Security Top Concern for New IETF Chair 54
BobB writes "New IETF chair Russ Housley speaks out about bolting security on after the fact, the prospects for IPv6 and a new security technology called Hokey that could help safeguard wireless and wired networks."
chair? (Score:1, Funny)
Re: (Score:2, Funny)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Because... (Score:2)
poop-flinging monkeys haven't been enough!
Re: (Score:2)
Huh? (Score:4, Insightful)
Why "mandate" anything? People who want to run a site with encrypted communications CAN run a site with encrypted communications. Come on people! HTTPS.
Pretty much a fluff piece. It seems that the interviewer only had some buzzwords and a vague feeling that something was somehow insecure.
Re:Huh? (Score:5, Insightful)
Re: (Score:3, Informative)
Re: (Score:1)
Re: (Score:2)
I'd say there's a clear winner there. I don't think anyone thought RFC 2817 through. It suggests (though does not require) sending the initial request in plaintext (ugh), and there's no good mechanism to advertise the server support without penalty on first hit to a https URL (i.e., advertise in the URL or DNS records). Since no existing serve
Re: (Score:2)
What certificate problem? They they cost money?
You have to be able to prove you are not the man in the middle. Otherwise encryption doesn't mean much.
Re: (Score:2)
Theres a project right now for openly available certificates, they are free but you have to prove you own the domain you want a cert for, and of course the CA root has to be in browsers and it isnt right now (though will be soon).
Re: (Score:2)
Re: (Score:2)
Why mandate it? (Score:2)
Is your certificate current?
Do you have enough entropy?
etc
We already have it available. Without the mandate. Go to your bank's website and look for the HTTPS. Most other sites (like
Re:Huh? (Score:4, Informative)
TLS is the successor to SSL but that is not the reason that the spec came about. The MD5 compromise came after the work was already started.
The work started when Microsoft sumbitted their Transport Layer Security protocol to the IETF as a standards proposal. Up to that point Netscape had attempted to keep SSL as a proprietary specification under their control. Which was not too popular with those of us who had broken SSL 1.0 without any difficulty and then been completely ignored in the design of SSL 2.0, which was also botched.
Sometime after the group began to start up Netscape came out with SSL 3.0 which had been extensively reworked by Paul Kocher and Netscape offered to release change control to the IETF. Microsoft agreed since that is all they had actually wanted all along. The only thing that was really changed in the end was the name and the ciphersuite options.
BTW its not surprising that Russ thinks security is the major challenge, he was until recently the security area director. Before that he was chair of the S/MIME working group.
hokey security? (Score:1)
In related news (Score:1, Funny)
Re: (Score:2)
Security Top Concern for IETF chair? (Score:3, Funny)
Re: (Score:1, Funny)
Steve B. had one, but I heard he threw it away.
IPv6 (Score:1)
Re: (Score:2)
Re: (Score:1)
Are you saying that you want every device on the entire internet to be able to speak to your system directly, without hindrance, by default?
You want everyone else's systems to be able to be contacted, directly, without hindrance, by default?
You do realize that the internet used to be like that, right? Do you remember what happened as a result? Do you know why firewalls were invented in the first place?
Re: (Score:2)
The best of Verisign AND the NSA!! (Score:1, Insightful)
What could go wrong here?
Bingo (Score:2)
At this point in the game, it's assumed all traffic is being monitored through the Telco's. http://www.salon.com/news/feature/2006/06/21/att_n sa/index_np.html [salon.com]
Having an NSA friendly agent running the IETF will make their jobs much easier. I boldly predict next to nothing will be done publicly by this guy. I have a feeling he will be **very** busy not as chair, but as an NSA rep who just
Obscure groups' acronyms (Score:1)
Re: (Score:2)
Rekeying security protocols when handover mobile devices from one AP or BS to another takes time and disrupts communications. So fix it. That's what HOKEY does.
HTTP security problems (Score:2)
http://www3.ietf.org/proceedings/07jul/slides/http bis-2.ppt [ietf.org] - Chair's Slides
http://www3.ietf.org/proceedings/07jul/slides/http bis-1.pdf [ietf.org] - Cookies & Caching
http://www3.ietf.org/proceedings/07jul/slides/http bis-0.pdf [ietf.org] - Etags
The "Chair's slides" basically deal with HTTP Auth issues. Take a look - the presentations were rather interesting, altough it seemed at the time that a WG may not be formed out of these.
Re: (Score:2)
Pfff... (Score:1)
Re: (Score:1)
Security Top Concern for New IETF Chair (Score:3, Funny)
It suddenly collapses when sat on?
Please stop with the cutesy names! (Score:3, Interesting)
Hokey?
Hokey?
I don't know about the rest of the world, but here in the US "hokey" is used to refer to something artificial, contrived, fake. I certainly don't want to trust the security of my systems to something that's contrived.
Geez, more proof that intelligence and common sense aren't necessarily bed partners...
IPv6 and IPsec (Score:3, Informative)
IPsec works over IPv4. IPv4 works without IPsec. I haven't found anyone (yet) that has gotten IPsec over IPv6 (I'm not talking about IPv6 tunneled over IPsec protected IPv4) to actually work on Linux or BSD. Surely someone has. But Google turns up a number of reports of problems that go unresolved and unanswered (except in one case people reporting they also cannot get it to work). I've only been spending a couple weeks trying to get it to at least establish a security association between 2 machines.
Which protocol to scrap and start over? Or is it just bad implementation? If we can at least get this working, IPv6 might be considered ready to go.
Rough consensus, and running code. (Score:2)
Just as the Linux community seems to have learned nothing from the way the tower of babel effect hamstrung unix, so it seems that
What else did you expect? (Score:1)