On 25 mrt 2008, at 16:10, Dan Wing wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing protection?
Looks like this is mostly similar to IPsec except that the port
At Wed, 26 Mar 2008 13:25:20 +0100,
Iljitsch van Beijnum wrote:
On 25 mrt 2008, at 16:10, Dan Wing wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on will do order 10^6
HMAC-MD5s/second on 64-byte packets. So, to consume all my
resources would require order 10^8 bits per second,
At Wed, 26 Mar 2008 15:01:21 +0100,
Iljitsch van Beijnum wrote:
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on will do order 10^6
HMAC-MD5s/second on 64-byte packets. So, to
At Wed, 26 Mar 2008 07:32:41 -0700,
Eric Rescorla wrote:
At Wed, 26 Mar 2008 15:01:21 +0100,
Iljitsch van Beijnum wrote:
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on
would make it
incumbent on us to fix the same problems in our protocols.
-Original Message-
From: Patrik Fältström [mailto:[EMAIL PROTECTED]
Sent: Mon 24/03/2008 10:30 PM
To: Hallam-Baker, Phillip
Cc: Russ Housley; IETF Discussion
Subject: Re: Write an RFC Was: experiments in the ietf
Phillip does have a point regarding 802.1x authentication, which is
typically used to authenticate the user to the service, and not vice
versa. Conceivably a person could set up an evil access point that
advertises the same beacon as the official access points, and has
802.1x enabled to accept the
On 24 mrt 2008, at 18:58, Jari Arkko wrote:
Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip
: Re: Write an RFC Was: experiments in the ietf week
Phillip does have a point regarding 802.1x authentication, which is
typically used to authenticate the user to the service, and not vice
versa. Conceivably a person could set up an evil access point that
advertises the same beacon as the official
Iljitsch van Beijnum wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing protection?
-d
___
IETF mailing list
On 24 mrt 2008, at 18:58, Jari Arkko wrote:
Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip
At Mon, 24 Mar 2008 15:17:56 +0100,
Iljitsch van Beijnum wrote:
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
SSL is vulnerable to more
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
SSL is vulnerable to more attacks than IPsec and IPsec is more general
than SSL. As such it would be
On 16 mrt 2008, at 21:42, Henrik Levkowetz wrote:
... Nearly all IETF mailinglists are still hosted on IPv4-only
servers, to name just one issue.
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
(The numbers I have for
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
(The numbers I have for active WGs are that 90 out of 120 lists
are hosted on ietf.org). I can't really reconcile that with
your statement above. Could you expand on your
On 24 Mar 2008, at 11:18 , Marc Manthey wrote:
hello ipv6 peoples, sorry for crossposting
how can i use ipv6 from my machine ?
using leopard 10.5.2. mail ?
my endpoint is 2001:6f8:1051:0:20d:93ff:fe79:f1e
thought its automatic :-P
I think you just need to make sure that the servers
10:17 AM
To: Eric Rescorla
Cc: Mark Andrews; Jari Arkko; IETF Discussion; Kurt Erik Lindqvist
Subject: Re: experiments in the ietf week
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would
Enough, already.
If we are going to have experiments in IETF week then lets do the thing right
and have a process. In particular -
Proposer MUST write an Internet Draft prior to the experiment stating:
1) Purpose - the information to be obtained
2) Method - what it to be done
3) Resources
Phillip, Iljitsch,
If you beleive that there is an attack that SSL is vulnerable to you
should bring it up in TLS.
I think Iljitsch meant that TLS cannot protect against TCP
vulnerabilities, such as spoofed connection resets. This is obviously
well known.
The upside of TLS has of course been
Phillip,
write an Internet Draft prior to the experiment,
+1
*IPv6 Next Steps*
The Philadelphia IPv6 outage tested one specific aspect of the
transition - is there an IPv6 network on the other side to connect to
in due course, is it possible to run a pure IPv6 network?
I think that
Phillip:
Have you tried the SSID at the IETF meetings that is configured to make
use of 802.1x?
Russ
At 01:49 PM 3/24/2008, Hallam-Baker, Phillip wrote:
Secure WiFi Connection
I would like to see some demonstration of the fact that the default WiFi
configuration on all existing platforms
Well I would submit that there is a major problem there on the security
usability front.
Don't make me think. My tolerance for network configuration is vastly greater
than the typical user.
This has to all just work, just like my Apple Mac did on the home network the
day I bought it. Not
. I have no trust anchor.
-Original Message-
From: Russ Housley [mailto:[EMAIL PROTECTED]
Sent: Mon 24/03/2008 3:22 PM
To: Hallam-Baker, Phillip
Cc: IETF Discussion
Subject: Re: Write an RFC Was: experiments in the ietf week
Phillip:
Have you tried the SSID at the IETF meetings
On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote:
I am willing to have a go at it next time round but only if I have
some idea what I am expected to have on my machine and what
authentication indicata I am to expect.
As it stands there is no way for me to evaluate an authentic or
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does
At Wed, 19 Mar 2008 22:59:52 +1100,
Mark Andrews wrote:
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC
Eric,
I was referring to Iljitsch's suggestion about SSL and IPsec, not
the suggestion about DNSSEC.
Yes. FWIW, I don't think that would be interesting. DNSSEC experiments
by itself might be interesting, particularly if they could be combined
with some movement in getting the root signed.
Hi Jari,
we have already started todo the same with other protocols in GEOPRIV. See
http://www.ietf.org/mail-archive/web/geopriv/current/msg05453.html
http://www.ietf.org/mail-archive/web/geopriv/current/msg05468.html
http://www.ietf.org/mail-archive/web/geopriv/current/msg05472.html
Ciao
Hannes
Yes, that's excellent. In particular, I like your approach of making
things available for the IETF crowd, delivered by the folks who are also
delivering the standards.
Jari
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
A more interesting experiment would be to do away
Hi Iljitsch,
On 2008-03-16 19:44 Iljitsch van Beijnum said the following:
... Nearly all IETF mailinglists are still hosted on IPv4-only
servers, to name just one issue.
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
Yes. It is also useful in its own
Jari:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
Six or seven years ago we had a big discussion regarding the
language(s) to be used in the IETF. Harald was IETF Chair when this
discussion took place, and he declared the consensus to be
On 14 mar 2008, at 13.01, Jari Arkko wrote:
We should also implement future IPv6 experiments and network
deployments.
But why I'm really sending this e-mail is to suggest that IPv6 might
not
be the only topic for such future efforts. Here's a challenge for the
RAI folks: What about
On 2008-03-16 02:09, Russ Housley wrote:
Jari:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
Six or seven years ago we had a big discussion regarding the
language(s) to be used in the IETF. Harald was IETF Chair when this
discussion
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
On Mar 14, 2008, at 8:01 AM, Jari Arkko wrote:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
It's doable, no doubt. The next question is whether this is actually
smart.
The Finnish character set is something I can deal with, although my
Fred Baker wrote:
On Mar 14, 2008, at 8:01 AM, Jari Arkko wrote:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
It's doable, no doubt. The next question is whether this is actually
smart.
The Finnish character set is something I can
As some of you might have noticed, some GEOPRIV participants ran a small
experiment, using the IETF network as a base for location-based
services. We had a few folks try it, and learned a lot, but three main
things:
1. Interworking with the IETF NOC was really pleasant (Thanks, guys!)
2.
40 matches
Mail list logo
