Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University

Published byJosephine Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University"— Presentation transcript:

1 IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University sob@harvard.edu

2 IETF sec - 2 Syllibus u IETF security “rules” u security at the IP layer u security above the IP layer u key distribution u applications u summary

3 IETF sec - 3 IETF Security Rules u all RFCs must have a meaningful (in context) Security Considerations section not always the case with old RFCs u most IETF charters say that security must be addressed as a basic issue u security ADs carefully review security issues with documents offered for publication as RFCs u note: “security” includes integrity, confidentiality, privacy, scalability, reliability,...

4 IETF sec - 4 IETF Security Rules, contd. u most applications must have a mandatory-to- implement security option can negotiate alternatives u working group can not assume that the technology will be only used in a confined environment e.g., IP storage - not just the glass house anymore u authentication & confidentially must be addressed u can not overload TCP port 80 can not piggyback on the web getting through a firewall by the way RFC 3093 is a joke

5 IETF sec - 5 Security at the IP Layer u IPsec IETF packet-level authentication & encryption u best implemented in OS Kernel u can provide protection to all applications can live under legacy applications u mostly used in VPN applications and between firewall products

6 IETF sec - 6 Security above Transport u SSL/TLS TLS: IETF “Transport Layer Security” protocol u can be implemented in an application does not require OS support comes from history - Netscape could not depend on OS u perhaps the most used security technology on the Internet used by browsers everyday to do commerce on the Internet

7 IETF sec - 7 SSL/TLS, contd. u integration into Browser makes it invisible to end- users this is a Good Thing ™ u TLS is "good enough” to have displaced “better” solutions e.g., Secure Electronic Transaction (SET) standard designed by Visa and Mastercard

8 IETF sec - 8 Key Distribution, a Big Problem u “big” in that it requires infrastructure infrastructure is hard to deploy u IETF PKIX Group is profiling X.509 for use in the Internet largest user: TLS u DNS Security may also be used for Key Distribution some day problems deploying it so far u will DNS be our Key Management System or will PKIX? jury still out

9 IETF sec - 9 Applications u secure mail: SMIME & PGP/MIME Key Distribution is still a problem user applications are available, but hard to use hope to see some real deployment as people realize the need to secure email u SMIME & TLS used to secure IETF VoIP signaling u TLS used for many applications PKIX, LDAP, BEEP, SASL, L2TP, SMTP,...

10 IETF sec - 10 Summary & Problems u IETF demands “good” security u standard development community is reluctant sometimes u users seen as not wanting security tell that to the feds

Download ppt "IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University"

Similar presentations

© 2006 NEC Corporation - Confidential age 1 November 2008 - 1 SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Cryptography and Network Security

Cryptography and Network Security
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
© 2004, The Technology Firm WWW.THETECHFIRM.COM SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs458-658 Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google