Re: [Cfrg] Including "internal APIs" in CFRG security analysis
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 13 October 2019 11:29 UTC
Return-Path: <prvs=518920f3dd=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C4D120026 for <cfrg@ietfa.amsl.com>; Sun, 13 Oct 2019 04:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.186
X-Spam-Level:
X-Spam-Status: No, score=-4.186 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nR-hQLGn-egM for <cfrg@ietfa.amsl.com>; Sun, 13 Oct 2019 04:29:09 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92D32120024 for <cfrg@irtf.org>; Sun, 13 Oct 2019 04:29:09 -0700 (PDT)
Received: from LLE2K16-MBX03.mitll.ad.local (LLE2K16-MBX03.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id x9DBT49l022082; Sun, 13 Oct 2019 07:29:04 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "Canetti, Ran" <canetti@bu.edu>, cfrg <cfrg@irtf.org>
Thread-Topic: [Cfrg] Including "internal APIs" in CFRG security analysis
Thread-Index: AQHVgYpWPNdwusWfEE6z+Hatosv6FqdYRHxggABuUAA=
Date: Sun, 13 Oct 2019 11:29:03 +0000
Message-ID: <970E3D8E-EE68-421E-8C11-5D8CA2C808D3@ll.mit.edu>
References: <e9043999-6015-d010-b023-4cb784d4d7b9@bu.edu> <VI1PR08MB53601BD61DC9AA5DDEE2D80CFA910@VI1PR08MB5360.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB53601BD61DC9AA5DDEE2D80CFA910@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
Content-Type: multipart/signed; boundary="Apple-Mail-DA5ED08A-60A3-4105-B1C4-57B3C5BA81A6"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-13_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910130116
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/c9QmZ3S8bdaNCFp-29cGsRIAkwE>
Subject: Re: [Cfrg] Including "internal APIs" in CFRG security analysis
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2019 11:29:13 -0000
Back in the days of SNMPv3, faced with a similar problem, we introduced a concept of ASI (Abstract Service Interface) that defined what input and output each architecture component used, and what the expected/allowed reaction was. IMHO, it served us well. Regards, Uri Sent from my iPhone > On Oct 13, 2019, at 07:25, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > > Hi Ran, > > I agree with you that it would be super useful to consider APIs that are internal to endpoints in security assessments. > Sometimes it may be useful to even standardize such endpoint internal APIs. > > I do, however, wonder how many people in the IETF/IRTF have insight into endpoint internal implementation details (or want to be exposed to those details). Acquiring this knowledge requires a lot of time. > In practice, this will be a showstopper. > > I believe statements like “An IETF standard is secure" is in general of little value because you still have to implement a spec, test the spec, configure the implementation, and then put it into a larger system. The IETF does not help with any of these tasks. > > Ciao > Hannes > > From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Canetti, Ran > Sent: Sonntag, 13. Oktober 2019 07:52 > To: cfrg <cfrg@irtf.org> > Subject: [Cfrg] Including "internal APIs" in CFRG security analysis > > > BTW, a more general thought & suggestion, while at it: > > One basic limitation of the IETF as a platform for standardizing security > of protocols is that the IETF traditionally shies away from standardizing > APIs that are “internal to endpoints”. However, it is hard to meaningfully > discuss the security of protocols/ components without pinpointing these very same > internal APIs: Need to define how other components provide inputs to the analyzed component, how > they obtain outputs from the analyzed component, and what other forms of > information exchange exist between the analyzed component and the rest of > the endpoint system (eg, shared databases). Without such determination, one cannot > meaningfully make a statement of the sort “An IETF standard is secure". > (Indeed, TLS1.* is a quintessential case where such specifications are > sorely missing from the standard.) > > > The CFRG is a good place to change (or, rather, complement) that - and > the current discussion on PAKE protocols is a good a place to start: > let's ask that PAKE standards (and proposals) specify how they interact with the other relevant components within each > party, down to the API. This includes the APIs with TLS, with the secure session protocol, > with HTTPS, with the long-term signature module, with the password > store(s), etc etc… > > > Best, Ran > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Including "internal APIs" in CFRG security… Canetti, Ran
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Carsten Bormann
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Hannes Tschofenig
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Hannes Tschofenig
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Canetti, Ran
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Carsten Bormann
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Ira McDonald
- Re: [Cfrg] Including "internal APIs" in CFRG secu… Colin Perkins