From subs-reminder@vpnc.org Tue Oct 7 02:44:56 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA21023 for ; Tue, 7 Oct 2003 02:44:55 -0400 (EDT) From: subs-reminder@vpnc.org Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h976j2KP074459 for ; Mon, 6 Oct 2003 23:45:02 -0700 (PDT) (envelope-from subs-reminder@vpnc.org) Received: (from root@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h976j2NG074457; Mon, 6 Oct 2003 23:45:02 -0700 (PDT) Date: Mon, 6 Oct 2003 23:45:02 -0700 (PDT) Message-Id: <200310070645.h976j2NG074457@above.proper.com> To: ipsp-archive@ietf.org Subject: [[739478154]] Subscription to ipsec-policy for ipsp-archive@lists.ietf.org Greetings. This message is a periodic reminder that ipsp-archive@lists.ietf.org is subscribed to the ipsec-policy mailing list. *** SEE BELOW: PLEASE DO NOT RESPOND TO THIS MESSAGE. *** There are two purposes for this message: - If this message is bounced by your mail server, I can remove you from the mailing list and reduce waste of bandwidth and resources. (If you are reading this message, it clearly didn't get bounced!) - Some people stay subscribed to mailing lists even though they do not want to because they do not know how to unsubscribe. If you want to stay subscribed to the ipsec-policy mailing list, you do not need to do anything. Feel free to delete this message. On the other hand, if you want to unsubscribe from this list, simply go to the following link: If for some reason you cannot go to that web site, you can also unsubscribe by email; however, doing so is not as likely to get you unsubscribed as the web site is. To unsubscribe using email, you can respond to this message and I will unsubscribe you by hand in the next few days. Again, this is not assured to work because your mail system may make it impossible for me to determine who you are or what you want to unsubscribe to. Alternatively, you can send a plain-text message to: ipsec-policy-request@vpnc.org with the single word unsubscribe in the body of the message. This last method assumes that the "From:" address in your mail is "ipsp-archive@lists.ietf.org". Again, using the web site above is more likely to work than this method (due to limitations in Majordomo, the mailing list software we currently use). If you have any questions, feel free to contact me. --Paul Hoffman, list administrator From owner-ipsec-policy@mail.vpnc.org Mon Oct 27 15:58:33 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09921 for ; Mon, 27 Oct 2003 15:58:32 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9RK8tI7071893 for ; Mon, 27 Oct 2003 12:08:55 -0800 (PST) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9RK8ss3071892 for ipsec-policy-bks; Mon, 27 Oct 2003 12:08:55 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9RK8sI7071883 for ; Mon, 27 Oct 2003 12:08:54 -0800 (PST) (envelope-from nw141292@binky.central.sun.com) Received: from centralmail2brm.Central.Sun.COM ([129.147.62.14]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9RK7xxA009860; Mon, 27 Oct 2003 12:07:59 -0800 (PST) Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail2brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id h9RK7v58012282; Mon, 27 Oct 2003 13:07:58 -0700 (MST) Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.5+Sun/8.12.3) with ESMTP id h9RK3qQx003840; Mon, 27 Oct 2003 12:03:52 -0800 (PST) Received: (from nw141292@localhost) by binky.central.sun.com (8.12.5+Sun/8.12.3/Submit) id h9RK3oR7003839; Mon, 27 Oct 2003 12:03:50 -0800 (PST) Date: Mon, 27 Oct 2003 12:03:50 -0800 From: Nicolas Williams To: ipsec@lists.tislabs.com, ietf-sasl@imc.org, ipsec-policy@vpnc.org, ietf-krb-wg@anl.gov, ietf-tls@lists.certicom.com, ietf-ssh@netbsd.org, ietf-cat-wg@lists.stanford.edu, ips@ietf.org Cc: nfsv4@ietf.org Subject: [I-D ACTION:draft-ietf-nfsv4-channel-bindings-00.txt] Message-ID: <20031027200350.GI24528@binky.central.sun.com> Mail-Followup-To: ipsec@lists.tislabs.com, ietf-sasl@imc.org, ipsec-policy@vpnc.org, ietf-krb-wg@anl.gov, ietf-tls@lists.certicom.com, ietf-ssh@netbsd.org, ietf-cat-wg@lists.stanford.edu, ips@ietf.org, nfsv4@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Followups-To: nfsv4@ietf.org Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: [Apologies for the cross-post; followups should NOT be cross-posted this widely. Please Cc ONLY the appropriate WG mailing list(s) on any replies. Since I am not subscribed to all of the relevant WGs' mailing lists, please Cc me in all replies.] The NFSv4 WG I-D on channel bindings needs review from several IETF WGs. This I-D, draft-ietf-nfsv4-channel-bindings-00.txt, goes along with the soon to be published draft-ietf-nfsv4-ccm-03.txt (currently: -02). We would appreciate feedback from the Cc'ed WGs on several areas as requested below. Please cc the appropriate WG lists only in your replies. The I-D announcement is included below, including the I-D Abstract. Thanks, Nico Review requests: - From all the cc'ed WGs, the security community in general and the [concluded] CAT WG mailing list: o Please review the generic definition of "channel bindings" in this I-D and the concept of "channel bindings" in general. (Use the CAT WG list and/or the NFSv4 WG list.) - From the IPSEC WG: o Please review the IPsec channel construction in this I-D and the relevant interface requirements. o Please review the IPsec channel bindings construction. (Use the IPSEC WG and/or the IPSP WG lists.) - From the IPSP WG: o Please review the IPsec channel construction in this I-D and the relevant interface requirements. (Use the IPSEC WG and/or the IPSP WG lists.) - From the IPS WG: o Please consider the channel bindings concept as a general solution to the problems with the iSCSI approach to security ("authenticate at iSCSI layer with x, y or z authentication technology, but delegate session integrity/confidentiality protection to IPsec"). See the introduction (section 1) of this I-D for a description of the problem with the iSCSI approach to security. (I realize that I'm late to the iSCSI party - my goal is not to affect the progression of the iSCSI I-Ds to Proposed Standard and publication as RFCs, far from it.) (Use the IPS WG list.) - From the TLS WG: o Please review the construction of channel bindings to TLS channels given in this I-D. (Use the TLS WG list.) - From the SECSH WG: o Please review the construction of channel bindings to SSHv2 channels given in this I-D. (Use the SECSH WG list.) - From the KRB WG: o Please review sections 3.3 and 4.5 of this I-D. (Use the KRB WG list.) - From the SASL WG: o Please review section 3.2 of this I-D. (Use the SASL WG list.) ----- Forwarded message from Internet-Drafts@ietf.org ----- Date: Fri, 24 Oct 2003 10:50:50 -0400 From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-nfsv4-channel-bindings-00.txt To: IETF-Announce: ; Cc: nfsv4@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network File System Version 4 Working Group of the IETF. Title : On the Use of Channel Bindings to Secure Channels Author(s) : N. Williams Filename : draft-ietf-nfsv4-channel-bindings-00.txt Pages : 14 Date : 2003-10-23 This document defines and formalizes the concept of channel bindings to secure layers and defines the actual contents of channel bindings for several secure channels. The concept of channel bindings allows applications to prove that the end-points of two secure channels are the same by binding authentication at one network layer to the session protection negotiation at a lower network layer. The use of channel bindings allows applications to delegate session protection to lower layers. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-channel-bindings-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-nfsv4-channel-bindings-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-nfsv4-channel-bindings-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ----- End forwarded message -----