attachment-0001

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1252"> <META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD> <BODY> <DIV>Hi all,</DIV> <DIV> </DIV> <DIV>I have just received the following request to the WG to classify the security features supported in our protocol according to the schema/questions below.</DIV> <DIV> </DIV> <DIV>I assume we need to give a little more details than just stating that we support SSL/TLS.</DIV> <DIV> </DIV> <DIV>Can somebody help me out with this so we get it rigth? We should then run the proposed answer on the IPP DL before sending it back to the IETF, so that we know we all agree on the content.</DIV> <DIV> </DIV> <DIV>Carl-Uno</DIV> <DIV> </DIV> Carl-Uno Manros 700 Carnegie Street #3724 Henderson, NV 89052, USA Tel +1-702-617-9414 Fax +1-702-617-9417 Mob +1-702-525-0727 Email carl@manros.com Web    www.manros.com <DIV> </DIV> <DIV class=OutlookMessageHeader>-----Original Message----- From: owner-wgchairs@ietf.org [mailto:owner-wgchairs@ietf.org] On Behalf Of Charlie_Kaufman@notesdev.ibm.com Sent: Thursday, July 10, 2003 7:40 PM To: wgchairs@ietf.org Subject: Security Survey for wgchairs from IAB </DIV> First let me apologize for sending this during the crunch before an IETF meeting. If you don't manage to respond immediately, that's OK; I'll bug you again. Possibly even in person. Jim Kempf and I were tasked with doing a survey of IETF working groups to find out whether and how they are using the security mechanisms coming out of the security area. The goal is to figure out whether the right tools are being made available and whether how to use them is being communicated. This first attempt at a survey form is designed to be easy to fill out - particularly for working groups for which security is not particularly relevant - so we can figure out who we need to follow up with with more detailed questions.  While we would encourage people to tell us as much as they feel is useful, a quick and incomplete response would be helpful as well. The questions are still being debugged. Some may make no sense in some contexts. Feel free to flame us about that. Your working group may be working on sufficiently diverse things that it makes more sense to respond separately for different work areas. If so, feel free. We assume that specs talk about some representation of data and some "remote" source and/or sink of that data. Not all do. Bear with us. Please send responses to ckaufman@us.ibm.com and kempf@docomolabs-usa.com Thanks for your help! 1) Identification and Authentication: If the technology of this WG has a concept of things it talks to or about, how are they named and authenticated? Identification of users or administrators by: text string(  ); DNS name(  ); rfc822 name(  ); UID(  ); CN(  ): DN(  ); Other (  ) Identification of remote endpoints by: text string(  ); DNS name(  ); IP address(  ); Link layer address(  );               rfc822 name(  ); UID(  ); OID(  ); Other(  ) Identification of data in a hierarchy by: text string(  ); SNMP(  ); UID(  ); OID(  ); Other(  ) Authentication of users or administrators using passwords(  ); reference to other specs(   ); cryptographic algorithms(   ); Other(  );      What other specs:      What cryptographic algorithms: Authentication of remote endpoints using passwords(   ); IP addresses(   ); Link Layer addresses(  );               reference to other specs(   ); cryptographic algorithms(   ); Other(  )    What other specs:    What cryptographic algorithms: 2) Protecting data while being transferred and/or stored: Protecting data by passing it over SSL and/or TLS (   ) Protecting data by passing it over IPsec (   ) Protecting data by encoding it with PKCS-7 / CMS / S/MIME (   ) Protecting data using XML Signing and/or Encryption (   ) Protecting data defined by referencing other specs (   ) Protecting data with other cryptographic mechanisms (   ) 3) Provisioning/Configuration of security information (keys, user names, system names)      By unspecified out of band mechanism (   )      Referencing another spec (   ) Which?      Specifies a protocol for doing this (   ) </BODY></HTML>