKSK Key Hierarchy documents have been published as RFCs, and work has progressed on consolidating the Key Management documents, which now represents the WG consensus. At the meeting, we discussed advancing the Preauth Problem Statement document to the IETF (which will be occurring in short order), and continued edits of the Key Management document (cleaning up and simplifying terminology and text). Between now and the next IETF meeting, the group plans to complete the Key Management document and discuss possible topics for rechartering. -- t. charles clancy, ph.d. eng.umd.edu/~tcc electrical & computer engineering, university of maryland _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Wed Nov 19 14:34:43 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B9D13A6AED; Wed, 19 Nov 2008 14:34:43 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A337B3A6AED for ; Wed, 19 Nov 2008 14:34:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFv58QIJLczY for ; Wed, 19 Nov 2008 14:34:40 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 785083A6A84 for ; Wed, 19 Nov 2008 14:34:40 -0800 (PST) Received: from [130.129.94.237] ([130.129.78.184]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAJMYZC2061258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 19 Nov 2008 15:34:37 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Wed, 19 Nov 2008 16:34:33 -0600 To: saag@ietf.org From: Paul Hoffman Subject: [saag] ipsecme WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The ipsecme WG met for its full 2.5 hours Tuesday morning, 2008-11-18. The first draft or our probably-to-be-renamed roadmap document will be out soon, listing all the RFCs of interest to IPsec. The session resumption protocol was presented, and there was a good discussion about ticket size and content, as well as whether this should be done using a new exchange or as optional payloads in the current structure. The IPv6 configuration document was presented, and there are questions about whether this document should cover just remote access configuration or also all of IPv6, given that there are some problems with IPv6 coverage in the IKEv2bis document; NATs reared their ugly heads again as well. The ESP NULL traffic visibility document generated a fair amount of discussion, again, on whether it is needed and whether a wrapper is the right way to do this. The redirect document got very little comment, and may be the first to escape the WG. There was a detailed presentation on! RoHC and IPsec because the relevant documents are in WG last call in that WG. The IKEv2bis open issue list was attacked, and there was in-room agreement on the nine issues we dealt with before we ran out of time. --Paul Hoffman, Director --VPN Consortium _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Wed Nov 19 16:43:16 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 203193A6BD6; Wed, 19 Nov 2008 16:43:16 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4BF9C3A6B8B; Wed, 19 Nov 2008 16:43:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g071Qhz402vD; Wed, 19 Nov 2008 16:43:13 -0800 (PST) Received: from vms173003pub.verizon.net (vms173003pub.verizon.net [206.46.173.3]) by core3.amsl.com (Postfix) with ESMTP id 887963A6782; Wed, 19 Nov 2008 16:43:13 -0800 (PST) Received: from [130.129.31.126] by vms173003.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KAL00I12WNUEWA9@vms173003.mailsrvcs.net>; Wed, 19 Nov 2008 18:43:07 -0600 (CST) Date: Wed, 19 Nov 2008 18:44:14 -0600 From: Tim Polk To: saag@ietf.org, cfrg@ietf.org Message-id: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> MIME-version: 1.0 (Apple Message framework v753.1) X-Mailer: Apple Mail (2.753.1) Subject: [saag] NIST requests public comments on revision of FIPS 186-3 (DSS) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Folks, I though that SAAG and CFRG members might be interested in the following announcement: > As stated in the November 12, 2008 Federal Register Notice, NIST > requests final comments on draft FIPS 186-3, the proposed revision > of FIPS 186-2, the Digital Signature Standard. The draft defines > methods for digital signature generation that can be used for the > protection of messages, and for the verification and validation of > those digital signatures using DSA, RSA and ECDSA. Please submit > comments to ebarker@nist.gov with "Comments on Draft 186-3" in the > subject line. The comment period closes on December 19, 2008. > Most significantly, this document (if approved) will provide a standard reference for the Digital Signature Algorithm (DSA) with larger key sizes. FIPS 186-2 limited DSA keys to 1024 bits. The Federal Register Notice is available at http://csrc.nist.gov/fedreg/ FRN_Nov12-2008_Vol73No219_FIPS186-3.pdf and the draft FIPS is available at http://csrc.nist.gov/publications/drafts/fips_186-3/ Draft_FIPS-186-3%20_November2008.pdf Any comments would be appreciated. Note the deadline of December 19, 2008. NIST hopes to resolve all public comments expeditiously, so this should be considered a hard deadline. Thanks, Tim Polk _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Wed Nov 19 16:55:00 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 937773A6BE2; Wed, 19 Nov 2008 16:55:00 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F99A3A6BD4; Wed, 19 Nov 2008 16:54:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hUovL9RQuso; Wed, 19 Nov 2008 16:54:58 -0800 (PST) Received: from vms042pub.verizon.net (vms042pub.verizon.net [206.46.252.42]) by core3.amsl.com (Postfix) with ESMTP id D42EF3A6AD1; Wed, 19 Nov 2008 16:54:58 -0800 (PST) Received: from [130.129.31.126] by vms042.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KAL00L2FX78SDN6@vms042.mailsrvcs.net>; Wed, 19 Nov 2008 18:54:45 -0600 (CST) Date: Wed, 19 Nov 2008 18:55:52 -0600 From: Tim Polk In-reply-to: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> To: saag@ietf.org, cfrg@ietf.org Message-id: <4EA8DEF3-DC7F-40FF-B7ED-AFBD22543316@nist.gov> MIME-version: 1.0 (Apple Message framework v753.1) X-Mailer: Apple Mail (2.753.1) References: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> Subject: [saag] Correction Re: NIST requests public comments on revision of FIPS 186-3 (DSS) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Folks, I just realized the website I was quoting from was *wrong*. The deadline for comments specified in the Federal Register Notice is December 12, 2008 rather than the 19th. That is the normative reference, and it is still a hard deadline. I have emailed the NIST webmaster to get things fixed ASAP. My apologies for any confusion. My apologies. Thanks, Tim Polk On Nov 19, 2008, at 6:44 PM, Tim Polk wrote: > Folks, > > I though that SAAG and CFRG members might be interested in the > following announcement: > >> As stated in the November 12, 2008 Federal Register Notice, NIST >> requests final comments on draft FIPS 186-3, the proposed revision >> of FIPS 186-2, the Digital Signature Standard. The draft defines >> methods for digital signature generation that can be used for the >> protection of messages, and for the verification and validation of >> those digital signatures using DSA, RSA and ECDSA. Please submit >> comments to ebarker@nist.gov with "Comments on Draft 186-3" in the >> subject line. The comment period closes on December 19, 2008. >> > > Most significantly, this document (if approved) will provide a > standard reference for the Digital Signature Algorithm (DSA) with > larger key sizes. FIPS 186-2 limited DSA keys to 1024 bits. > > The Federal Register Notice is available at > > http://csrc.nist.gov/fedreg/ > FRN_Nov12-2008_Vol73No219_FIPS186-3.pdf > > and the draft FIPS is available at > > http://csrc.nist.gov/publications/drafts/fips_186-3/ > Draft_FIPS-186-3%20_November2008.pdf > > Any comments would be appreciated. Note the deadline of December > 19, 2008. NIST hopes to resolve all public comments expeditiously, > so this should be considered a hard deadline. > > Thanks, > > Tim Polk > > > > > _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Wed Nov 19 20:50:26 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A3F4A3A6877; Wed, 19 Nov 2008 20:50:26 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B6823A6358 for ; Wed, 19 Nov 2008 20:50:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.3 X-Spam-Level: X-Spam-Status: No, score=-5.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ylv6gHNmjo8 for ; Wed, 19 Nov 2008 20:50:24 -0800 (PST) Received: from exprod7og108.obsmtp.com (exprod7og108.obsmtp.com [64.18.2.169]) by core3.amsl.com (Postfix) with ESMTP id 483D23A6877 for ; Wed, 19 Nov 2008 20:50:24 -0800 (PST) Received: from source ([66.129.228.6]) by exprod7ob108.postini.com ([64.18.6.12]) with SMTP ID DSNKSSTsjky3nyLbRvZGLK+4HiOKFxYKXm8F@postini.com; Wed, 19 Nov 2008 20:50:23 PST Received: from p-emlb02-sac.jnpr.net ([66.129.254.47]) by p-emsmtp02.jnpr.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 19 Nov 2008 20:48:14 -0800 Received: from antipi.jnpr.net ([10.10.2.34]) by p-emlb02-sac.jnpr.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 19 Nov 2008 20:48:14 -0800 Received: from proton.jnpr.net ([10.10.2.37]) by antipi.jnpr.net with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Nov 2008 23:48:13 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 19 Nov 2008 23:48:10 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: nea WG report Thread-Index: AclKqvucZ5NE3eo2R62/61kCA+KGBgAH8kow From: "Stephen Hanna" To: X-OriginalArrivalTime: 20 Nov 2008 04:48:13.0609 (UTC) FILETIME=[32191190:01C94ACB] Subject: [saag] nea WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The nea WG met for 2 hours on Wednesday afternoon, 2008-11-19. We reviewed the changes made in the -02 versions of PA-TNC and PB-TNC. Then we moved on to a discussion of the last open issues left on these specs. We reviewed a list of posture attributes found in a recent survey of NAC products. Most are covered by the attributes already in PA-TNC. Others will be considered on the mailing list. A problem with the PB-TNC state machine was pointed out and a solution presented. Assertion attributes have not been specified yet. Since the PA-TNC and PB-TNC specs are otherwise almost ready for WGLC, they may be moved to a separate draft. We talked about IANA Considerations for our current drafts. There was consensus in the room to move to Specification Required with Expert Review. Finally, we looked at moving our milestones back by four months to reflect the current status of our documents. We hope to send the docs for WGLC in January 2009 and IETF LC in April 2009. We may then turn our attention to Assertion Attributes and PT, the NEA transport protocol. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 06:08:55 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40B4128C1D2; Thu, 20 Nov 2008 06:08:55 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFE353A6B94; Thu, 20 Nov 2008 06:08:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PT1Dz4669Lys; Thu, 20 Nov 2008 06:08:53 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id F242F3A680A; Thu, 20 Nov 2008 06:08:52 -0800 (PST) Received: from [130.129.94.237] ([130.129.78.184]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAKE8gFj012209 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Nov 2008 07:08:46 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> References: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> Date: Thu, 20 Nov 2008 08:08:41 -0600 To: Tim Polk , saag@ietf.org, cfrg@ietf.org From: Paul Hoffman Subject: Re: [saag] NIST requests public comments on revision of FIPS 186-3 (DSS) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org At 6:44 PM -0600 11/19/08, Tim Polk wrote: >Most significantly, this document (if approved) will provide a standard reference for the Digital Signature Algorithm (DSA) with larger key sizes. FIPS 186-2 limited DSA keys to 1024 bits. Some might disagree with "most significantly". In addition to what you said, Draft FIPS 186-3 also has added two new formats for RSA signatures. Those should probably be reviewed more heavily in our community than the obvious change above. --Paul Hoffman, Director --VPN Consortium _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 07:15:11 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B9973A67FA; Thu, 20 Nov 2008 07:15:11 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9674D3A67FA for ; Thu, 20 Nov 2008 07:15:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.073 X-Spam-Level: X-Spam-Status: No, score=-2.073 tagged_above=-999 required=5 tests=[AWL=0.526, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YghiTlZTL0e6 for ; Thu, 20 Nov 2008 07:15:09 -0800 (PST) Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id BE9043A67DB for ; Thu, 20 Nov 2008 07:15:09 -0800 (PST) Received: from Thor.local (unknown [130.129.94.142]) by liberty.deployingradius.com (Postfix) with ESMTPSA id 08BC712342D9 for ; Thu, 20 Nov 2008 16:15:07 +0100 (CET) Message-ID: <49257EFA.6030304@deployingradius.com> Date: Thu, 20 Nov 2008 09:15:06 -0600 From: Alan DeKok User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914) MIME-Version: 1.0 To: saag@ietf.org X-Enigmail-Version: 0.95.7 Subject: [saag] EMU WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The EMU WG met for 2 hours on Monday morning. We discussed the EAP-GPSK draft. It has a few comments and open issues that will be addressed before IESG review finishes. There was a fair bit of discussion around the tunnel method requirements draft. There may be fewer requirements on emergency services, as current experience in Germany appears to indicate that the services are abused, and may be simply disabled. Other issues were discussed, and we will ask the WG for consensus on a few issues. We will also CC NEA on the WG last call so that they can provide comments. We had a presentation on EAP channel bindings. After some review, the opinion of the room was that the document should be accepted as a WG work item. We have opened a call for consensus on the list to confirm the room consensus. We had a long discussion on RFC 4282 and internationalization. Existing implementations do not follow the directions of RFC 4282, some of which might be wrong. There were major concerns expressed about re-doing i18n issues. This work will likely not be an EMU work item, but it may affect the WG. Alan DeKok. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 08:32:56 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC9FA3A6806; Thu, 20 Nov 2008 08:32:56 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 624663A6806 for ; Thu, 20 Nov 2008 08:32:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGwhOv8qA03Z for ; Thu, 20 Nov 2008 08:32:54 -0800 (PST) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by core3.amsl.com (Postfix) with ESMTP id AAF8B3A67B5 for ; Thu, 20 Nov 2008 08:32:54 -0800 (PST) Received: by rv-out-0506.google.com with SMTP id b25so515460rvf.49 for ; Thu, 20 Nov 2008 08:32:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:user-agent :mime-version:to:subject:content-type:content-transfer-encoding:from; bh=1JRuGbp3HBnOUKg3NqIN3zBOhfKdV1vNtbtEjWje/oo=; b=ZvI1pU0fIhUXrvLZnTq/oZlna3di6H1zmEAY/SRmiFLWnORiUfx+hvYB/Iia+kcViw zupi3SaVvliVZ3H/r62ugSXHi1xH3MoCF55qUb1wixKCFR52YAfmCbuuYiJ3BhwH063t JgjNlHrlOJxARD/tjp5XIghRwa/REiSx3mjcA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:user-agent:mime-version:to:subject:content-type :content-transfer-encoding:from; b=eklPQSrbVPndisOE1k2U+O8vlpyvCkmBqTe0kFXVBdAgapQe1nXaylZ7aOPUFFumnS PPy5t+6alKJr0LuASW24r4nhkH/bprIvlUupxg9/jxMSvX9MzNyvk7sldKx0E0jPU3N9 zAstwi0t4IHfy6RTUr0tYW7NJ04xeLNv5EmDk= Received: by 10.141.37.8 with SMTP id p8mr1312256rvj.227.1227198773601; Thu, 20 Nov 2008 08:32:53 -0800 (PST) Received: from ?130.129.29.123? ([130.129.29.123]) by mx.google.com with ESMTPS id k2sm2572325rvb.1.2008.11.20.08.32.52 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 20 Nov 2008 08:32:53 -0800 (PST) Message-ID: <49259141.9040808@googlemail.com> Date: Thu, 20 Nov 2008 17:33:05 +0100 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: saag@ietf.org From: Julien Laganier Subject: [saag] BTNS report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The BTNS WG did not meet this IETF. Here's however some status update I think is worth to mention: - Two RFCs were published: o RFC 5386: Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec o RFC 5387: Problem and Applicability Statement for Better Than Nothing Security (BTNS) - The "IPsec Channels: Connection Latching" I-D has been submitted to IESG for publication as proposed standard. - No progress were made on API documents. --julien _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 11:08:14 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3300B3A6A3B; Thu, 20 Nov 2008 11:08:14 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E18343A6A3B for ; Thu, 20 Nov 2008 11:08:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMITFj2deHGm for ; Thu, 20 Nov 2008 11:08:12 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 013B03A69DC for ; Thu, 20 Nov 2008 11:08:11 -0800 (PST) X-IronPort-AV: E=Sophos;i="4.33,639,1220227200"; d="scan'208";a="117595630" Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 20 Nov 2008 19:08:11 +0000 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id mAKJ8AjX030048 for ; Thu, 20 Nov 2008 11:08:11 -0800 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id mAKJ8AXW012357 for ; Thu, 20 Nov 2008 19:08:10 GMT Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 20 Nov 2008 11:08:10 -0800 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 20 Nov 2008 11:07:48 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: IETF 73 TLS working group summary Thread-Index: AclLQ0c/TzSy9iQUR8m3dOsg92GQAA== From: "Joseph Salowey (jsalowey)" To: X-OriginalArrivalTime: 20 Nov 2008 19:08:10.0696 (UTC) FILETIME=[545BBC80:01C94B43] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=542; t=1227208091; x=1228072091; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20 |Subject:=20IETF=2073=20TLS=20working=20group=20summary |Sender:=20; bh=3ZyQkGK4etRGoHsLF/WnVPC4dGlygJiUhnikj1kf5Kc=; b=fIzr0TCVRTSUe0U4HUD5eExkk2l7+GPZi2bMHjBLDc/TZqeaUhdUH6mtJv kCTwya2qE6D3A4lvstLKFQuDd/v3g8TzptfZ3SG1MNos1+1p3qDhIziivT3Z hZqUmjqBht; Authentication-Results: sj-dkim-2; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; ); Subject: [saag] IETF 73 TLS working group summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org TLS met on Thursday morning. We have several cipher suite related drafts that are making their way through the IESG. We made progress on resolving open issues with TLS Extensions and a new draft will be published soon. TLS extractor is in working group last call and will be renamed to avoid conflict with existing terminology in the cryptographic community. We are continuing work on DTLS 1.2. If people implementing DTLS in various protocols run into issues that need clarifications please let the TLS list or chairs know. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 11:23:14 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0128E3A6898; Thu, 20 Nov 2008 11:23:14 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62D313A6867 for ; Thu, 20 Nov 2008 07:13:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.046 X-Spam-Level: X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1UtvkJ4LeHY for ; Thu, 20 Nov 2008 07:13:25 -0800 (PST) Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 7C91F3A67DB for ; Thu, 20 Nov 2008 07:13:25 -0800 (PST) Received: from fe-amer-09.sun.com ([192.18.109.79]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id mAKFDNDt024494 for ; Thu, 20 Nov 2008 15:13:24 GMT Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0KAN006010TMRA00@mail-amer.sun.com> (original mail from Shawn.Emery@Sun.COM) for saag@ietf.org; Thu, 20 Nov 2008 08:13:23 -0700 (MST) Received: from shawn-emerys-computer.local ([129.150.32.40]) by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0KAN00CJX0Y7LXD0@mail-amer.sun.com> for saag@ietf.org; Thu, 20 Nov 2008 08:13:20 -0700 (MST) Date: Thu, 20 Nov 2008 08:09:04 -0700 From: "Shawn M. Emery" To: saag@ietf.org Message-id: <49257D90.6090302@sun.com> MIME-version: 1.0 User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914) X-Mailman-Approved-At: Thu, 20 Nov 2008 11:23:13 -0800 Subject: [saag] IETF 73 Kitten Working Group Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The kitten-wg met Tuesday, 11/18/08, during afternoon session three. Co-chairs: Alexey Melnikov and Shawn Emery The goals of the meeting were to go over the active working items, two individual submissions, and Milestones. gssapi-extensions-iana ---------------------------- Needs cleanup of idnits before PROTO-writeup. gssapi-channel-bindings ------------------------------ ASN.1 nit sent to AD. GenART-comment to clarify document and dicusss history, will be addressed. extended-mech-inquiry ----------------------------- WGLC expires first week December. Comment by Love; memory management concern with respect to buffer and oid sets. Co-Chairs will follow-up issue with Nico. gassapi-naming-exts ------------------------- Editor will post questions to the mailing list: Should we keep the mapping flag? Is there a need for a negative attribute? How we should register OIDs? gssapi-store-cred --------------------- Will start WGLC in the first week in December after idnits are taken care of. rfc2853bis ------------- Member brought up WGLC comment that was determined out of scope of JGSS, but should be handled by JAAS. No IETF standard for JASS, ergo Sun will be contacted. No blocking comments and will start PROTO-writeup for this now. draft-lha-gssapi-delegate-policy --------------------------------------- Love Astrand created an individual submission that defines a new flag to honor delegation policy (ok-as-delegate in krb svc tickets) for init/accept context. Will submit for WGLC, PROTO-writeup, and for AD to take as an individual submission. draft-zhu-negoex --------------------- Larry Zhu gave an update on his individual submission on Extended GSS-API Negotiation Mechanism (NEGOEX). There were issues brought up during the WG session involing the encoding of the protocol C-structure (little endian) vs ASN.1, XDR. The more debated issue was the MIC derived from RFC3961 cksum, which is mech specific. Issues will be addressed on the list. draft-johansson-http-gss ------------------------------ Leif Johansson presented updates to his draft and was looking for feed-back from the WG. Charter/Milestones ----------------------- No need to recharter as Love's draft will remain an individual submission. New milestones: WGLC gssapi-store-cred 12/08 (Orig 12/07) WGLC gssapi-naming-exts 02/09 (Orig 11/07) Shawn and Alexey. -- _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 12:21:28 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F0513A68F7; Thu, 20 Nov 2008 12:21:28 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 111E63A68F7 for ; Thu, 20 Nov 2008 12:21:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.266 X-Spam-Level: X-Spam-Status: No, score=-3.266 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4tKKnwccM+P for ; Thu, 20 Nov 2008 12:21:26 -0800 (PST) Received: from smtp106.biz.mail.mud.yahoo.com (smtp106.biz.mail.mud.yahoo.com [68.142.200.254]) by core3.amsl.com (Postfix) with SMTP id 2CBF53A685E for ; Thu, 20 Nov 2008 12:21:26 -0800 (PST) Received: (qmail 53390 invoked from network); 20 Nov 2008 20:21:25 -0000 Received: from unknown (HELO Wylie) (turners@130.129.29.26 with login) by smtp106.biz.mail.mud.yahoo.com with SMTP; 20 Nov 2008 20:21:24 -0000 X-YMail-OSG: Tz1z1EEVM1ntg08O1REKkxXVSSFfRnvbQSUiIfaJ0R_.YJYG73VJj8WyyPAr0H5HNQLI8qwUDLkq_AICuJ8xCeeW0FQSZ8QkXbdJhr_CtLWYok3BvoP6Gy1MHUCeVWtlnfdZSRVXIKEYoUzI3nJtxgz9zpO56XABGqIlRFgf X-Yahoo-Newman-Property: ymail-3 From: "Turner, Sean P." To: Date: Thu, 20 Nov 2008 14:21:00 -0600 Organization: IECA, Inc. Message-ID: <9BFE44D0418F4AAC867FCC0EA788AF77@Wylie> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 thread-index: AclLTYDHhsZq23inRyikO5V9XCkIJw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Subject: [saag] SMIME WG summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The SMIME WG did not meeting at IETF 73. The SMIME WG has 9 IDs. Here is the status of those IDs: In RFC Editors Queue: - draft-ietf-smime-multisig: Pinned on draft-ietf-smime-3850bis & draft-ietf-smime-3850bis IDs. - draft-ietf-smime-ibearch: In EDIT state. - draft-ietf-smime-bfibecms: In EDIT state. With AD (status: Passed IETF LC) - draft-ietf-smime-3850bis: Awaiting GEN-ART comments - draft-ietf-smime-3851bis: Addressed IETF LC comments. Will publish when GEN-ART comments on draft-ietf-smime-3850bis are addressed. With AD (status: In 2nd IETF LC): - draft-ietf-smime-sha2: No comments so far. With AD (status: Awaiting new ID from authors): - draft-ietf-smime-rfc3278-update: Addressing WG LC comments. New version published shortly after meeting. Expected to go to WG LC. - draft-ietf-smime-cms-rsa-kem: A new version was posted, but another is needed to address Steve Kent's SECDIR comments. With WG - draft-ietf-smime-new-asn1: This ID updates many/most of the ASN.1 modules in the S/MIME WG to the '02 ASN.1. The authors want reviewers. It is expected that the ID will be ready for WG LC in December '08. spt _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 12:34:34 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA2FA3A69D8; Thu, 20 Nov 2008 12:34:34 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B350F3A6939 for ; Thu, 20 Nov 2008 12:34:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.599 X-Spam-Level: X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxc2FZsK+wHk for ; Thu, 20 Nov 2008 12:34:31 -0800 (PST) Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by core3.amsl.com (Postfix) with ESMTP id 317633A677D for ; Thu, 20 Nov 2008 12:34:31 -0800 (PST) Received: from [130.129.77.217] ([130.129.95.187]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id mAKKYQwn019436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Nov 2008 15:34:27 -0500 (EST) Date: Thu, 20 Nov 2008 14:34:26 -0600 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov, saag@ietf.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Subject: [saag] Kerberos WG IETF73 meeting summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org S2VyYmVyb3MgV29ya2luZyBHcm91cCAtIElFVEYgNzMgbWVldGluZyBzdW1tYXJ5CgoKREVDSVNJ T05TICh0byBiZSB2YWxpZGF0ZWQpOgotIGFub255bW91cyBkb2VzIF9ub3RfIG5lZWQgdG8gc3Bl Y2lmeSBhIHN0YW5kYXJkIGludGVyZmFjZSBmb3IgR1NTLUFQSQogIGluaXRpYXRvcnMgdG8gcmVx dWVzdCB0aGUgdXNlIG9mIHBhcnRpYWxseS1hbm9ueW1vdXMgY3JlZGVudGlhbHMuCi0gTG92ZSdz IHRpY2tldCBleHRlbnNpb25zIGRvY3VtZW50IHNob3VsZCBiZSBhZG9wdGVkCgoKQUNUSU9OIElU RU1TOgotIE5XIGZpbmlzaCBzZXQtcGFzc3dkIHVwZGF0ZXMKLSBKSCBzZW5kIHNldC1wYXNzd2Qg dG8gSUVTRwotIExaIGZpbmlzaCByZXZpZXcvd3JpdGV1cCBvZiBHU1MtQVBJIGhhc2ggYWdpbGl0 eQotIEpIIGNvbnNlbnN1cyBjYWxsIG9uIHJlcXVlc3RpbmcgcGFydGlhbGx5LWFub255bW91cyBj cmVkcyBpbiBHU1MtQVBJCi0gTFogdXBkYXRlIGFub255bW91cyBiYXNlZCBvbiBjb25zZW5zdXMg Y2FsbAotIEpIIGNoZWNrIHN0YXR1cyBhbmQgc3RhcnQgV0dMQyBvbiBQa0lOSVQgaGFzaCBhZ2ls aXR5Ci0gSkggc3RhcnQgbmV3IFdHTEMgb24gYW5vbnltb3VzCi0gSkggc3RhcnQgV0dMQyBvbiBJ QUtFUkIKLSBKSC9MWiBjb25zZW5zdXMgY2FsbCBvbiBhZG9wdGluZyB0aWNrZXQgZXh0ZW5zaW9u cwotIEdSIGFkZHJlc3MgT1RQIGNvbW1lbnRzCi0gSkggcmV2aWV3IHN0YXJ0dGxzIHN0YXR1cwot IEpIL0xaIHN0YXJ0IGRpc2N1c3Npb24gb24gYWRvcHRpbmcgREhDUHY2IG9wdGlvbgotIEpIIGRl dGVybWluZSB3aGV0aGVyIHByZWF1dGggbmVlZHMgYSBuZXcgY28tYXV0aG9yCgoKU0VTU0lPTiBT VU1NQVJZOgoKKiBSZXZpZXdlZCB0aGUgc3RhdHVzIG9mIHNldmVyYWwgZG9jdW1lbnRzOgogIC0g RUNDIGZvciBQS0lOSVQgaGFzIGJlZW4gcHVibGlzaGVkIGFzIFJGQyA1MzQ5CiAgLSBDcm9zcy1S ZWFsbSBQcm9ibGVtIFN0YXRlbWVudCBoYXMgYmVlbiBnaXZlbiB0byB0aGUgQUQKICAtIFNldC1D aGFuZ2UgUGFzc3dvcmQgbmVlZHMgb25lIG1vcmUgcmV2aXNpb24gYmVmb3JlIGdvaW5nIHRvIHRo ZSBBRC4KICAtIEdTUy1BUEkgSGFzaCBBZ2lsaXR5IGFzIGNvbXBsZXRlZCBXR0xDIGFuZCBpcyBp biBQUk9UTyByZXZpZXcuCiAgLSBPVFAgaGFzIGZpbmlzaGVkIFBST1RPIHJldmlldyBhbmQgbmVl ZHMgZGlzY3Vzc2lvbiBhbmQgcmV2aXNpb24uCgoqIERpc2N1c3NlZCBsYXN0IGNhbGxzIG9uIHNl dmVyYWwgZG9jdW1lbnRzOgogIC0gRGF0YSBNb2RlbCBpcyBjdXJyZW50bHkgaW4gc2Vjb25kIFdH TEMsIHRvIGV4cGlyZSBvbiBEZWNlbWJlciA1LgogIC0gV2UgZGlzY3Vzc2VkIHRoZSBzaW5nbGUg cmVtYWluaW5nIGlzc3VlIG9uIEFub255bW91cywgcmVsYXRpbmcgdG8KICAgIHdoZXRoZXIgdG8g c3RhbmRhcmRpemUgYSBtZWFucyBmb3IgR1NTLUFQSSBpbml0aWF0b3JzIHRvIHJlcXVlc3QKICAg IHRoZSB1c2Ugb2YgInBhcnRpYWxseS1hbm9ueW1vdXMiIGNyZWRlbnRpYWxzLCB3aGljaCBuYW1l IHRoZSBjbGllbnQKICAgIHJlYWxtIGJ1dCBub3QgdGhlIGNsaWVudCBwcmluY2lwYWwgbmFtZS4g IFRoZSBzZW5zZSBvZiB0aGUgcm9vbSB3YXMKICAgIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2UgZGlk IG5vdCBuZWVkIHRvIGJlIHN0YW5kYXJkaXplZC4KICAtIFdlIGRpc2N1c3NlZCBzb21lIGlzc3Vl cyByYWlzZWQgYnkgTGFycnkgaW4gaGlzIHJldmlldyBvZiBPVFAuCgoqIERpc2N1c3NlZCB3aGV0 aGVyIHRvIGFkb3B0IExvdmUgSMO2cm5xdWlzdC3DhXN0cmFuZCdzIHRpY2tldCBleHRlbnNpb25z CiAgZG9jdW1lbnQuICBUaGUgc2Vuc2Ugb2YgdGhlIHJvb20gd2FzIHRvIGFkb3B0IHRoZSBkb2N1 bWVudC4KCiogRGlzY3Vzc2VkIG1pbGVzdG9uZXMgYW5kIHRoZSBzdGF0dXMgb2YgU1RBUlRUTFMK CiogU2hvaWNoaSBTYWthbmUgZ2F2ZSBhbiB1cGRhdGUgb24gaGlzIERIQ1B2NiBvcHRpb24gZG9j dW1lbnQuICBXZSB3aWxsCiAgY29uc2lkZXIgd2hldGhlciB0byB1cGRhdGUgb3VyIGNoYXJ0ZXIg YW5kIGFkb3B0IHRoaXMgZG9jdW1lbnQuCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXwpzYWFnIG1haWxpbmcgbGlzdApzYWFnQGlldGYub3JnCmh0dHBzOi8v d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2FhZwo= From saag-bounces@ietf.org Thu Nov 20 13:00:22 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FE5A3A6A38; Thu, 20 Nov 2008 13:00:22 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0FA2D3A6A38 for ; Thu, 20 Nov 2008 13:00:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XFwWnBa2Fd4k for ; Thu, 20 Nov 2008 13:00:20 -0800 (PST) Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by core3.amsl.com (Postfix) with ESMTP id 2678A3A6984 for ; Thu, 20 Nov 2008 13:00:20 -0800 (PST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id mAKL0Dqt009776; Thu, 20 Nov 2008 16:00:14 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id mAKL09bZ013579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 20 Nov 2008 16:00:12 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id mAKL09el006114; Thu, 20 Nov 2008 16:00:09 -0500 (EST) To: saag@ietf.org, ietf-sasl@imc.org From: Tom Yu Date: Thu, 20 Nov 2008 16:00:09 -0500 Message-ID: Lines: 44 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.42 Subject: [saag] IETF73 SASL WG summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Simple Authentication And Security Layer (SASL) IETF73, Minneapolis, MN Tuesday, November 18, 2008 at 1520-1720 ======================================= Chairs: Tom Yu Kurt Zeilenga ==================== Alexey Melnikov talks about SCRAM, describing resolved issues. Discussion about modified GS2 framing for easier (non-GSS) implementation of SCRAM. Sam Hartman previously gave three possible alternatives. Several opinions that option 3 is best; no objections. Suggestion to prepare examples of GS2+krb5 and GS2+SCRAM to help readers understand the encoding. Kurt has submitted an I-D (this morning!) proposing moving CRAM-MD5 to Historic status, and updating its IANA registry entry to "OBSOLETE". The intent is to abandon current WG document draft-ietf-sasl-crammd5. Strong opinions that Kurt's document be held from publication until SCRAM is published; no objections. General agreement that the IANA registry entry for "usage" should remain "LIMITED" and contain references to both 2195 and Kurt's document. Kurt talks about 4422bis. Some discussion about normative downrefs. Action items: * Tom - WGLC Kurt's CRAM-MD5-to-historic document * Alexey, Sam, et al. - update docs for GS2 encoding (and SCRAM) * implementors - help write GS2 encoding examples Milestones: Nov 08 - Initial RFC4422 impl. report Nov 08 - Reach consensus on CRAM-MD5 successor approach (and update milestones accordingly) Dec 08 - WGLC RFC4422bis and implementation report I-D Jan 09 - WGLC DIGEST-MD5 replacement I-D Jan 09 - WGLC GS2 I-D _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 13:17:30 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A72928C26A; Thu, 20 Nov 2008 13:17:30 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 402363A68C5; Thu, 20 Nov 2008 13:17:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.979 X-Spam-Level: X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[AWL=-0.620, BAYES_00=-2.599, SARE_LWSHORTT=1.24] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SHUdM6qz2Rz; Thu, 20 Nov 2008 13:17:28 -0800 (PST) Received: from vms173005pub.verizon.net (vms173005pub.verizon.net [206.46.173.5]) by core3.amsl.com (Postfix) with ESMTP id 9F36A28C269; Thu, 20 Nov 2008 13:17:27 -0800 (PST) Received: from [130.129.31.126] by vms173005.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KAN00AD7HSRLZ12@vms173005.mailsrvcs.net>; Thu, 20 Nov 2008 15:17:15 -0600 (CST) Date: Thu, 20 Nov 2008 15:17:13 -0600 From: Tim Polk In-reply-to: To: Paul Hoffman Message-id: MIME-version: 1.0 (Apple Message framework v753.1) X-Mailer: Apple Mail (2.753.1) References: <3E7B31BE-920D-4C79-9FF4-BCB07309AF43@nist.gov> Cc: cfrg@ietf.org, saag@ietf.org Subject: Re: [saag] NIST requests public comments on revision of FIPS 186-3 (DSS) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org Paul, Thanks for the reminder. I was thinking of 2048 bit DSA as particularly significant since it is blocking progression of some security area documents. Thinking short term, I'm afraid. Thanks, Tim On Nov 20, 2008, at 8:08 AM, Paul Hoffman wrote: > At 6:44 PM -0600 11/19/08, Tim Polk wrote: >> Most significantly, this document (if approved) will provide a >> standard reference for the Digital Signature Algorithm (DSA) with >> larger key sizes. FIPS 186-2 limited DSA keys to 1024 bits. > > Some might disagree with "most significantly". In addition to what > you said, Draft FIPS 186-3 also has added two new formats for RSA > signatures. Those should probably be reviewed more heavily in our > community than the obvious change above. > > --Paul Hoffman, Director > --VPN Consortium _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 13:36:09 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD20828C0FA; Thu, 20 Nov 2008 13:36:09 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EDB7328C0FA for ; Thu, 20 Nov 2008 13:36:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.532 X-Spam-Level: X-Spam-Status: No, score=-4.532 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfJWhQBTkBKj for ; Thu, 20 Nov 2008 13:36:08 -0800 (PST) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.141]) by core3.amsl.com (Postfix) with ESMTP id 1ECD83A6831 for ; Thu, 20 Nov 2008 13:36:08 -0800 (PST) Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e1.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id mAKLZosx015132 for ; Thu, 20 Nov 2008 16:35:50 -0500 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id mAKLa61G189932 for ; Thu, 20 Nov 2008 16:36:06 -0500 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id mAKLZkUH009829 for ; Thu, 20 Nov 2008 16:35:46 -0500 Received: from poplar (poplar.watson.ibm.com [9.2.24.140]) by d01av02.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id mAKLZk7R009811; Thu, 20 Nov 2008 16:35:46 -0500 Received: from 9.12.243.15:54751 ([9.12.243.15]) by poplar.watson.ibm.com (IMF.2005.07.16.1050.haw) with SMTP ID IMFd1227216964.499; Thu, 20 Nov 2008 16:36:04 -0400 Date: Thu, 20 Nov 2008 16:35:59 -0500 From: Barry Leiba To: saag@ietf.org Message-ID: X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Disposition: inline Cc: dkim-chairs@tools.ietf.org Subject: [saag] DKIM IETF 73 meeting summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org The DKIM working group met on Thursday, 20 November 2008, with 39 attendees. Document status: there are three documents left to finish. Two -- ADSP and "Overview" -- are with the IESG, and the third -- "Deployment" -- is much of the way toward finishing. We had a review of the new document structure of Deployment, which highlighted some questions about which the authors are looking for input (ideas, preferably with suggested text). We reviewed three unresolved issues with errata for RFC 4871 (DKIM base spec). And then we looked toward the future... We had three brief presentations of topics that the working group might adopt with a re-charter. It seems unlikely that the group will actually take any of them on, and that they'll proceed, if at all, as individual submissions. We spent a good bit of time at the end of the meeting discussion the idea of developing standards for domain reputation services -- something that DKIM enables for email, but which is not limited to DKIM nor email. The consensus is that there is not enough interest nor clarity within the (small) community of reputation-service providers to support a standards effort now (or soon). It is likely that DKIM will not meet in San Francisco, and might actually be ready to close by then. Barry Leiba, DKIM co-chair _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 14:28:09 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A4973A6876; Thu, 20 Nov 2008 14:28:09 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 362DA3A6876 for ; Thu, 20 Nov 2008 14:28:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1rk59fRpTaE for ; Thu, 20 Nov 2008 14:28:06 -0800 (PST) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 577E53A677D for ; Thu, 20 Nov 2008 14:28:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1227220085; x=1258756085; h=message-id:date:from:user-agent:mime-version:to:subject: content-type:content-transfer-encoding:x-ironport-av; z=Message-ID:=20<4925E472.9020508@qualcomm.com>|Date:=20Th u,=2020=20Nov=202008=2014:28:02=20-0800|From:=20Lakshmina th=20Dondeti=20|User-Agent:=20Thun derbird=202.0.0.18=20(Windows/20081105)|MIME-Version:=201 .0|To:=20saag@ietf.org|Subject:=20Soapbox:=20I=20no=20lon ger=20like=20WG=20updates=20being=20read=20at=20the=20mik e|Content-Type:=20text/plain=3B=20charset=3DISO-8859-15 =3B=20format=3Dflowed|Content-Transfer-Encoding:=207bit |X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5100,188,5440"=3B=20a =3D"13320688"; bh=KwPOPocumY40SimAyzZJhUIUKW8iEBb+qTgxg5BQx5Y=; b=U/sPd4WqzbH0icOHi5HKQA1md/iBBbS8eloty2BEKecYmZ0rKodpL+nX AuFwcV4stp9qN6jySX/8BMAk9ZIgOOg92bEEOruC5YyNFJCF9DHURIF8O f1pY/hsfWXSQfjcmTU6XONASzeFlPnl1wfjUoWPLmGxaCmDlE8pSmMNxT E=; X-IronPort-AV: E=McAfee;i="5100,188,5440"; a="13320688" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Nov 2008 14:28:05 -0800 Received: from msgtransport01.qualcomm.com (msgtransport01.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mAKMS4NH021275 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 20 Nov 2008 14:28:05 -0800 Received: from [10.50.76.55] (qconnect-10-50-76-55.qualcomm.com [10.50.76.55]) by msgtransport01.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mAKMS3BU022359 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 20 Nov 2008 14:28:04 -0800 Message-ID: <4925E472.9020508@qualcomm.com> Date: Thu, 20 Nov 2008 14:28:02 -0800 From: Lakshminath Dondeti User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: saag@ietf.org Subject: [saag] Soapbox: I no longer like WG updates being read at the mike X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org I figured I will get started early on my soapbox. I think it is a waste of everyone's time to have WG updates read at the mike. I do like the practice of reports being sent to the list so we all know what is going on. If any of them happen to generate traffic or if there are special issues, it might be worthwhile to include a slot on a case by case basis. thanks, Lakshminath _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 14:33:00 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D7B93A68F1; Thu, 20 Nov 2008 14:33:00 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B4113A68F1 for ; Thu, 20 Nov 2008 14:32:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQ3Qfi6aBKsU for ; Thu, 20 Nov 2008 14:32:58 -0800 (PST) Received: from kilo.rtfm.com (unknown [130.129.95.170]) by core3.amsl.com (Postfix) with ESMTP id 8FAFD3A6876 for ; Thu, 20 Nov 2008 14:32:58 -0800 (PST) Received: from kilo-2.local (localhost [127.0.0.1]) by kilo.rtfm.com (Postfix) with ESMTP id ED119768B60; Thu, 20 Nov 2008 16:32:56 -0600 (CST) Date: Thu, 20 Nov 2008 16:32:56 -0600 From: Eric Rescorla To: Lakshminath Dondeti In-Reply-To: <4925E472.9020508@qualcomm.com> References: <4925E472.9020508@qualcomm.com> User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Message-Id: <20081120223256.ED119768B60@kilo.rtfm.com> Cc: saag@ietf.org Subject: Re: [saag] Soapbox: I no longer like WG updates being read at the mike X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org At Thu, 20 Nov 2008 14:28:02 -0800, Lakshminath Dondeti wrote: > > I figured I will get started early on my soapbox. I think it is a waste > of everyone's time to have WG updates read at the mike. I do like the > practice of reports being sent to the list so we all know what is going > on. If any of them happen to generate traffic or if there are special > issues, it might be worthwhile to include a slot on a case by case basis. I agree with Lakshminath, especially in this instance, where SAAG is so late in the day. -Ekr _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 14:43:13 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2B753A69D8; Thu, 20 Nov 2008 14:43:13 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFDF53A69D8 for ; Thu, 20 Nov 2008 14:43:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AgkVy6zmfDAY for ; Thu, 20 Nov 2008 14:43:12 -0800 (PST) Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 2E9073A6806 for ; Thu, 20 Nov 2008 14:43:12 -0800 (PST) Received: from [128.89.255.112] (helo=Richard-Barnes-Laptop.local) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1L3IEw-0004mg-F2; Thu, 20 Nov 2008 17:43:10 -0500 Message-ID: <4925E7FE.5070302@bbn.com> Date: Thu, 20 Nov 2008 16:43:10 -0600 From: Richard Barnes User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105) MIME-Version: 1.0 To: Eric Rescorla References: <4925E472.9020508@qualcomm.com> <20081120223256.ED119768B60@kilo.rtfm.com> In-Reply-To: <20081120223256.ED119768B60@kilo.rtfm.com> Cc: saag@ietf.org Subject: Re: [saag] Soapbox: I no longer like WG updates being read at the mike X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org +1 Eric Rescorla wrote: > At Thu, 20 Nov 2008 14:28:02 -0800, > Lakshminath Dondeti wrote: >> I figured I will get started early on my soapbox. I think it is a waste >> of everyone's time to have WG updates read at the mike. I do like the >> practice of reports being sent to the list so we all know what is going >> on. If any of them happen to generate traffic or if there are special >> issues, it might be worthwhile to include a slot on a case by case basis. > > I agree with Lakshminath, especially in this instance, where SAAG > is so late in the day. > > -Ekr > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 15:36:46 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFAE13A6A7E; Thu, 20 Nov 2008 15:36:46 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 092AF3A6A7E for ; Thu, 20 Nov 2008 15:36:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.532 X-Spam-Level: X-Spam-Status: No, score=-4.532 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPikUfhQ8fxm for ; Thu, 20 Nov 2008 15:36:44 -0800 (PST) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.141]) by core3.amsl.com (Postfix) with ESMTP id 2DE7E3A6A7D for ; Thu, 20 Nov 2008 15:36:44 -0800 (PST) Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e1.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id mAKNaOg1004714 for ; Thu, 20 Nov 2008 18:36:24 -0500 Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id mAKNaep0164364 for ; Thu, 20 Nov 2008 18:36:40 -0500 Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id mAKNaeic011483 for ; Thu, 20 Nov 2008 18:36:40 -0500 Received: from poplar (poplar.watson.ibm.com [9.2.24.140]) by d01av01.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id mAKNadfJ011476 for ; Thu, 20 Nov 2008 18:36:40 -0500 Received: from 9.12.243.15:55451 ([9.12.243.15]) by poplar.watson.ibm.com (IMF.2005.07.16.1050.haw) with SMTP ID IMFd1227224199.592; Thu, 20 Nov 2008 18:36:39 -0400 Date: Thu, 20 Nov 2008 18:03:47 -0500 From: Barry Leiba To: saag@ietf.org Message-ID: <181FE42755CE066BB4635D21@0CD8CEDA3F0F49F613764B83> In-Reply-To: <4925E472.9020508@qualcomm.com> References: <4925E472.9020508@qualcomm.com> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Disposition: inline Subject: Re: [saag] Soapbox: I no longer like WG updates being read at the mike X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org > I figured I will get started early on my soapbox. I think it is a waste of > everyone's time to have WG updates read at the mike. +17 Except... when else would I read news and blogs? Hmm..... Barry _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 15:48:11 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 037C23A68EC; Thu, 20 Nov 2008 15:48:11 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 37A8B3A68EC for ; Thu, 20 Nov 2008 15:48:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qSfrPpU58YC for ; Thu, 20 Nov 2008 15:48:09 -0800 (PST) Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 708A83A67F0 for ; Thu, 20 Nov 2008 15:48:09 -0800 (PST) X-IronPort-AV: E=Sophos;i="4.33,639,1220227200"; d="scan'208";a="107462269" Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-2.cisco.com with ESMTP; 20 Nov 2008 23:48:08 +0000 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id mAKNm8hZ005167 for ; Thu, 20 Nov 2008 15:48:08 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id mAKNm8tX005511 for ; Thu, 20 Nov 2008 23:48:08 GMT Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 20 Nov 2008 15:48:08 -0800 Received: from [130.129.29.228] ([10.21.72.144]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 20 Nov 2008 15:48:07 -0800 Mime-Version: 1.0 (Apple Message framework v753.1) Message-Id: To: saag@ietf.org From: Brian Weis Date: Thu, 20 Nov 2008 15:48:22 -0800 X-Mailer: Apple Mail (2.753.1) X-OriginalArrivalTime: 20 Nov 2008 23:48:07.0840 (UTC) FILETIME=[703C8200:01C94B6A] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1353; t=1227224888; x=1228088888; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=bew@cisco.com; z=From:=20Brian=20Weis=20 |Subject:=20IETF=2073=20MSEC=20working=20group=20summary=20 |Sender:=20; bh=n4I23seBcnkOACWbNvkEcEZ4nc6iN05C5CErKcL6GNw=; b=ZI6sVOHXgEFi3Zh8aA/ZL7W3e6u8tfJmcWUanK9zVL0ZpOs/nGIRc37ISY jxFJ9+5geip5fvGAyKMT8a6K4Km6pWUQ7cm1SfF3kFl4OYdWJLNYANn/OtfU AImq/0bng5; Authentication-Results: sj-dkim-2; header.From=bew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; ); Subject: [saag] IETF 73 MSEC working group summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org MSEC meeting summary We spent 1 hour on Wednesday. We opened by reviewing the status of current and expired working group drafts with the goal of updating our milestones. We then had four presentations. Vincent Roca presented to the draft applying TESLA to the ALC and NORM protocols. There were new changes resulting from the working group last call. The group will re-review the draft again after he creates a version that addresses all of the comments. David McGrew presented a draft describing a method of safely using AES counter modes with multiple-sender IPsec security associations. Since the meeting, the chairs have started a working group last call. If you're interested, check the MSEC mailing list for details. Sheela Rowles presented two drafts. The first one is a working group draft describing clarification to the GDOI protocol based on implementation experience, and also to support new attributes proscribed in a new architecture document and also the counter mode document. The second draft proposes GDOI extensions to support the non-IPsec integrity protection mechanisms of the RSVP and NLS protocols. There will be a discussion on the MSEC list to determine the level of support for taking on the draft as a working group item. -- Brian Weis Lakshminath Dondeti _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From saag-bounces@ietf.org Thu Nov 20 15:53:40 2008 Return-Path: X-Original-To: saag-archive@ietf.org Delivered-To: ietfarch-saag-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 779A43A68EC; Thu, 20 Nov 2008 15:53:40 -0800 (PST) X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4BC453A689E for ; Thu, 20 Nov 2008 15:53:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.799 X-Spam-Level: X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[AWL=1.800, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HeYQma6E6kd for ; Thu, 20 Nov 2008 15:53:38 -0800 (PST) Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by core3.amsl.com (Postfix) with ESMTP id 0A6073A69D8 for ; Thu, 20 Nov 2008 15:53:37 -0800 (PST) Received: from [130.129.77.217] ([130.129.95.187]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id mAKNrXra026846 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Nov 2008 18:53:34 -0500 (EST) Date: Thu, 20 Nov 2008 17:53:33 -0600 From: Jeffrey Hutzelman To: saag@ietf.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Subject: [saag] [Isms] draft meeting minutes (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: saag-bounces@ietf.org Errors-To: saag-bounces@ietf.org ------------ Forwarded Message ------------ Date: Monday, November 17, 2008 10:21:47 PM +0100 From: Juergen Schoenwaelder To: isms@ietf.org Cc: Subject: [Isms] draft meeting minutes From: Juergen Schoenwaelder To: isms@ietf.org Subject: [Isms] draft meeting minutes Date-Sent: Monday, November 17, 2008 10:21:47 PM +0100 ======================================================= Integrated Security Model for SNMP WG (isms) IETF 73 Minneapolis Monday, November 17, 2008, 1300-1500 Taken by Juergen Schoenwaelder, Juergen Quittek ======================================================= Chair: Juergen Schoenwaelder Meeting Chair: Bert Wijnen Agenda: 1) Agenda bashing, WG status ( 5 min) (Bert Wijnen) - Blue sheets - Minute and note takers - Jabber scribe 2) Last call comment resolution (40 min) (David Harrington, David Nelson) - Transport Subsystem for SNMP [1] - Transport Security Model for SNMP [2] - Secure Shell Transport Model for SNMP [3] - RADIUS Usage for SNMP SSH Security Model [4] 3) Discussion of related drafts (10 min) (Wes Hardaker) 4) Wrap up and review of action items ( 5 min) (Bert Wijnen) WG Documents: [1] Transport Subsystem for the Simple Network Management Protocol (SNMP) [2] Transport Security Model for SNMP [3] Secure Shell Transport Model for SNMP [4] Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models Related Documents: [5] Datagram Transport Layer Security Transport Model for SNMP [6] Simplified View-based Access Control Model (SVACM) for the Simple Network Management Protocol (SNMP) [7] Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management Actors: - Bert Wijnen (BW) - Juergen Quittek (JQ) - David Nelson (DN) - David Harrington (DH) - Jeff Hutzelman (JH) - Dan Romascanu (DR) Summary: The ISMS WG has four WG documents: the Transport Subsystem for SNMP , the Transport Security Model for SNMP , the Secure Shell Transport Model for SNMP , and the Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models . All four documents are in WG last call until November 23rd. The WG last call comments received so far are mainly editorial and for most of them the editor understands the edits. For one issue, the document editor will come up with a proposal for the resolution on the WG list. Additional reviews of the WG documents in last call have been requested by the chair. A DTLS transport mapping for SNMP, which is not part of the current ISMS charter, has been presented. The DTLS transport mapping author confirmed that the WG documents establish a suitable framework for defining additional secure transport models in the future and the room showed some interest in a DTLS transport for SNMP. The meeting was attended by approximately 20 people. Discussions: 1. Agenda and WG Status (BW) - BW presents the ISMS status slides - no changes to the agenda 2. Last Call Discussion (DH) - DH presents the slides detailing the changes since IETF 72 Q: What if tmSameSecurity is set but there is no LCD entry? The problematical section is 5.2 steps 3 & 4 from the SSH document. (DS) There was agreement that the message should be discarded. This is what the transport subsystem document already says but this needs to be clarified in the elements of procedure of the SSH transport mapping document Q: Another issue is related to the exposure of session information outside of the SNMP engine (DS) DH will come up with a proposal how to resolve the issue - BW polls for additional reviewers 3. Last Call Discussion (DN) - Very minor mostly editorial changes of the radius usage document since the last revision posted in October - No last call comments received so far on the radius usage document - BW and DN poll for additional reviewers 4. SVACM: Simplified VACM (DH) - SVACM is a simplified view-based access control model trying to reduce complexity and implementation costs (e.g. just one context, just one security model) - Three people in the room seem to have read the document - Authors could not present due to travel restrictions from China and the time it takes to obtain visas etc. - Some concerns were raised by JH and DR that work on access control models might be out of scope of ISMS and that any new work on access control models might require a proper IETF wide BoF 5. SNMP over DTLS (WH) - WH presents his DTLS over SNMP slides. SNMP over DTLS is not a WG work item according to the current WG charter. - Three people in the room seem to have read the document. Q: Are certificates used somewhere else for login authentication? I suspect that the name mapping problem is not specific to SNMP and that other WGs must have dealt with this before (DN) JH reports that there are a few cases where X.509 certificates are used for user authentication. Some discussion started about the usage of particular fields of X.509 certificates for identifying identities, in particular concerning subjectAltName JH stated that other WGs have not solved this problem and they usually leave the details wide open and let ultimately the application decide (JH) Q: Have there been any issues with the transport mapping specs that caused trouble in writing the dtls transport? If not, this is a good sign that we got things right (JS) WH did not find any major issues - this is a good sign that we got things right. WH also has some implementation experience with the core documents and believes they are fine to implement. C: We might have an issue with length restriction of security names (32 octets) in the longer run; if we do future work, we might have to look into this (DH) - About 9 people in the room showed interest in a DTLS transport model 6. Wrap Up and Action Points (BW) - all to review the WG documents and tell the WG mailing list - DH will present to the WG a solution for the raised technical issue - DH will apply the editorial changes received so far - DN will address any issues if they come up during last call - JS to decide what the next steps are concerning the SVACM document - JS to decide what the next steps are concerning DTLS-TM ---------- End Forwarded Message ---------- _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag