Re: Security Survey for wgchairs from IAB

[Rohan Mahy <rohan@cisco.com>]

Hi,

It may be useful for you to include URIs as an identifier for users and 
remote endpoints in your survey. I suspect you are trying to avoid 
"Other".

thanks,
-rohan


On Thursday, July 10, 2003, at 07:39 PM, 
Charlie_Kaufman@notesdev.ibm.com wrote:

> First let me apologize for sending this during the crunch before an 
> IETF meeting. If you don't manage to respond immediately, that's OK; 
> I'll bug you again. Possibly even in person.
>
> Jim Kempf and I were tasked with doing a survey of IETF working groups 
> to find out whether and how they are using the security mechanisms 
> coming out of the security area. The goal is to figure out whether the 
> right tools are being made available and whether how to use them is 
> being communicated. This first attempt at a survey form is designed to 
> be easy to fill out - particularly for working groups for which 
> security is not particularly relevant - so we can figure out who we 
> need to follow up with with more detailed questions.  While we would 
> encourage people to tell us as much as they feel is useful, a quick 
> and incomplete response would be helpful as well.
>
> The questions are still being debugged. Some may make no sense in some 
> contexts. Feel free to flame us about that. Your working group may be 
> working on sufficiently diverse things that it makes more sense to 
> respond separately for different work areas. If so, feel free. We 
> assume that specs talk about some representation of data and some 
> "remote" source and/or sink of that data. Not all do. Bear with us.
>
> Please send responses to ckaufman@us.ibm.com and 
> kempf@docomolabs-usa.com
>
> Thanks for your help!
>
> 1) Identification and Authentication: If the technology of this WG has 
> a concept of things it talks to or about, how are they named and 
> authenticated?
>
> Identification of users or administrators by: text string(  ); DNS 
> name(  ); rfc822 name(  ); UID(  ); CN(  ): DN(  ); Other (  )
> Identification of remote endpoints by: text string(  ); DNS name(  ); 
> IP address(  ); Link layer address(  );
>               rfc822 name(  ); UID(  ); OID(  ); Other(  )
> Identification of data in a hierarchy by: text string(  ); SNMP(  ); 
> UID(  ); OID(  ); Other(  )
>
> Authentication of users or administrators using passwords(  ); 
> reference to other specs(   ); cryptographic algorithms(   ); Other( 
>  );
>      What other specs:
>      What cryptographic algorithms:
>
> Authentication of remote endpoints using passwords(   ); IP addresses( 
>   ); Link Layer addresses(  );
>               reference to other specs(   ); cryptographic algorithms( 
>   ); Other(  )
>    What other specs:
>    What cryptographic algorithms:
>
> 2) Protecting data while being transferred and/or stored:
>
> Protecting data by passing it over SSL and/or TLS (   )
> Protecting data by passing it over IPsec (   )
> Protecting data by encoding it with PKCS-7 / CMS / S/MIME (   )
> Protecting data using XML Signing and/or Encryption (   )
> Protecting data defined by referencing other specs (   )
> Protecting data with other cryptographic mechanisms (   )
>
> 3) Provisioning/Configuration of security information (keys, user 
> names, system names)
>      By unspecified out of band mechanism (   )
>      Referencing another spec (   ) Which?
>      Specifies a protocol for doing this (   )