[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ipsec-arch-sec-01.txt

To: ipsec@tis.com
Subject: Re: Comments on ipsec-arch-sec-01.txt
From: Ran Atkinson <rja@inet.org>
Date: Wed, 24 Sep 97 15:57:43 GMT Daylight Time
References: <34280DD5.728@fet.com>
Sender: owner-ipsec@ex.tis.com


--- On Tue, 23 Sep 1997 11:43:33 -0700  "Scott G. Kelly" <scott@fet.com> wrote:

> >   Requiring that the tunnel/transport-mode distinction be part of the SA
> >    will break several existing implementations that my employer is using.
> >    It also goes against the grain of not changing the specification in a way
> >    that makes existing conforming implementations non-conforming. 
> 
> The convenience of your employer *should not* be an issue here. 

	Actually, stability of the protocol, which is what the above discusses,
is ENTIRELY relevant.  Its relevant to nearly every IETF protocol design
activity in fact.  Further, there was general agreement within the IPsec WG
in the Summer of 1996 that existing implementations would not be made 
non-conforming unless necessary to fix some known security flaw 
(e.g. the move from RFC-1829 to the Hughes/Madson DES+HMAC MD5 fixes a flaw 
published in [Bellovin96]).

> How this ever became a criteria for deciding if a change is appropriate (if in
> fact it has) is beyond me. 

	Probably because you aren't understanding all of what I said,
please see below.

> We are talking about the *world's*
> communications system here; not just the one which will be used by
> Cisco, BBN, USR, or <fill in the blank>. If it is inconvenient to make a
> design change which corrects a flaw in the system, that is the price you
> pay for leading the crowd - that is why we call it 'the bleeding edge'.

	No one has suggested there is a flaw.  In fact, there is no 
security flaw that is being corrected here.  This assumption on your part
might be the root of the misunderstanding.

	The argument for NOT requiring that the tunnel/transport attribute 
be part of an SA is in fact -- that the protocol DOES need to be general to many 
different organisations.  So your assertion at the bottom, supports my assertion 
that the tunnel/transport attribute ought not be mandated for each SA.  

As it happens, I agree entirely with Derrell Piper's note that I just read:
	- There are times when it might be useful to negotiate the
		tunnel/transport attribute, hence it should be in the DOI.
	- There are times when it might be useful to not negotiate the
		tunnel/transport attribute, hence it should not be mandatory
		to negotiate each time.
	- The same is true for an SA.  It would be fine to say that the
	  	tunnel/transport attribute MAY be part of an SA.  It would
		be wrong to require that the tunnel/transport attribute MUST
		be part of each SA.

Ran
rja@inet.org

References:

Re: Comments on ipsec-arch-sec-01.txt

From: "Scott G. Kelly" <scott@fet.com>

Prev by Date: [Ottawa bakeoff feedback] problem with ESP Padding
Next by Date: Re: Comments on ipsec-arch-sec-01.txt
Prev by thread: Re: Comments on ipsec-arch-sec-01.txt
Next by thread: Re: Comments on ipsec-arch-sec-01.txt
Index(es):
- Main
- Thread