[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security Survey for wgchairs from IAB
First let me apologize for sending this
during the crunch before an IETF meeting. If you don't manage to respond
immediately, that's OK; I'll bug you again. Possibly even in person.
Jim Kempf and I were tasked with doing
a survey of IETF working groups to find out whether and how they are using
the security mechanisms coming out of the security area. The goal is to
figure out whether the right tools are being made available and whether
how to use them is being communicated. This first attempt at a survey form
is designed to be easy to fill out - particularly for working groups for
which security is not particularly relevant - so we can figure out who
we need to follow up with with more detailed questions. While we
would encourage people to tell us as much as they feel is useful, a quick
and incomplete response would be helpful as well.
The questions are still being debugged.
Some may make no sense in some contexts. Feel free to flame us about that.
Your working group may be working on sufficiently diverse things that it
makes more sense to respond separately for different work areas. If so,
feel free. We assume that specs talk about some representation of data
and some "remote" source and/or sink of that data. Not all do.
Bear with us.
Please send responses to ckaufman@us.ibm.com
and kempf@docomolabs-usa.com
Thanks for your help!
1) Identification and Authentication:
If the technology of this WG has a concept of things it talks to or about,
how are they named and authenticated?
Identification of users or administrators
by: text string( ); DNS name( ); rfc822 name( ); UID(
); CN( ): DN( ); Other ( )
Identification of remote endpoints by:
text string( ); DNS name( ); IP address( ); Link layer
address( );
rfc822 name( ); UID( ); OID( ); Other( )
Identification of data in a hierarchy
by: text string( ); SNMP( ); UID( ); OID( ); Other(
)
Authentication of users or administrators
using passwords( ); reference to other specs( ); cryptographic
algorithms( ); Other( );
What other specs:
What cryptographic
algorithms:
Authentication of remote endpoints using
passwords( ); IP addresses( ); Link Layer addresses( );
reference to other specs( ); cryptographic algorithms(
); Other( )
What other specs:
What cryptographic algorithms:
2) Protecting data while being transferred
and/or stored:
Protecting data by passing it over SSL
and/or TLS ( )
Protecting data by passing it over IPsec
( )
Protecting data by encoding it with
PKCS-7 / CMS / S/MIME ( )
Protecting data using XML Signing and/or
Encryption ( )
Protecting data defined by referencing
other specs ( )
Protecting data with other cryptographic
mechanisms ( )
3) Provisioning/Configuration of security
information (keys, user names, system names)
By unspecified out
of band mechanism ( )
Referencing another
spec ( ) Which?
Specifies a protocol
for doing this ( )