Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hiya,

On 06/08/14 14:43, Dave Crocker wrote:
> On 8/6/2014 5:24 AM, Stephen Farrell wrote:
>> Hierarchy isn't the right concept here.
>>
>> There are different states that might result after some
>> opportunistic security steps are taken in a protocol.
> ...
>> There are also interactions between all the above and the
>> particular protocol we're trying to secure, 
> ...
>> Its very important to note that there isn't even a partial
>> order of the various end states on which we can always
>> generically agree, never mind a full ordering. 
> 
> 
> Stephen,
> 
> All of the above means that this term is for use only by security
> experts, since it makes the term unwieldy for use by anyone else.

Not "only," nor just "experts" - I think the term is meant for
protocol developers that care about and know something about
security. An average or better IETF participant I guess would be
the right target. (Please also note that this draft is not meant
to say how to apply OS to your protocol, nor is it a beginners
tutorial. The former is another day's work, but is the kind of
thing that we also need to do after this bit is done, and
probably via an update to BCP72. The tutorial thing may well be
better done outside the IETF.)

> I'll also note that the draft says nothing like the above.  That should
> bother you, and everyone else.

It doesn't though:-) Maybe its a fair point though that the
draft assumes a bit too much knowledge on the part of the
reader. I'd have to go check again.

> Worse, the different responses from folks who have been active in the
> discussion and who try to explain the term show different
> understandings/meanings.  Still.  After all this time and discussion.
> 
> For the term to be useful, it MUST have a simple meaning that is shared
> amongst its users.  Otherwise, we are through the looking glass.

I fully disagree. It seems to me that Viktor, Steve K, Scott K, Nico
and I and others are all saying the same thing in different words
and are in fact agreeing with one another. Yet to you it seems
that we're not. That is an issue to look at yes. So I need to look
back and see what it is that you (and the few other folks who've
commented similarly) are finding problematic. Right now, I'm just
not getting it tbh, but I expect we'll figure it out.

However I *really* do not think we'd be wise to re-start the work
looking for a new term or a new meaning so I won't comment on
your suggestions along those lines.

S.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]