Re: [Cfrg] Including "internal APIs" in CFRG security analysis
Colin Perkins <csp@csperkins.org> Mon, 14 October 2019 08:57 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A1FA1200FF for <cfrg@ietfa.amsl.com>; Mon, 14 Oct 2019 01:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP_HCvOI4rBE for <cfrg@ietfa.amsl.com>; Mon, 14 Oct 2019 01:57:22 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D1D7120025 for <cfrg@irtf.org>; Mon, 14 Oct 2019 01:57:22 -0700 (PDT)
Received: from [81.187.2.149] (port=46760 helo=[192.168.0.66]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1iJwAG-0002QO-8P; Mon, 14 Oct 2019 09:57:20 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <e9043999-6015-d010-b023-4cb784d4d7b9@bu.edu>
Date: Mon, 14 Oct 2019 09:57:12 +0100
Cc: cfrg <cfrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4C74C012-9CD0-44AC-88A2-40924FFAF7F0@csperkins.org>
References: <e9043999-6015-d010-b023-4cb784d4d7b9@bu.edu>
To: "Canetti, Ran" <canetti@bu.edu>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4HzsJdxv_4jr4mVF_p60hpF9Fn8>
Subject: Re: [Cfrg] Including "internal APIs" in CFRG security analysis
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 08:57:24 -0000
> On 13 Oct 2019, at 06:52, Canetti, Ran <canetti@bu.edu> wrote: > BTW, a more general thought & suggestion, while at it: > > One basic limitation of the IETF as a platform for standardizing security > of protocols is that the IETF traditionally shies away from standardizing > APIs that are “internal to endpoints”. However, it is hard to meaningfully > discuss the security of protocols/ components without pinpointing these very same > internal APIs: Need to define how other components provide inputs to the analyzed component, how > they obtain outputs from the analyzed component, and what other forms of > information exchange exist between the analyzed component and the rest of > the endpoint system (eg, shared databases). Without such determination, one cannot > meaningfully make a statement of the sort “An IETF standard is secure". > (Indeed, TLS1.* is a quintessential case where such specifications are > sorely missing from the standard.) > > > The CFRG is a good place to change (or, rather, complement) that - and the current discussion on PAKE protocols is a good a place to start: let's ask that PAKE standards (and proposals) specify how they interact with the other relevant components within each party, down to the API. This includes the APIs with TLS, with the secure session protocol, with HTTPS, with the long-term signature module, with the password store(s), etc etc… Sure - but being clear that while CFRG can describe PAKE schemes, and how they need to interact with the broader ecosystem to be secure, it’s the IETF that then translates them into standards. -- Colin Perkins https://csperkins.org/
- [Cfrg] Including "internal APIs" in CFRG security… Canetti, Ran
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Carsten Bormann
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Hannes Tschofenig
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Hannes Tschofenig
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Canetti, Ran
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Carsten Bormann
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Ira McDonald
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Colin Perkins