Re: Last Call: draft-williams-on-channel-binding (On the Use of Channel Bindings to Secure Channels) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think this a significant I-D which could be, in a few years, be the way in
which security is done in the Internet.

But I also think it understates its achievements in the Abstract and that it may
be inaccessible to those who would use it, those who are not also security
experts.

The Abstract refers to an approach 'which has various performance benefits'.
Rather, I think that is solves a - the? - problem of Internet security, that
encryption is easy and authentication is difficult and the mantra of security is
that sound authentication must come first.  This approach offers a way out of
that impasse.

But it is not clear that this is the case.  I think that to get the benefits of
this idea the I-D should have a non-normative section showing how it can be
applied to some well understood application, using a well-understood lower
secure layer (ie TLS or SSH, not IPsec) showing the outline protocol flow and
infrastructure dependencies.

Otherwise those who would benefit from it - isms, netconf, syslog, ... ? - will
not understand what they might do.  I appreciate that something of this ilk has
been around for a while (eg as when Ira McDonald pointed the isms list at
draft-puthenkulam-eap-binding-04.txt) but I think that it got no traction
because of its impenetrability.

Tom Petch

----- Original Message -----
From: "The IESG" <iesg-secretary@xxxxxxxx>
To: "IETF-Announce" <ietf-announce@xxxxxxxx>
Sent: Wednesday, March 14, 2007 4:44 PM
Subject: Last Call: draft-williams-on-channel-binding (On the Use of Channel
Bindings to Secure Channels) to Proposed Standard


> The IESG has received a request from an individual submitter to consider
> the following document:
>
> - 'On the Use of Channel Bindings to Secure Channels '
>    <draft-williams-on-channel-binding-01.txt> as a Proposed Standard
>
>    The introduction of this draft implies that the facility being
>   discussed applies only to GSS-API.  That is not the case and the rest
>    of the draft is clear on this point; this draft proposes to generalize
>    and clarify a facility that exists today in GSS-API both for GSS-API
>    use and for other authentication frameworks.
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send substantive comments to the
> ietf@xxxxxxxx mailing lists by 2007-04-11. Exceptionally,
> comments may be sent to iesg@xxxxxxxx instead. In either case, please
> retain the beginning of the Subject line to allow automated sorting.
>
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-williams-on-channel-binding-01.txt
>
>
> IESG discussion can be tracked via
>
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=15078&rf
c_flag=0
>
>
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf-announce


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]