[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations

To: Rob Austein <sra+ipseckey@hactrn.net>
Subject: Re: [IPSECKEY] Security Considerations
From: Jean-Jacques Puig <Jean-Jacques.Puig@int-evry.fr>
Date: Tue, 20 May 2003 09:49:29 +0200
Cc: ipseckey <ipseckey@sandelman.ca>
In-Reply-To: <20030519182614.1919518E3@thrintun.hactrn.net>
References: <20030519182614.1919518E3@thrintun.hactrn.net>
Sender: owner-ipseckey@sandelman.ottawa.on.ca

On Mon, May 19, 2003 at 02:26:14PM -0400, Rob Austein wrote:
> Is it the intention of this WG that the IPSECKEY RR be useful in an
> environment which does not (somehow) provide data origin
> authentication and data integrity protection for the IPSECKEY RR?

My opinion is also "no" (well, I mean it is not 'my' intention "that the
IPSECKEY RR etc."). But I would be interested in the explanations of
someone who would say "yes" here (pure curiosity :).

> Please note that I am trying -not- to make this explictly dependent on
> DNSSEC, the issue here is what services we require from the
> environment, not what specific mechanism provides those services.

Agree. Obviously, DNSSEC is not the only solution available here (it may
depend on the use of the RR, which is not covered by the draft). I made
the cut and paste for the WG to discuss on the real thing:

4. Security Considerations

|  This entire memo pertains to the provision of public keying material
|  for use by key management protocols such as ISAKMP/IKE (RFC2407) [7].

|  Implementations of DNS servers and resolvers SHOULD take care to make
|  sure that the keying material is delivered intact to the end
|  application.  The use of DNSSEC to provide end-to-end integrity
|  protection is strongly encouraged.

May be 'strongly encouraged' is a bit... strong :). Why not something
like: 

%  Implementations of DNS servers and resolvers SHOULD take care to make
%  sure that the keying material is delivered intact to the end
%  application. End to end integrity can be achieved, for instance,
%  through the use of DNSSEC [8].

|  The semantics of this record is outside of the scope of this
|  document, so no advice for users of this information is provided.
|  Any user of this resource record MUST carefully document their trust
|  model, and why the trust model of DNSSEC is appropriate.

Well, anyway, current SC section looks good. I don't think we have a big
issue here unless WG globally disagree on the importance of integrity
and data origin authentication.

--
Jean-Jacques Puig
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.

Follow-Ups:
- Re: [IPSECKEY] Security Considerations
  - From: Jean-Jacques Puig <Jean-Jacques.Puig@int-evry.fr>

References:
- [IPSECKEY] Security Considerations
  - From: Rob Austein <sra+ipseckey@hactrn.net>

Prev by Date: [IPSECKEY] Re: Security Considerations for IPSECKEY
Next by Date: [IPSECKEY] Forward: Security Considerations for IPSECKEY
Prev by thread: [IPSECKEY] Security Considerations
Next by thread: Re: [IPSECKEY] Security Considerations
Index(es):
- Date
- Thread