IETF Logo Mail Archive

Re: [core] Review of draft-hartke-core-e2e-security-reqs-01

Jim Schaad <ietf@augustcellars.com> Wed, 03 August 2016 16:44 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E785712D0CE for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 09:44:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.188
X-Spam-Level:
X-Spam-Status: No, score=-3.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nxgb9awy054G for <core@ietfa.amsl.com>; Wed, 3 Aug 2016 09:44:55 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 003A512D56D for <core@ietf.org>; Wed, 3 Aug 2016 09:44:47 -0700 (PDT)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 3 Aug 2016 09:56:02 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Klaus Hartke' <hartke@tzi.org>
References: <036801d1ed09$507ef080$f17cd180$@augustcellars.com> <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
In-Reply-To: <CAAzbHvbUW5ZAh2EQ2e-L-VRyFL-V_D+sA9G1jR6pf5h=kVJWFQ@mail.gmail.com>
Date: Wed, 03 Aug 2016 09:44:21 -0700
Message-ID: <047701d1eda6$4af5c5b0$e0e15110$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFVQec6mZkH2zubcUsWpGYFrv/2RAEXD4dJoSgPgTA=
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/TQxZW7Qbs79blZ4TadxsTMuytfg>
Cc: draft-hartke-core-e2e-security-reqs@tools.ietf.org, core@ietf.org
Subject: Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 16:44:59 -0000


> -----Original Message-----
> From: Klaus Hartke [mailto:hartke@tzi.org]
> Sent: Wednesday, August 03, 2016 8:23 AM
> To: Jim Schaad <ietf@augustcellars.com>
> Cc: draft-hartke-core-e2e-security-reqs@tools.ietf.org; core@ietf.org WG
> <core@ietf.org>
> Subject: Re: [core] Review of draft-hartke-core-e2e-security-reqs-01
> 
> Hi Jim,
> 
> thanks a lot for your review. Comments inline below.
> 
> Klaus
> 
> 
> Jim Schaad wrote:
> 
> > 2. Section 2.1.1 - Should "client receives a response" include
> >
> >     * (Threat ?) The proxy returns a stale or outdated response based
> > on data it previously obtained from the origin server or some fourth party.
> >
> >                I'm thinking of both out of date caches and poisoned caches.
> > Note that these are valid from a security point of view, but not 'fresh'
> 
> This is a part of (Threat 1:) The proxy spoofs a response.
> 
> In the mitigation section (2.1.1.1.) we define that a response is valid from a
> security point of view only if it is fresh.
> 
> (We use the term "authentic" instead of "valid" though, because "valid" is
> already used in the context of cache validation.)
> 
> I've expanded the text with your suggestion:
> 
>       *  (Threat 1:) The proxy spoofs a response.  For example, the
>          proxy could return a stale or outdated response based on data
>          it previously obtained from the server or some fourth party, or
>          could craft an illicit response itself.
> 

My problem with this is that I view a spoof as different.  To me a spoof implies the attempt to create a new message that will pass muster as oppose to doing something like a replay.  It would probably be better to use a different term.  I'll try and remember to ponder on this.

Jim

v2.23.0 | Report a Bug | By Email