Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Top Concern for New IETF Chair

Posted by CowboyNeal on from the into-the-hot-seat dept.

BobB writes "New IETF chair Russ Housley speaks out about bolting security on after the fact, the prospects for IPv6 and a new security technology called Hokey that could help safeguard wireless and wired networks."

9 of 54 comments (clear)

  1. Re:chair? by Anonymous Coward · · Score: 2, Funny

    How about throwability? You never now when you have to fucking kill somebody.

  2. Huh? by khasim · · Score: 3, Insightful

    Do IETF participants have the will to go back and fix insecure parts of the Internet? For example, everyone knows about the lack of security in HTTP, but there seems little will within the IETF to fix the HTTP authentication problem.

    That's because in the case of HTTP, and I suspect in many others, there's little agreement about what's the most important security feature to add. When you say that we'll just fix the most egregious things, then you get into an argument about where to draw the line. In the case of HTTP, the biggest concern is authentication and that is primarily solved by [Transport Layer Security]. Why not mandate TLS? That's a very good question.

    Why "mandate" anything? People who want to run a site with encrypted communications CAN run a site with encrypted communications. Come on people! HTTPS.

    Pretty much a fluff piece. It seems that the interviewer only had some buzzwords and a vague feeling that something was somehow insecure.
    1. Re:Huh? by caluml · · Score: 4, Insightful

      I think a large part of why more people don't use HTTPS is because a:, the certificate problem, and b:, the fact you can't use named based virtual hosts if you do.

      --
      Get your own free personal location tracker
    2. Re:Huh? by TheRaven64 · · Score: 2, Informative

      the fact you can't use named based virtual hosts if you do. By the way, there is an RFC describing a STARTTLS-like extension for HTTP. You first connect, then you specify the hostname of the server you want, and complete the TLS handshake. This is the same system used for XMPP, SMTP, and IMAP for virtual hosts.
      --
      I am TheRaven on Soylent News
    3. Re:Huh? by Zeinfeld · · Score: 3, Informative
      Actually he *is* talking about HTTPS, TLS is the successor to SSL it came about because the MD5 & SHA-1 algorithms have been "technically" compromised.

      TLS is the successor to SSL but that is not the reason that the spec came about. The MD5 compromise came after the work was already started.

      The work started when Microsoft sumbitted their Transport Layer Security protocol to the IETF as a standards proposal. Up to that point Netscape had attempted to keep SSL as a proprietary specification under their control. Which was not too popular with those of us who had broken SSL 1.0 without any difficulty and then been completely ignored in the design of SSL 2.0, which was also botched.

      Sometime after the group began to start up Netscape came out with SSL 3.0 which had been extensively reworked by Paul Kocher and Netscape offered to release change control to the IETF. Microsoft agreed since that is all they had actually wanted all along. The only thing that was really changed in the end was the name and the ciphersuite options.

      BTW its not surprising that Russ thinks security is the major challenge, he was until recently the security area director. Before that he was chair of the S/MIME working group.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  3. Security Top Concern for IETF chair? by Graywolf · · Score: 3, Funny

    Where can I get one of these secure chairs?

  4. Security Top Concern for New IETF Chair by caluml · · Score: 2, Funny

    Security Top Concern for New IETF Chair

    It suddenly collapses when sat on?

    --
    Get your own free personal location tracker
  5. Please stop with the cutesy names! by pongo000 · · Score: 2, Interesting

    Gimp...Pidgin...and now...

    Hokey?

    Hokey?

    I don't know about the rest of the world, but here in the US "hokey" is used to refer to something artificial, contrived, fake. I certainly don't want to trust the security of my systems to something that's contrived.

    Geez, more proof that intelligence and common sense aren't necessarily bed partners...

  6. IPv6 and IPsec by Skapare · · Score: 2, Informative

    IPsec works over IPv4. IPv4 works without IPsec. I haven't found anyone (yet) that has gotten IPsec over IPv6 (I'm not talking about IPv6 tunneled over IPsec protected IPv4) to actually work on Linux or BSD. Surely someone has. But Google turns up a number of reports of problems that go unresolved and unanswered (except in one case people reporting they also cannot get it to work). I've only been spending a couple weeks trying to get it to at least establish a security association between 2 machines.

    Which protocol to scrap and start over? Or is it just bad implementation? If we can at least get this working, IPv6 might be considered ready to go.

    --
    now we need to go OSS in diesel cars