[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

intersec BOF

To: iab@ietf.org
Subject: intersec BOF
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Sat, 22 Mar 2003 03:34:17 +0900
Cc: iesg@ietf.org

	summary: classic problem, end-to-end encryption versus intermediate
	box which would like to tweak/peep traffic.  there's no good solution,
	but that's life.
	(i'm a firm believer of end-to-end principle and middleboxes, so i'm
	very biased)

itojun


------- Forwarded Message

To: wide@wide.ad.jp
Subject: [IETF56] intersec
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Sat, 22 Mar 2003 03:32:49 +0900
Sender: itojun@itojun.org

kind of "transport area and security area joint BOF"


presentation 1 (thomas)

intermediary-based transport services, and performance enhancement mechanisms
TCP performance enhancement proxy (PEP)
	need port #, tcp seq #
	IPsec will prevent PEP

header compression
	access/modify header
	IPsec will block it

network-based packet filtering
	limit # of packet onto wireless -> mobile node
	with IPsec packet cannot be identified


what kind of trust relationship exists between end systems and intermediary

security goals
	packet data which is not needed by intermediary service should be kept
	secure (protected end-to-end)


there are solutions like TLS, sRTP, ...  i don't think there's problem

speaker: don't we need a general solution?

there's no problem.  no need for intermediary.  don't break e-2-e.

is intermediary trustworty?

what is your threat model?
there's no general solution to this.

you're enabling service provider/intermediary to do bad thing on you

beauty of ipsec is that it is independent from application.

needed for satellite setup.

maybe we need another try to express the problem.


presentation 2 (sally)


presentation 3
relationship w/ opes

proxy-based application extensions
protocols for proxy to application communication
opt-in, tracing, privacy considerations
rule language for vectoring
allows heavy application data rewrites, and stuff
...


next steps
formulate problem and framework clearly
work on mailing list

------- End of Forwarded Message

Prev by Date: Re: gui ascii art
Next by Date: Re: interim meetings
Previous by thread: gui ascii art
Next by thread: Re: intersec BOF
Index(es):
- Date
- Thread