Mike, Good points. So are you saying we should mandate ESP and AH but it's ok not to mandate IKE? and perhaps use something else for key distribution?
I'm just trying to understand how to address these comments in the draft. Hesham > -----Original Message----- > From: Michael Thomas [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 04, 2002 6:08 PM > To: OKABE Nobuo > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: Should IP Security be Optional? > > > > So, talking about making exceptions to the MUST > IMPLEMENT aspect of ipsec on v6 strikes me as a > really poor idea. First of all, a minimum > implementation of IPsec to fulfill the mandatory > requirements is quite small -- we're not talking > about IKE here. Far more problematic, however, is > the lack of a common security substrate on the > net. We know what that means in practice: no > security at all in the vast majority of cases. > Requiring IPsec at least gets us to the point > where two nodes can have a secure conversation > with any mix of traffic instead of the current > mishmash of incomplete and often insecure other > mechanisms (read: nothing in many important > cases). > > I think I also disagree with Jari's > characterization of fixed-purpose devices. The net > is not the PSTN with exactly one application. > Once you've enabled IP, you have instant access to > zillions of applications, and a zillion more to > come. While small boxen certainly will only > implement a small fraction of those applications, > we have not one clue *which* ones they'll be! Some > may very well be UDP based, and thus TLS won't be > of any use. So we'll be back to the same state of > trying to shoe-horn protocols to meet security > requirements via unnatural acts with TLS, often > ill-conceived application layer security, or just > plain ignoring the problem and hoping for the > best. > > *Please* let's not go there. For the scant amount > of flash and ram that IPsec requires we get a > common baseline. This is desparately needed so > that we at least have something to proceed from > rather than the current chaos. IPsec is the > security analog to TCP's reliable transport. > Without TCP, protocol and application development > would have been severely hampered. TCP's utility > amongst other things was to simplify networking so > that people other than net weenies could write > applications. The same, I'm afraid, is true of > crypto -- maybe even worse, because a cursory > understanding of transport wasn't all that hard to > come by even 20 years ago, whereas there's not a > surer way of getting people's eyes to glaze over > faster than talking about crypto in my experience. > > We really, really need some commonality. Let's > not backtrack. > > Mike > > > OKABE Nobuo writes: > > Thank you for your many feedbacks. > > > > From: Jari Arkko <[EMAIL PROTECTED]> > > Subject: Re: Should IP Security be Optional? [Was RE: > draft-ietf-ipv6-cellular-host-00.txt -> wg last call?] > > Date: Mon, 04 Mar 2002 15:03:00 +0200 > > > > > Francis Dupont wrote: > > > > > > > => yes, ICMP is hard to protect and to use it for > small services > > > > does not make things simpler... > > > > > > So, we agree on this at least... > > > > > > > => there is an IAB statement about security. IPsec > support was > > > > made mandatory according to this statement and IMHO this was > > > > a big step forward. There are other security mechanisms, > > > > including some at the transport layer (SSL/TLS, IMHO IPsec > > > > is better but real world considerations have to be > considered :-) > > > > and some at the application layer, with in some cases a very > > > > different usage (PGP). > > > > I have in favor of to make all core security > mechanisms mandatory > > > > (MUST or strong SHOULD), cf RFC 2316 section 10. > IPsec is only > > > > the first in the list. > > > > > > I'm partially in favor of this approach, but not entirely. > > > I'd be much more comfortable with trying to make a detailed > > > recommendation on where different mechanisms are applicable > > > and mandated, than try to mandate them all everywhere (likely > > > with less than 100% success among implementors). > > > > > > I think the general approach should be that security > > > is mandatory, but not necessarily same type of security > > > under all circumstances. > > > > I agree. > > > > If a very small host has single application (ex. web), > > the implementer will want to implement an appropriate > > security mechanism only (ex, TLS) because of fitting > > its cost. > > > > It should be our further work to make detailed > > guideline for LCNA part. > > > > ---- nobuo > > > -------------------------------------------------------------------- > > IETF IPng Working Group Mailing List > > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
