Security Use Requirements

To: ips@ece.cmu.edu
Subject: Security Use Requirements
From: Black_David@emc.com
Date: Mon, 5 Feb 2001 15:53:30 -0500
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu

In Orlando, I picked up an action item to determine what
the requirements are for *use* of security features,
as opposed to requirements for *implementation*.  I
believe the answer to be that it is acceptable to
specify security measures weaker than those one would
want to use in full generality on a public network,
where "weaker" includes no security.

There are two important caveats that apply:
- Security of the negotiation mechanism becomes
	very important when this is done, as there's
	an obvious man-in-the-middle attack on the
	negotiation mechanism to get the endpoints
	to negotiate weaker security than they intended.
- The weaker security mechanisms need to be documented
	in terms of their security properties (and lack
	thereof), as well as environments in which they
	are appropriate.  The "Security Considerations"
	section of RFC 2338 (VRRP) has been recommended
	as a good example of this.

--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Follow-Ups:
- RE: Security Use Requirements
  - From: "Bernard Aboba" <aboba@internaut.com>

Prev by Date: RE: iSCSI Data Integrity - Digests
Next by Date: RE: iSCSI Data Integrity - Digests
Prev by thread: RE: iSCSI : Abort Task "connection allegiance"
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:35 2001
6315 messages in chronological order