Draft-ietf-rddp-security-05 Status & Summary of outstanding issues November 8, 2004

1. Draft-ietf-rddp-security-05Status & Summary of outstanding issues November 8, 2004 Jim Pinkerton

2. Actions since the last IETF • Quickly iterated through -03, -04, -05 • Changed the draft to be standards track • Moved RECOMMENDED to MUST/MAY, etc • Had two con-calls reviewing changes • Resolved several TBDs • “ULPs which provide security” resolved with xref to channel bindings • Punted on ref to SCTP/TCP on connection hijacking – there is none • Finished summary tables of attacks in appendix • New or substantially revised Appendices • Summary of normative mitigations for RNIC and for ULP • Complete rewrite of Client/Server protocol concerns • Finished going through Tom Talpey’s comments

3. Major New Normative Statements • Too many new normative statements to list here. Most are changing RECOMMENDED to Must/May, etc. • IPsec is normative (must implement, opt to use). • Deleted most of existing text and made normative cross ref to sections RFC3723 • Resource manager • MUST be used if a scarce resource • It MUST NOT assume shared partial mutual trust

4. Planned changes in -06 draft • Very small changes needed to address remaining TBDs • Main concern is review of substantial changes since August IETF. • Resolve TBD’s • section “Remote Peer Attacking a Shared CQ” – need to talk about non-shared CQ • Recommend adding a new attack/resolution • Appendix A: Client/Server Protocols using a shared CQ • Solution is straightforward, just ran out of time.

5. IETF Security Draft Status • Security Draft • No outstanding issues, except for review is due from some folks • Primarily concern is Client/Server Appendix • -06 version didn’t make it before the blackout (extremely minor cleanup)