Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
Jim Schaad <ietf@augustcellars.com> Wed, 03 August 2016 16:44 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E785712D0CE for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 09:44:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.188
X-Spam-Level:
X-Spam-Status: No, score=-3.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nxgb9awy054G for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 09:44:55 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 003A512D56D for <core@ietf.org>; Wed, 3 Aug 2016 09:44:47 -0700 (PDT)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 3 Aug 2016 09:56:02 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Klaus Hartke' <hartke@tzi.org>
References: <036801d1ed09$507ef080$f17cd180$@augustcellars.com> <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
In-Reply-To: <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
Date: Wed, 03 Aug 2016 09:44:21 -0700
Message-ID: <047701d1eda6$4af5c5b0$e0e15110$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFVQec6mZkH2zubcUsWpGYFrv/2RAEXD4dJoSgPgTA=
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/TQxZW7Qbs79blZ4TadxsTMuytfg>
Cc: draft-hartke-core-e2e-security-reqs@tools.ietf.org, core@ietf.org
Subject: Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 16:44:59 -0000
> -----Original Message----- > From: Klaus Hartke [mailto:hartke@tzi.org] > Sent: Wednesday, August 03, 2016 8:23 AM > To: Jim Schaad <ietf@augustcellars.com> > Cc: draft-hartke-core-e2e-security-reqs@tools.ietf.org; core@ietf.org WG > <core@ietf.org> > Subject: Re: [core] Review of draft-hartke-core-e2e-security-reqs-01 > > Hi Jim, > > thanks a lot for your review. Comments inline below. > > Klaus > > > Jim Schaad wrote: > > > 2. Section 2.1.1 - Should "client receives a response" include > > > > * (Threat ?) The proxy returns a stale or outdated response based > > on data it previously obtained from the origin server or some fourth party. > > > > I'm thinking of both out of date caches and poisoned caches. > > Note that these are valid from a security point of view, but not 'fresh' > > This is a part of (Threat 1:) The proxy spoofs a response. > > In the mitigation section (2.1.1.1.) we define that a response is valid from a > security point of view only if it is fresh. > > (We use the term "authentic" instead of "valid" though, because "valid" is > already used in the context of cache validation.) > > I've expanded the text with your suggestion: > > * (Threat 1:) The proxy spoofs a response. For example, the > proxy could return a stale or outdated response based on data > it previously obtained from the server or some fourth party, or > could craft an illicit response itself. > My problem with this is that I view a spoof as different. To me a spoof implies the attempt to create a new message that will pass muster as oppose to doing something like a replay. It would probably be better to use a different term. I'll try and remember to ponder on this. Jim
- Re: [core] Review of draft-hartke-core-e2e-securi… Jim Schaad
- Re: [core] Review of draft-hartke-core-e2e-securi… Klaus Hartke
- [core] Review of draft-hartke-core-e2e-security-r… Jim Schaad
- Re: [core] Review of draft-hartke-core-e2e-securi… weigengyu
- Re: [core] Review of draft-hartke-core-e2e-securi… Jim Schaad