IETF Logo Mail Archive

Re: [core] AD review of draft-ietf-core-echo-request-tag-10

John Mattsson <john.mattsson@ericsson.com> Tue, 01 September 2020 19:13 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12BB23A0F6F; Tue, 1 Sep 2020 12:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2i6Dx9XhG7xu; Tue, 1 Sep 2020 12:13:47 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150059.outbound.protection.outlook.com [40.107.15.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A8483A0F6B; Tue, 1 Sep 2020 12:13:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HOAuW282UFi3q0OBhnnDkLQxbPQcPpvyR21rB0HkywkBGTDbRdAdeZbvZ7cAOTQf55i8PZmuL0CmbL+ObAgxg5hrl0ZFhtv0If9ZajeQCp2kf0+aYE7/vmJ3DcT2yRMPMRtgBqhPjvlVFFWJ9ya2WZh59uB+C16m8dj8EWfJtC9RAlYXnHPnAe4lfMH0JDhiW+1JJ2ohnZgjhYHAc6CvQIU3hXZHYzF6B2VgZo3llnUUTlU4LKh3c7+MVnY+cBJMVIVt4pybE0PZnNYK4PhM8r7NGVbvw77VZhpLeKhcofdqyQQrLojlpLVm2kvaoe48EgTONh7J80ZztlvxKAHkwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iI+iMjH4jwoqO58jY9ISZ5HAsO7U8qTxqkg1i3vNkZ4=; b=ew42PA7T8aC2/sQ6XQ1bOhs04LzjAOjKS4hY7NDfeLrMhFy5PxIUoycfKSVvVzVZQ8lvuc6QTlSDObANOkHFlwIzTt791EomQJIu1er3AO8wqkU7iUmni6utToPxQgz0wWnEzyIkGPaQk7HebB2BSxg4Xi47CvtOZv8LkR5Zq7TAl+1KQ9NvQKrjqeIzqYH/IGGdEs0Au0L7aZklh0tSQWvC8vHSURekgHjCMKdYfZ+JyqGZsaHS5+2West2Jz7S8aCM8un+qJ8SYvoDsrsPv3no4bidSejpYXutzgZDryUQjuZ9ITDziZJbJHdAdZxlf9K6iU73+fSXnk7FUG8CCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iI+iMjH4jwoqO58jY9ISZ5HAsO7U8qTxqkg1i3vNkZ4=; b=lt9++i7Lro7qA0n4kBm4WgbAYWsTQ916I3w2beaCgsr9moVXak/IVTnYz8zFDB0bNxRJ7RgtG89zOU/Ke4TsjyosZjQ577akUTm2f/344azhtggKB6GjUBKJzahXzLEI6A4SUVSwTDPb1W8IultxDJKOCLRn9l4EGJ0NeYhiPQY=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM6PR07MB5025.eurprd07.prod.outlook.com (2603:10a6:20b:5e::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.5; Tue, 1 Sep 2020 19:13:45 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb%2]) with mapi id 15.20.3348.013; Tue, 1 Sep 2020 19:13:45 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
CC: Barry Leiba <barryleiba@computer.org>, "draft-ietf-core-echo-request-tag.all@ietf.org" <draft-ietf-core-echo-request-tag.all@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] AD review of draft-ietf-core-echo-request-tag-10
Thread-Index: AQHWag27rQ//I2rI/E6zrjGMnBRICalUAb0AgAAnboCAAExGgA==
Date: Tue, 01 Sep 2020 19:13:45 +0000
Message-ID: <3216C47B-D9A9-4EAD-B68F-D2FAB7E0376B@ericsson.com>
References: <CALaySJJt_U+qF_xwOtJC2BD=oet-stNxoJkMYJfH=Z8BmcLc3g@mail.gmail.com> <1E09C83D-0AC1-42CA-9E2D-E5903FF775D6@ericsson.com> <9854F0F8-A512-44DB-910C-3864106C9708@tzi.org>
In-Reply-To: <9854F0F8-A512-44DB-910C-3864106C9708@tzi.org>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b1b704a8-08d7-4aa9-90ca-08d84eab25d9
x-ms-traffictypediagnostic: AM6PR07MB5025:
x-microsoft-antispam-prvs: <AM6PR07MB502525E2B042B8C4ED0F0C3D892E0@AM6PR07MB5025.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cYQ0Zj2n+jsLnyoS30l5ZxPZAi45k4GtlcIjWTZ9o4qsSfv/dKqdD1b3ue1LJ2t33ZGTqz+/J+040fj3ut9q1bYr+jtjp3BeHzBwGBn8YOr9HwCEzLm5MiuGBAcLCmMOaXTIAoNZMkh4CRxuENC4CC4HywIXisiOdyIC6BB1X6GW+80KEoolmdW7J9X7Z+OkCzbLXI5LWXaLKVETxXQbQ+1aUkEWYTLpMpBxzfhGemsYRcf2E5I5/RiJBYpBI6zMVkCzeXDdpMwm39deD8QUIQIe9VumygibojsQUh/HQBtkQzW+7pEmwz/K1XQOh6SZcj8XqlZolRkwasKwFuKY9WZxTIaQaSs3g2L0iDupkdAZX4bO/u+odW7Dx+u3wS91LrHVz0dPPnL87WDONBpt0Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(39860400002)(136003)(366004)(8676002)(33656002)(91956017)(44832011)(66556008)(66476007)(2616005)(16799955002)(66946007)(86362001)(5660300002)(966005)(64756008)(66446008)(186003)(2906002)(26005)(71200400001)(53546011)(6506007)(478600001)(66574015)(83380400001)(6486002)(76116006)(110136005)(8936002)(6512007)(4326008)(54906003)(36756003)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +E/i7l0Cb8PFBDmC7/ZQ673HEIUIWDjcJdY9rWroyEk+yIvrWaoqNKh5LnmElCSSYywfFWIY954QZcgPUUzIDkx0AqLLqPoG3lrGuHttft6SPK8AYuROT95H6suRhJ/wFoJZyT71hJdX2Q/BjspML9AWxTmK6DhwdsZ6ackQoYlFwDmb421PNOJOkS23JonMJxFIMzMif4qn9s16bsm5C2Baxt1nv7uE/GLa4odmq0P191VnS3Z9Kp35byyg6m8t29OPwUK2i6rpW+xH0c6UvJKSGHaYGR/HDwi2Infq9kfWH9ND/aw5411GJyJNmXER/57pi9mc5SfD3uAj/40rWlhP8CkTO94r5bRDNlnqsAFz4gcCc7r5THJ4VDKDDLXGDTai2+DKJi4NiOOVi0sag3wnnmCZ8TPZTYeExshEXxbCGbFObVEyUTdc3SbL5OKZT+r15EGvITOqZBJN03OG3RmiwiB+S08+NEpJqsMNsGVxQsxCOqmxeFEpCYDycW2VzjvTlLi8dAi9VINDRJvsuD8oej38U24XQSkh2Fbefx4+WXG60OJnlDJnvgV9+LkvRiqDz/Dh34L/B/l43OSzA2ATAWJbIpc+8YrzUPa8ufvhsi04tzAqY6tI5iXLDYaB3wbaBFb9fL7p46D7wKtffQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CBE325B45F8B104293A08F0593325100@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b1b704a8-08d7-4aa9-90ca-08d84eab25d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2020 19:13:45.3844 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CqcQSmAYZXSGfFVirNIacCG/f2mNjo8Nkn32IgWtXr+BBPfFTfmxmGs4yoNv+AF1BLqrE5Fq4zr4Z4yb3777hliXk74BciqUl0ReCCSjXts=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5025
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/pqDweKtoHA95kaKc3BOBpeANjOg>
Subject: Re: [core] AD review of draft-ietf-core-echo-request-tag-10
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 19:13:50 -0000

In this sentence I think on-path attacker works quite well or even better. It already follows from the sentence that the attacker is able to replace one block with another. The attacker in this case does only needs to be able to reorder packets flowing in one direction of the communication.

We could also just use the word attacker, e.g.

"it is still possible for an attacker able to reorder packets on the path from client to server to maliciously replace a later operation's blocks with an earlier operation's blocks."

Cheers,
John

-----Original Message-----
From: Carsten Bormann <cabo@tzi.org>
Date: Tuesday, 1 September 2020 at 18:40
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
Cc: Barry Leiba <barryleiba@computer.org>, "draft-ietf-core-echo-request-tag.all@ietf.org" <draft-ietf-core-echo-request-tag.all@ietf.org>, "core@ietf.org" <core@ietf.org>
Subject: Re: [core] AD review of draft-ietf-core-echo-request-tag-10
Resent from: <alias-bounces@ietf.org>
Resent to: <christian@amsuess.com>, John Mattsson <john.mattsson@ericsson.com>, <goran.selander@ericsson.com>, <jaime@iki.fi>, <marco.tiloca@ri.se>, <barryleiba@gmail.com>, <superuser@gmail.com>, <barryleiba@computer.org>, Marco Tiloca <marco.tiloca@ri.se>
Resent date: Tuesday, 1 September 2020 at 18:40

    On 2020-09-01, at 16:19, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org> wrote:
    > 
    > 
    >    — Section 3.5.1 —
    > 
    >       is still possible for a man-in-the-middle to maliciously replace a
    >       later operation's blocks with an earlier operation's blocks
    > 
    >    Not a requirement here, and I will accept your best judgment:  in the
    >    spirit of recent discussion on inclusive vs exclusionary language, I ask
    >    you to consider changing “a man-in-the-middle” to “an on-path attacker”.
    > 
    > [GS] I thought there was a slight difference between "on-path attacker" and "man-in-the-middle”, in that the latter has access to the message flow whereas the former need not have. For example, an on-path attacker may only be able to inject messages. In this case ("replace") the latter would then be more precise. If I'm right then I propose we use available distinctions pending a new dictionary, otherwise I'm fine with changing.

    Oh, so we are getting to have this fun discussion on *this* draft.

    A MITM can read, inject, delete, and modify data.

    An on-path attacker can read and inject, but not necessarily delete or modify data.

    I would not use the latter as a synonym for the former.

    The other proposal in https://protect2.fireeye.com/v1/url?k=8bc8ba21-d57827b9-8bc8faba-861fcb972bfc-afe20b2d89bbd667&q=1&e=406fbb72-b2f0-4844-bd11-3ff570edaf0f&u=https%3A%2F%2Fgithub.com%2Fietf%2Fterminology is even more broken: An impersonation attacker doesn’t even have to be on-path.

    (See also my comment on https://protect2.fireeye.com/v1/url?k=a110182c-ffa085b4-a11058b7-861fcb972bfc-2890999e614b0870&q=1&e=406fbb72-b2f0-4844-bd11-3ff570edaf0f&u=https%3A%2F%2Fgithub.com%2Fietf%2Fterminology%2Fpull%2F1, which fell by the wayside in the recent lull on this topic.)

    In the mid-2000s, there was an attempt to replace MITM attack by “middleperson attack”.  That utterly failed, a simple Google search says “man-in-the-middle” (54100 hits on dl.acm.org) is overwhelmingly still the term of art and not “middleperson” (31 hits on dl.acm.org).

    Wikipedia at least knows about the other established word for MITM, Janus attack https://en.wikipedia.org/w/index.php?title=Janus_attack&redirect=no — not very successful either (9 hits on dl.acm.org).

    One word that already has the right semantics and does not require the cultural background of “Janus attack” is “Interposer attack”.  0 hits on dl.acm.org, but has all the right properties.  So in the above we would replace MITM by “interposer”:

    >       is still possible for an interposer to maliciously replace a
    >       later operation's blocks with an earlier operation's blocks

    WFM, even if this is blazing a new trail.

    Grüße, Carsten

v2.23.0 | Report a Bug | By Email