hi Aaron, On 03 Jul 2014, at 18:21, Aaron Falk <[email protected]> wrote:
> On Wed, Jul 2, 2014 at 8:54 AM, Barry Leiba <[email protected]> wrote: > > + many. The point here -- and how I'd rephrase Stephen's comment > > -- is that security characteristics of a transport (whether it > > provides confidentiality, integrity, message/endpoint authenticity) > > are "first class" characteristics of a transport protocol, just > > like reliability, or multihoming, and must be considered as such. > > > > (And TCPINC, just chartered, is working on a new transport > > protocol, and there needs to be interchange between the two groups > > to make sure that (1) TCPINC isn't gratuitously TAPS-unfriendly, > > whatever that means and that (2) TAPS can accomodate the protocol > > that comes out of TCPINC. This is less a security-specific issue > > than a maybe-we-should-talk-to-each-other issue. :) ) > > Nicely put. That's what I'm after. > > Et moi aussi. > > Barry > > > I agree as well. I am a little worried that (as Lloyd suggested) security > discussions may dominate the working group or, worse, there will be > insufficient security 'clue' to do a good job. As a first step, treating TCPINC as exactly the kind of new transport protocol development TAPS is meant to foster, and TCPINC considering TAPS as the framework-in-development for new transport protocol deployment, should be sufficient for security 'clue' -- i.e., the security-specific bits of the discussion will happen largely in TCPINC, and if there's not sufficient security clue in *that* room then we've got bigger problems. Note that this interaction cuts both ways: these security services are important, but they're not snowflake-special: you need switches to turn them on and off, guidelines on when to do that and how, and additional interface support to push additional configuration (i.e. keys) down and pull additional status (e.g., "transport not authenticated") up. As for avoiding unproductive ratholing on tangentially- or un-related arguments about security... well, that's why working groups have chairs. :) Cheers, Brian
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Taps mailing list [email protected] https://www.ietf.org/mailman/listinfo/taps
