Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Jumping in a bit late, but... (and only for this one point really) On Thu, Oct 15, 2015 at 7:35 AM, Jeffrey Haas wrote: >> Why is using TLS not a no-brainer for this? Given the likes >> of the Belgacom and Gemalto reports, I would love to TLS is a great plan, now you have to:

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Stephen, On Fri, Oct 16, 2015 at 03:32:48PM +0100, Stephen Farrell wrote: > On 14/10/15 21:35, Jeffrey Haas wrote: > > It's refreshingly honest, > > Do we agree that the above is in fact the situation? If we do, > then I think the easiest way to handle my DISCUSS is to figure > out how best to

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Hi all, Just picking this one to respond, as I think it may be the best for moving the discussion along a bit. On 14/10/15 21:35, Jeffrey Haas wrote: > [Note that I do not speak for the authors, just as someone who works on > software that contains an implementation of BMP.] > > On Wed, Oct

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Wed, Oct 14, 2015 at 05:09:14PM -0400, Jeffrey Haas: > On Wed, Oct 14, 2015 at 08:47:17PM +, heasley wrote: > > For debugging purposes, I'd perfer to see ALL protocols have a "cleartext" > > option - not for normal runtime, for debugging. its darwinian, if someone > > chooses to always run

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

I'll reply to this at greater length later, but for now let me associate myself with Jeff and Heas's comments. --John > On Oct 14, 2015, at 12:44 PM, Stephen Farrell > wrote: > > Stephen Farrell has entered the following ballot position for >

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Wed, Oct 14, 2015 at 09:04:33PM +0100, Stephen Farrell: > > I'd be happy to see the addition of TLS support in a future document. I > > also do not want TLS use to be required and I would like to see this > > draft move forward without TLS. > > My non-blocking comment asks about the why of that,

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

And I failed to include a relevant point: On Wed, Oct 14, 2015 at 04:35:37PM -0400, Jeffrey Haas wrote: > The protocol standardizes the message contents over this stream. > > The protocol by default suggests TCP. But as overly flippantly noted in the > security considerations, you can use

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

[Note that I do not speak for the authors, just as someone who works on software that contains an implementation of BMP.] On Wed, Oct 14, 2015 at 09:44:01AM -0700, Stephen Farrell wrote: > "This is an inherently insecure protocol for no particularly > good reason and mostly due to the lack of

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

On Wed, Oct 14, 2015 at 08:47:17PM +, heasley wrote: > For debugging purposes, I'd perfer to see ALL protocols have a "cleartext" > option - not for normal runtime, for debugging. its darwinian, if someone > chooses to always run cleartext. This is actually a big deal with regards to