IETF Logo Mail Archive

Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt

Brian Rosen <br@brianrosen.net> Tue, 11 September 2012 18:12 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: atoca@ietfa.amsl.com
Delivered-To: atoca@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B0A21F85B4 for <atoca@ietfa.amsl.com>; Tue, 11 Sep 2012 11:12:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWWQH9Xftfhd for <atoca@ietfa.amsl.com>; Tue, 11 Sep 2012 11:12:35 -0700 (PDT)
Received: from barmail5.idig.net (barmail5.idig.net [64.34.111.253]) by ietfa.amsl.com (Postfix) with ESMTP id 4459A21F84B5 for <atoca@ietf.org>; Tue, 11 Sep 2012 11:12:29 -0700 (PDT)
X-ASG-Debug-ID: 1347387121-0491e5109e167cf0001-FTS53d
Received: from wwh1.winweblinux.com (wwh1.winweblinux.com [76.74.186.184]) by barmail5.idig.net with ESMTP id et3PkxM6cBoA8G2S; Tue, 11 Sep 2012 11:12:01 -0700 (PDT)
X-Barracuda-Envelope-From: br@brianrosen.net
X-Barracuda-Apparent-Source-IP: 76.74.186.184
Received: from neustargw.va.neustar.com ([209.173.53.233]:58652 helo=[192.168.133.177]) by wwh1.winweblinux.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from <br@brianrosen.net>) id 1TBUwL-001Bgx-Ts; Tue, 11 Sep 2012 11:12:02 -0700
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: Brian Rosen <br@brianrosen.net>
X-ASG-Orig-Subj: Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt
In-Reply-To: <886749D5-885D-471F-A0B7-32DE09C69C5E@bbn.com>
Date: Tue, 11 Sep 2012 14:11:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D474DF1E-470D-4B75-AB5B-17C3471A49A9@brianrosen.net>
References: <20120911033801.16598.18619.idtracker@ietfa.amsl.com> <886749D5-885D-471F-A0B7-32DE09C69C5E@bbn.com>
To: Richard Barnes <rbarnes@bbn.com>
X-Mailer: Apple Mail (2.1486)
X-Barracuda-Connect: wwh1.winweblinux.com[76.74.186.184]
X-Barracuda-Start-Time: 1347387121
X-Barracuda-URL: http://64.34.111.253:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at idig.net
X-Barracuda-Spam-Score: 0.12
X-Barracuda-Spam-Status: No, SCORE=0.12 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.5 tests=CN_BODY_332
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.108251 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.12 CN_BODY_332 BODY: CN_BODY_332
Cc: atoca@ietf.org
Subject: Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt
X-BeenThere: atoca@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <atoca.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atoca>, <mailto:atoca-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/atoca>
List-Post: <mailto:atoca@ietf.org>
List-Help: <mailto:atoca-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atoca>, <mailto:atoca-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 18:12:37 -0000

I have reviewed this draft and have the following comments:

Overall, I think this is a helpful part in solving a large problem.  I do look forward to hearing any fallout from the discussion Art started on XML DSig, as I was unaware that there were interoperability issues with it.

The mechanism of using S/MIME, and the text describing how it is used seems clear to me.  I'm a fan of re-use, and despite the lack of support for S/MIME in some protocols that specified its use, I think here it is used appropriately and intelligently to produce an interoperable way.  I will have to go look at RFC5751to make sure we don't have any possible holes on preparing the CAP message for this process.  I get worried about trivial things like whether there must be a trailing line end at the end of the CAP message or not.

I am less enthused about the token mechanism.  There are a couple of reasons I think we need more discussion.  Let me say up front that the notion of having a trivial reject mechanism that avoids a DDoS by crypto of bad messages is a good one, so I'm more interested in finding solutions that allow us to have something like this token than in dropping it.

Forcing the alert sender to be the token inserter means there is no opportunity to have any form of transitive trust on message originators.  Using the example in the draft, a recipient would need a token list from what I expect would be a dozen U.S. federal agencies to cover what we would generically describe as a "national alert".  There is no way to have a single "U.S. Government aggregator" that could avoid this.

The token hashes have to be securely delivered to each endpoint by each originator.  This seems to me to be pretty onerous.  Clearly every endpoint has the same list of token hashes, which makes this tractable, but it does seem like a lot of mechanism will be needed to deploy.

This seems like a problem that has been solved.  What this feels like is a one time password, where the encrypt key and the decrypt keys are different.  Rather than a hash, can we really just securely pass the decrypt keys around?  Still need a hash for message integrity, but…  Maybe I'm dreaming.

I don't understand the notion (in 3.4) of allowing tokens with no signatures.  

I don't understand the notion (in 4.1) of a list of tokens.  At first, I thought that you start with a list, but choose one.  Alas, it says create a header for each of the tokens in the list.  What is that doing?

If you allow an intermediary to sign, wouldn't you want to include a token?  Would we not get back to the problem the token solves without that?  But, really, why would an intermediary sign? What would that get us?  In the past, when we have talked about intermediaries signing, it was part of a transitive trust model.  The tokens break that model.  So, if we have tokens, what is an intermediary signature used for?

Finally, I was reminded, looking at the example, why we need an area affected mechanism in some form of wrapper -- the CAP one is not processable by automatons and we need to have successive filtering on area affected to make the distribution mechanisms work.  That got me thinking of whether that, and possibly also other wrapper data needed to be protected, and thus how would it affect this mechanism.

Brian

On Sep 10, 2012, at 11:43 PM, Richard Barnes <rbarnes@bbn.com> wrote:

> Dear ATOCA,
> 
> In order to respond to the chairs' call for candidate alert format documents, we have put together a revision of draft-barnes-atoca-escape.  As you may recall from earlier versions, ESCAPE uses S/MIME to wrap a CAP document, in order to add authentication for alert originators (digital signature and "alert token").  
> 
> The changes from -00 are largely to add more explanatory text, and clarify a few things technically. We haven't translated the whole thing to JOSE (yet).  Mostly, our hope is that in reading the new version, you'll be able to envision how these secure alerts can be used to build an overall alerting system.  For example, they highlight some of the things that a discover / metadata protocol might need to provide (e.g., public keys for authorities).
> 
> Comments very welcome.  There's even a list of open questions at the front!
> 
> Thanks a lot,
> --Richard
> 
> 
> 
> On Sep 10, 2012, at 11:38 PM, internet-drafts@ietf.org wrote:
> 
>> 
>> A new version of I-D, draft-barnes-atoca-escape-01.txt
>> has been successfully submitted by Richard Barnes and posted to the
>> IETF repository.
>> 
>> Filename:	 draft-barnes-atoca-escape
>> Revision:	 01
>> Title:		 Encoding of Secure Common Alert Protocol Entities (ESCAPE)
>> Creation date:	 2012-09-11
>> WG ID:		 Individual Submission
>> Number of pages: 17
>> URL:             http://www.ietf.org/internet-drafts/draft-barnes-atoca-escape-01.txt
>> Status:          http://datatracker.ietf.org/doc/draft-barnes-atoca-escape
>> Htmlized:        http://tools.ietf.org/html/draft-barnes-atoca-escape-01
>> Diff:            http://www.ietf.org/rfcdiff?url2=draft-barnes-atoca-escape-01
>> 
>> Abstract:
>>  Recipients of emergency alerts need to be able to verify that an
>>  alert they receive was issued by an authorized source.  The Common
>>  Alerting Protocol (CAP) provides a standard way of encoding alert
>>  information, but does not provide any security features that would
>>  support authentication of alert originators.  This document describes
>>  a security wrapper for Common Alerting Protocol objects to allow
>>  alerts to be signed by alert originators.
>> 
>>  Please send feedback to the atoca@ietf.org mailing list.
>> 
>> 
>> 
>> 
>> The IETF Secretariat
>> 
> 
> _______________________________________________
> atoca mailing list
> atoca@ietf.org
> https://www.ietf.org/mailman/listinfo/atoca

v2.23.0 | Report a Bug | By Email