Protocol Action: 'HMAC SHA TSIG Algorithm Identifiers' to Proposed Standard

2006-03-09 Thread The IESG 
The IESG has approved the following document:

- 'HMAC SHA TSIG Algorithm Identifiers '
as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-tsig-sha-06.txt

Technical Summary
 
   Use of the Domain Name System TSIG resource record requires
   specification of a cryptographic message authentication code.
   Currently identifiers have been specified only for the HMAC MD5
   (Message Digest) and GSS (Generic Security Service) TSIG algorithms.
   This document standardizes identifiers and implementation
   requirements for additional HMAC SHA (Secure Hash Algorithm) TSIG
   algorithms and standardizes how to specify and handle the truncation
   of HMAC values in TSIG.
 
Working Group Summary
 
   This document was produced by the DNSEXT WG.  The Wg has consesnsus 
   to publish this document as a Proposed Standard.
 
Protocol Quality
 
   This document was reviewed for the IESG by Margaret Wasserman.
   Elwyn Davies performede a very helpful review of this document 
   during IETF LC.


___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

Protocol Action: 'Foreign Agent Error Extension for Mobile IPv4' to Proposed Standard

2006-03-09 Thread The IESG 
The IESG has approved the following document:

- 'Foreign Agent Error Extension for Mobile IPv4 '
as a Proposed Standard

This document is the product of the Mobility for IPv4 Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-mip4-faerr-02.txt

Technical Summary
 
   This document specifies a new extension for use by Foreign Agents
   operating Mobile IP for IPv4.  Currently, a foreign agent cannot
   supply status information without destroying the ability for a mobile
   node to verify authentication data supplied by the home agent.  The
   new extension solves this problem by making a better place for the
   foreign agent to provide its status information to the mobile node.
 
Working Group Summary
 
This document was produced by the MIP4 WG.  The WG has consensus to 
publish this document as a Proposed Standard.
 
Protocol Quality
 
This document was reviewed for the IESG by Margaret Wasserman.


___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

Document Action: 'NEMO Home Network models' to Informational RFC

2006-03-09 Thread The IESG 
The IESG has approved the following document:

- 'NEMO Home Network models '
as an Informational RFC

This document is the product of the Network Mobility Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-nemo-home-network-models-06.txt

Technical Summary
 
   This paper documents some usage patterns and the associated issues
   when deploying a Home Network for NEMO-enabled Mobile Routers,
   conforming the NEMO Basic Support draft [8].  The aim here is
   specifically to provide some examples of organization of the Home
   Network, as they were discussed in NEMO related mailing lists.
 
Working Group Summary
 
   This document is a product of the NEMO WG.  The WG has consensus
   to publish this document as an Informational RFC.
 
Protocol Quality
 
   This document was reviewed for the IESG by Margaret Wasserman.


___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

WG Review: Recharter of Security Issues in Network Event Logging (syslog)

2006-03-09 Thread IESG Secretary 
A modified charter has been submitted for the Security Issues in Network Event
Logging (syslog)working group in the Security Area of the IETF.  
The IESG has not made any determination as yet. The modified charter is provided
below for informational purposes only. Please send your comments to the IESG
mailing list (iesg@ietf.org) by March 15th.

The IESG solicits feedback from those considering implementing or deploying
syslog on the following charter. In particular, the concern has been raised that
insufficient vendors will implement a new syslog protocol and insufficient
operators will deploy it. The IESG requests those who support this effort to
explicitly indicate their support.
If significant community support is not indicated, this work will not be
chartered.

+++

Security Issues in Network Event Logging (syslog) 


Current Status: Active Working Group

Chair(s):
Chris Lonvick <[EMAIL PROTECTED]>

Security Area Director(s):
Russ Housley <[EMAIL PROTECTED]>
Sam Hartman <[EMAIL PROTECTED]>

Security Area Advisor:
Sam Hartman <[EMAIL PROTECTED]>

Mailing Lists:

General Discussion: [EMAIL PROTECTED]
To Subscribe: [EMAIL PROTECTED]
In Body: in body: (un)subscribe
Archive: ftp://ftp.ietf.org/ietf-mail-archive/syslog/

Description of Working Group:

Syslog is a de-facto standard for logging system events. However, the protocol
component of this event logging system has not been formally documented. While
the protocol has been very useful and scalable, it has some known security
problems which were documented in the INFORMATIONAL RFC 3164.

The goal of this working group is to address the security and integrity
problems, and to standardize the syslog protocol, transport, and a select set of
mechanisms in a manner that considers the ease of migration between and the
co-existence of existing versions and the standard.

Reviews have shown that there are very few similarities between the message
formats generated by heterogeneous systems. In fact, the only consistent
commonality between messages is that all of them contain the  at the start.
Additional testing has shown that as long as the  is present in a syslog
message, all tested receivers will accept any generated message as a valid
syslog message. In designing a standard syslog message format, this Working
Group will retain the  at the start of the message and will introduce
protocol versioning. Along these same lines, many different charsets have been
used in syslog messages observed in the wild but no indication of the charset
has been given in any message. The Working Group also feels that multiple
charsets will not be beneficial to the community; much code would be needed to
distinguish and interpret different charsets.
For compatibility with existing implementations, the Working Group will allow
that messages may still be sent that do not indicate the charset used.
However, the Working Group will recommend that messages contain a way to
identify the charset used for the message, and will also recommend a single
default charset.

syslog has traditionally been transported over UDP and this WG has already
defined RFC 3195 for the reliable transport for the syslog messages. The WG will
separate the UDP transport from the protocol so that others may define
additional transports in the future.

The threats that this WG will primarily address are modification, disclosure,
and masquerading. A secondary threat is message stream modification. Threats
that will not be addressed by this WG are DoS and traffic analysis. The primary
attacks may be thwarted by a secure transport. However, it must be remembered
that a great deal of the success of syslog has been attributed to its ease of
implementation and relatively low maintenance level. The Working Group will
consider those factors, as well as current implementations, when deciding upon a
secure transport. The secondary threat of message stream modification can be
addressed by a mechanism that will verify the end-to-end integrity and sequence
of messages. The Working Group feels that these aspects may be addressed by a
dissociated signature upon sent messages.

- A document will be produced that describes a standardized syslog protocol.
A mechanism will also be defined in this document that will provide a means to
convey structured data.

- A document will be produced that describes a standardized UDP transport for
syslog.

- A document will be produced that requires a secure transport for the delivery
of syslog messages.

- A document will be produced to describe the MIB for syslog entities.

- A document will be produced that describes a standardized mechanism to sign
syslog messages to provide integrity checking and source authentication.


Milestones:

Nov 2006 Submit Syslog Protocol to the IESG for consideration as a PROPOSED
STANDARD.
Nov 2006 Submit Syslog UDP Transport Mapping to the IESG for consideration as a
PROPOSED STANDARD.
Nov 2006 Submit Syslog TLS Transport Map

List of accepted nominations for IETF appointment to ISOC BoT

2006-03-09 Thread Leslie Daigle 
The procedure used by the Internet Architecture Board to select an
individual to serve a three year term as a Trustee of the Internet
Society is documented in RFC3677.

The individuals who have accepted a nomination to be a candidate in this
process this year are:

Margaret Wasserman
Patrik Faltstrom
John Klensin
Avri Doria 
Jordi Palet Martinez


Comments on these candidates may be submitted to the IAB until April 1.

The IAB will make a selection by April 5, 2006, and pass this 
selection to the Internet Engineering Steering Group for confirmation. 

Leslie,
for the IAB.

___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce