[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations



On Tue, May 20, 2003 at 09:49:29AM +0200, Jean-Jacques Puig wrote:
> On Mon, May 19, 2003 at 02:26:14PM -0400, Rob Austein wrote:
> > Is it the intention of this WG that the IPSECKEY RR be useful in an
> > environment which does not (somehow) provide data origin
> > authentication and data integrity protection for the IPSECKEY RR?
> 
> My opinion is also "no" (well, I mean it is not 'my' intention "that the
> IPSECKEY RR etc."). But I would be interested in the explanations of
> someone who would say "yes" here (pure curiosity :).

Sorry, I realized reading `comments and nits` from Mr Austein that I
possibly misunderstood his words.

IMHO, express an 'intent' is not the same as to 'order': the former
expresses itself with SHOULD while the later expresses with MUST.
Rephrasing my answer:

"no, it is not my intention that the IPSECKEY RR ... which does not
(somehow) ... for the IPSECKEY RR BUT I don't care if someone uses this
RR in such an environment."

> 4. Security Considerations
> 
> |  This entire memo pertains to the provision of public keying material
> |  for use by key management protocols such as ISAKMP/IKE (RFC2407) [7].
> 
> |  Implementations of DNS servers and resolvers SHOULD take care to make
> |  sure that the keying material is delivered intact to the end
> |  application.  The use of DNSSEC to provide end-to-end integrity
> |  protection is strongly encouraged.
> 
> May be 'strongly encouraged' is a bit... strong :). Why not something
> like: 
> 
> %  Implementations of DNS servers and resolvers SHOULD take care to make
> %  sure that the keying material is delivered intact to the end
> %  application. End to end integrity can be achieved, for instance,
> %  through the use of DNSSEC [8].

This is where we disagree I think. SHOULD is perfectly suitable here
(IMHO), and MUST would be more than expressing an intent: it would
express a requirement.

2119:
1. MUST   This word, or the terms "REQUIRED" or "SHALL", mean that the
   definition is an absolute requirement of the specification.

I don't think it is a up to the wg to make DNSSEC or any other mecanism
mandatory. We surely can provide advices though.

> 
> |  The semantics of this record is outside of the scope of this
> |  document, so no advice for users of this information is provided.
> |  Any user of this resource record MUST carefully document their trust
> |  model, and why the trust model of DNSSEC is appropriate.

--
Jean-Jacques Puig
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.