headers
Russ Housley | 7 Dec 2004 23:09

Minutes from SAAG session at IETF 61

Security Area Advisory Group (SAAG)
IETF 61, Washington, DC
Minutes compiled by Paul Hoffman and Russ Housley

Introduction

   Russ Housley introduced the incoming AD: Sam Hartman.  Steve Bellovin
   recently stepped down, and Sam is replacing him.

   Russ will be the shepherd for the following working groups:

	enroll
	ipsec
	ipsp
	ltans
	mobike
	msec
	pki4ipsec
	pkix
	smime
	tls

   Sam will be the shepherd for the following working groups:

	idwg
	inch
	isms
	kink
	kitten
	krb-wg
(Continue reading)

Permalink | Reply | 2 comments |
headers
Sam Hartman | 8 Dec 2004 11:00
Picon
Favicon

Re: Minutes from SAAG session at IETF 61


I'd recommend adding to the section discussing open mic:

Several people discussed requirements of security mechanisms to
achieve positive deployment experience.  There seemed to be general
agreement among participants in the discussion that security protocols
that can fit into whatever existing credential infrastructures are
available have had better deployment experience than protocols that
require a new credential infrastructure.  Participants also agreed
that it is desirable to create security protocols that can work with a
variety of credential infrastructures.  However, there are some environments,
like the global DNS, where a single solution is required.
Permalink | Reply | 1 comment |
headers
Jeff Williams | 9 Dec 2004 05:17
Picon

Re: Minutes from SAAG session at IETF 61

Sam and all,

  Why does the global DNS as you put it, require a single solution?
In fact as the DNS changes, and/or evolves and grows, it would seem
illogical that a single solution, or one size fits all, would be workable
and/or viable..

  A protocol interface, that could interface or support multiple
security protocols would be a much more flexible and logical
approach as to addressing the global DNS as it evolves/changes...

Sam Hartman wrote:

> I'd recommend adding to the section discussing open mic:
>
> Several people discussed requirements of security mechanisms to
> achieve positive deployment experience.  There seemed to be general
> agreement among participants in the discussion that security protocols
> that can fit into whatever existing credential infrastructures are
> available have had better deployment experience than protocols that
> require a new credential infrastructure.  Participants also agreed
> that it is desirable to create security protocols that can work with a
> variety of credential infrastructures.  However, there are some environments,
> like the global DNS, where a single solution is required.
> _______________________________________________
> saag mailing list
> saag <at> mit.edu
> https://jis.mit.edu/mailman/listinfo/saag

Regards,
(Continue reading)

Permalink | Reply | 0 comments |

Gmane