---------- Forwarded message ---------- Date: Mon, 15 Aug 2011 17:19:56 -0400 From: "Novikov, Lev" <lnovikov@mitre.org> Reply-To: Crypto discussion list <cryptography@randombit.net> To: "CICM Discussion List (cicm@ietf.org)" <cicm@ietf.org> Cc: "cryptography@randombit.net" <cryptography@randombit.net> Subject: [cryptography] CICM Scope (Cross-posted on the Cryptography mailing list at randombit.net) I've been doing a bit of reading based on the comments we've received. The results of the BOF at IETF 81 suggested we should broaden our scope and discuss the impact of the CICM Model, particularly Security Domain Separation, on (2 or more) existing IETF protocols. Here are the suggestions we've heard to-date (in no particular order): * IPsec (suggested by almost everyone) * TLS (via Paul Hoffman, David McGrew) * AEAD (in RFC 5116; via David McGrew) * VPN establishment crypto protocols (via Alfonso De Gregorio) * Domain Security Services (as in RFC 3183; via Alfonso De Gregorio) ** Alfonso: Can you elaborate on which protocols you had in mind regarding VPN? It seems clear that, at the very least, we should look at IPsec. Perhaps first, however, we should put together a crisper version of draft-lanz-cicm-lm "CICM Logical Model" which we can then use as the basis for analysis to address questions like: (via David McGrew) * What benefit does the CICM model provide in cases where there isn't a strict separation between security domains? * How can the CICM model operate if only one of the communicating parties uses the model? * What is the impact of having queues between plaintext and ciphertext on: - latency - jitter - retransmission timers - TCP startup time - bufferbloat * What is the impact of not providing return codes to a secure-side application sending a packet? What about "no route to host" and MTUs? * Regarding applying the CICM model to IPsec: - How would it map onto the IPsec Security Association Database? - Where do the different parts of the IPsec architecture reside? - How is information that needs to cross domains (e.g., TOS byte) handled? - How is ICMP handled? At a higher level, we could also address questions such as: * How can we further push responsibility for performing cryptography correctly into the crypto (e.g., being responsible for initialization vectors)? (via David McGrew) * How can we improve integrity guarantees between security domains or among system-level components? (via Alfonso De Gregorio) * How can we improve the practice of transmitting and storing data at mixed levels of sensitivity? (via Joe Mitola) Other ideas / questions? Are there other people / WGs we should get involved? Lev _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography