IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Ted Lemon <mellon@fugue.com> Wed, 15 January 2020 15:47 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB97120850 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 07:47:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXH8wp06rk4Z for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 07:47:45 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE3B12085F for <add@ietf.org>; Wed, 15 Jan 2020 07:46:57 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id i13so16145252qtr.3 for <add@ietf.org>; Wed, 15 Jan 2020 07:46:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=bgEZ0Z2J8SbjGxUVR5+XqXvfRbmFvWuSfnL38wn0UhE=; b=xUG2aGO1HiOpqS6OfXFiJ5eQKj1cKC7Fs2wfxndLJdLnW7NCmpMi7MaslHH+3FC9a8 XisX70Pc3/4KJ5tQ5KYfCaMr+MOb//O/jZPdy8SM57C/jUKWg30UDwqoySdJbN+AOQ+R ccAcCRHNs7cX5wuZwMgNMKRkYI0AYEoh4ty5/dQtlHV/dYU9d0jCnWqZgpUJyUBM6qTG ALZt4GxWRB10k2hgcJgmSez/jmekNdAF36tQ4lkmSrVTzaJZkwKUS4g0BV8PmfAIN9Ts fmVAZARZsFvsk/XlIXSnkcnWR6n8pgWCUxEmT8I06n5lx1wq6w4uMXT3UxZzZSdwHe14 5VOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=bgEZ0Z2J8SbjGxUVR5+XqXvfRbmFvWuSfnL38wn0UhE=; b=eUQ2jBywa00uEGtkBf677I8G/T0Wb+NemS4amBEqf1GKMe8W9HBN50rDmjomBVN0zN 8DYbZpSWjUJj5BALRUmVYGDn0slR1e7sN91tNySFcifF0+Rh6BGynWXorJ2maV+t1Ew4 z1JSWFDFtgllggqCnYJ1dUlrFlKuh+N7ytEBRPlmJJSWLOw6gvwRoh9xZVKE0/of0K7i OchPjY7mwzzudHUpzOFCEP27VKDhCP2ZB9z1o9OkAZGQskMfbCffSnSdrUcSeTmmJUgY x8r9OQ4mcL5WwOMnAqFCvehL/F2bfIpQ9UJi6J0aBeW+42aNcengl7+3H6rZISMuSHR9 UwpQ==
X-Gm-Message-State: APjAAAUHVVuyb4WG4D/rtyQauPPituUlihGZ7bVZSff7K6iLBDjKzMWQ 1htwATdjK4GPU/z0jD1dQ63kTDCek4QqIw==
X-Google-Smtp-Source: APXvYqyfCe1VdOrSdHlBYShhqGi9WOQsUDdxQfH5KiGumzYC+18ARJkZBJXQ79KyXYE0rv/u+zifxg==
X-Received: by 2002:ac8:c4f:: with SMTP id l15mr4109024qti.177.1579103216258; Wed, 15 Jan 2020 07:46:56 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:e407:5057:2d90:873e? ([2601:18b:300:36ee:e407:5057:2d90:873e]) by smtp.gmail.com with ESMTPSA id u4sm8467221qkh.59.2020.01.15.07.46.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jan 2020 07:46:55 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_22EDCF39-6333-4DC3-9F8E-9D67BA5941CF"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.4\))
Date: Wed, 15 Jan 2020 10:46:54 -0500
In-Reply-To: <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, ADD Mailing list <add@ietf.org>
To: Paul Hoffman <paul.hoffman@icann.org>
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org>
X-Mailer: Apple Mail (2.3608.80.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/nbDq85DOtcEuy2L1vicH0DkpEms>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 15:47:54 -0000

On Jan 15, 2020, at 10:13 AM, Paul Hoffman <paul.hoffman@icann.org> wrote:
> Any mechanisms that specify interactions between clients and
> servers must provide the security properties expected of IETF
> protocols, e.g., confidentiality protection, integrity protection,
> and authentication with strong work factor.
> 
> Any mechanism whose understanding of the network and network services comes from interactions that were not cryptographically authenticated (such as DHCP and RA) cannot meet those requirements.

Rather than just deleting this text, which I agree is probably not what we want, how about fixing it?

Any specification must include a clear and thorough discussion of the privacy and security implications of using the method or methods it describes.  Methods where a mechanism that cannot be cryptographically validated for integrity or which do not provide a cryptographically validatable trust establishment mechanism will clearly describe the use case(s) in which such an override is thought to be needed, should have a clear applicability statement limiting the scope of the specification to those use case(s), and should clearly describe the risks and benefits of such a choice.

The first sentence is unnecessary since this is what is expected in the IETF anyway, but it sets the stage for the sentences that follow.   The point of this is not to prevent the WG specifying methods that can’t be cryptographically validated for integrity and/or trust, but rather to make it clear that such a specification would not be in charter if it didn’t meet the stated requirements.

v2.23.0 | Report a Bug | By Email