Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
Klaus Hartke <hartke@tzi.org> Wed, 03 August 2016 15:25 UTC
Return-Path: <hartke@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D878412D192 for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 08:25:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIx-_g5Ou5T0 for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 08:25:40 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E8A512DC86 for <core@ietf.org>; Wed, 3 Aug 2016 08:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id u73FNZGw002242 for <core@ietf.org>; Wed, 3 Aug 2016 17:23:35 +0200 (CEST)
Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3s4H0706B4zDDHk for <core@ietf.org>; Wed, 3 Aug 2016 17:23:35 +0200 (CEST)
Received: by mail-wm0-f42.google.com with SMTP id o80so341620408wme.1 for <core@ietf.org>; Wed, 03 Aug 2016 08:23:35 -0700 (PDT)
X-Gm-Message-State: AEkoouuVWJCFAoidtoDEvv7iPhFfpMfFhj55LtipPnBrirHGkQEdzoNFNXvO4HzN4CdAXKVTgXoCDQN3IKzgqA==
X-Received: by 10.194.82.99 with SMTP id h3mr9301652wjy.9.1470237813620; Wed, 03 Aug 2016 08:23:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.86.200 with HTTP; Wed, 3 Aug 2016 08:22:53 -0700 (PDT)
In-Reply-To: <036801d1ed09$507ef080$f17cd180$@augustcellars.com>
References: <036801d1ed09$507ef080$f17cd180$@augustcellars.com>
From: Klaus Hartke <hartke@tzi.org>
Date: Wed, 03 Aug 2016 17:22:53 +0200
X-Gmail-Original-Message-ID: <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
Message-ID: <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Qn6KJHWJw4JpMbD5-DTTVb2xc9k>
Cc: draft-hartke-core-e2e-security-reqs@tools.ietf.org, "core@ietf.org WG" <core@ietf.org>
Subject: Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 15:25:45 -0000
Hi Jim,
thanks a lot for your review. Comments inline below.
Klaus
Jim Schaad wrote:
> 1. Note that the title of the COSE document has changed you should pick
> that up.
Fixed.
> 2. Section 2.1.1 - Should "client receives a response" include
>
> * (Threat ?) The proxy returns a stale or outdated response based on
> data it previously obtained from the origin server or some fourth party.
>
> I'm thinking of both out of date caches and poisoned caches.
> Note that these are valid from a security point of view, but not 'fresh'
This is a part of (Threat 1:) The proxy spoofs a response.
In the mitigation section (2.1.1.1.) we define that a response is
valid from a security point of view only if it is fresh.
(We use the term "authentic" instead of "valid" though, because
"valid" is already used in the context of cache validation.)
I've expanded the text with your suggestion:
* (Threat 1:) The proxy spoofs a response. For example, the
proxy could return a stale or outdated response based on data
it previously obtained from the server or some fourth party, or
could craft an illicit response itself.
> 3. Section 2.1.1.3 - based on a brief look at mattsson-core-coap-actuators,
> it appears to have some solutions to the Withholding attack as well as the
> Delaying attack. This should probably be noted.
I've opened an issue on GitHub for this:
https://github.com/ektrah/coap-object-security/issues/5
> 4. Section 2.1.1.5 - It is not clear to me that there is a requirement that
> all messages be protected from eavesdropping. It might just be the way
> things are stated here, but there is a difference between the fact that the
> solution must provide a method to deal with this and the fact that integrity
> protection might be sufficient in some cases. This would also influence the
> analysis below in some cases.
Currently the text is written with the assumption that it is a
requirement that all messages are protected from eavesdropping.
However, as Carsten mentioned at the F2F meeting, there may indeed be
use cases where it's desirable that the proxy can eavesdrop on the
messages.
We will clarify this in the draft.
https://github.com/ektrah/coap-object-security/issues/6
> 5. Section 2.1.1.5 - You need to have a better statement of what it means
> to provide forward secrecy. This requirement would appear to potentially
> rule out the use of the same session content encryption key for multiple
> messages. I do not believe that is true, but given that we are looking a
> message based security some people might think this is the case. I would
> expand this statement to define the conditions under which PFS must be
> provided.
https://github.com/ektrah/coap-object-security/issues/7
> 6. Section 2.1.2 - Do you consider a proxy re-ordering requests to be a
> threat?
No. If a client wants to ensure that a request is processed after
another request, it needs to wait for the response to the first
request before it makes the second request.
> 7. Section 2.1.2.1 - Next to last para. I am not sure that 'involve' is
> the correct word in this sentence. Perhaps you meant 'include'
Fixed.
> 8. Section 3 - when I look at figure 10, I keep feeling that it is not a
> complete picture of what you need to be looking at
> [...]
>
> There needs to be a discussion of all of the different potential security
> associations in this diagram. Some of these can be reduced to simple
> client-server associations, but some of the implications of this diagram are
> potentially used for the entirety of the picture.
> [...]
https://github.com/ektrah/coap-object-security/issues/8
> 9. Threats in section 3 also include
>
> * out of order delivery of items.
>
> * Issues about a broker either granting or denying access to a stream.
>
> * Subscriber does not receive a response because the broker pre-maturely
> unsubscribes the subscriber
https://github.com/ektrah/coap-object-security/issues/9
- Re: [core] Review of draft-hartke-core-e2e-securi… Jim Schaad
- Re: [core] Review of draft-hartke-core-e2e-securi… Klaus Hartke
- [core] Review of draft-hartke-core-e2e-security-r… Jim Schaad
- Re: [core] Review of draft-hartke-core-e2e-securi… weigengyu
- Re: [core] Review of draft-hartke-core-e2e-securi… Jim Schaad