[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUSTs

To: James Carlson <james.d.carlson@sun.com>
Subject: Re: MUSTs
From: ericb@digitaljunkyard.net
Date: 04 Aug 2003 13:41:35 +0000
Cc: opsec@ops.ietf.org
In-reply-to: <16174.18821.788946.765431@gargle.gargle.HOWL>
References: <200308031807.h73I7d8Q014437@thunk.east.sun.com><gu97k5upm6r.fsf@rivendell.digitaljunkyard.net><16174.18821.788946.765431@gargle.gargle.HOWL>
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)

 "jc" == James Carlson <james.d.carlson@sun.com> writes:

bs> This particular variance from the spec isn't a security problem, is it?

>> Sure it is.  It prevents authorized people from determining the
>> configuration of the device by scanning.  Or something like that.

jc> That sounds like it could be called a feature rather than a bug.  ;-}

"Authorized"...  Anyway, it's besides the point...

jc> If the applicable RFCs already say MUST/SHOULD/MAY in all the right
jc> places, then what benefit is gained by having this document
jc> *duplicate* those -- saying, in effect, "yes, you really had to do
jc> that?"

But we're not duplicating them, we're referring to them.  These RFCs
say "To be an Internet Router you {MUST|SHOULD|MAY} do ..."  We're
saying "To be a secure Internet component, you must do what they say."

We're making compliant, standards based behavior an explicit security
requirement.

jc> And if the documents don't say MUST/SHOULD/MAY in all the right
jc> places, what benefit is gained by declaring implementations that get
jc> it right anyway (despite old spec errors) to be "non-conformant" with
jc> this new document?

That's the crux of the problem.  Perhaps, since this is an IETF
document, it should assume the correctness of other IETF docs?  This
document cannot be the standard for everything.  It has to call out to
appropriate standards for things that it relys upon, but does not
internally specify.  

We have to have a set of standards that we refer to and rely upon as
being correct.  Otherwise, any new standards that we produce are built
upon a poor foundation, and likewise cannot be relied upon.

jc> It seems to me that the underlying assumption here is that this
jc> document becomes the single "pass this one special test and you're
jc> Accepted as an Approved Internet Device" mechanism for multiple
jc> markets.  Is this an achievable goal?

"Secure(able?) Internet Device".  Doesn't mean that it passes packets,
makes customers or providers happy, just security engineers.

ericb

References:
- Re: MUSTs
  - From: ericb@digitaljunkyard.net
- Re: MUSTs
  - From: James Carlson <james.d.carlson@sun.com>

Prev by Date: Re: MUSTs
Next by Date: Re: MUSTs/contextualizing
Previous by thread: Re: MUSTs
Next by thread: Re: MUSTs/contextualizing
Index(es):
- Date
- Thread