Re: [dane] [saag] Need better opportunistic terminology

Joe Touch <touch@isi.edu> Wed, 12 March 2014 16:50 UTC

Return-Path: <touch@isi.edu>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 921031A0745; Wed, 12 Mar 2014 09:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NxeLdIbM9Oo; Wed, 12 Mar 2014 09:50:40 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 339ED1A0829; Wed, 12 Mar 2014 09:50:18 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s2CGnGDf017693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 12 Mar 2014 09:49:18 -0700 (PDT)
Message-ID: <5320900C.2030007@isi.edu>
Date: Wed, 12 Mar 2014 09:49:16 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, dane@ietf.org, saag <saag@ietf.org>
References: <CAMm+LwjF9To+w3K4RR=72BbLNE2hJa9CibWOEARYmODiuFNu9g@mail.gmail.com> <082D04F9-DBB4-4492-BE91-C4E3616AC24D@isi.edu> <531F85D5.2070209@bbn.com> <531F8A53.1040103@isi.edu> <53206293.8020907@bbn.com>
In-Reply-To: <53206293.8020907@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/ek3TiH8G3O9956lrQoyztQdB6CY
Subject: Re: [dane] [saag] Need better opportunistic terminology
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 16:50:45 -0000

Steve (et al.),

On 3/12/2014 6:35 AM, Stephen Kent wrote:
> Joe,
>
>> ...
>>> with that definition of the term, which is IPsec-specific.
>>
>> I'm not quite sure what term or what definition you're referring to:
>> OE, anonymous encryption, or unauthenticated key exchange. Can you
>> clarify?
 >
> OE. I argue that OE is defined only for IPsec, because the definition
> focuses on how to
> avoid the need to coordinate SPD entries at each end.

Agreed.

>>> I have
>>> suggested "opportunistic keying" as a preferred term, since its the
>>> key management, not the encryption per se, that distinguishes other
>>> proposed modes of operation for IPsec, TLS, etc.
>>
>> I agree if you're replacing OE with OK ;-)
 >
> yeah, I like OK (and I like IKE too, for those of us old enough to
> appreciate that election slogan)

I'm still a little hesitant, thinking on it further, about the term 
"opportunistic" in this sense at all.

BTNS uses unsigned key exchanged, and there's nothing "opportunistic" 
about it. Unsigned authentication is the goal from the start.

OE as defined in RFC 4322 isn't about using unsigned key exchange; the 
"opportunistic" sense is derived from using keys retrieved from DNS 
without prior agreement. That's not what happens in BTNS.

Paul just noted:
"Opportunistic keying does provide authentication, it's just that
the authentication is only to the public key and is not
tightly bound to any other type of identification (address, name, etc.)"

I.e., fundamentally, opportunistic approaches are completely different 
from those that don't ever bother to authenticate. I don't think it's 
useful (and could be confusing) to confuse the two by overlapping 
terminology.

I don't like the term "optimistic" either; it too implies something that 
you "hope works". There's no "hope" associated with unsigned key 
exchange; you do it (IMO) because you know what it is and you know its 
impact (e.g., raising the bar of an attacker to performing a full key 
exchange, vs. just tossing single packets like RSTs around).

Is there a reason not to just call unauthenticated key exchange what it 
is - unauthenticated key exchange?

If you want something pithy, maybe "Zero-ID security"?

>> The breakout group at the STRINT workshop that discussed terminology
>>> suggested using the term noted above.
>>
>> Sorry, but to clarify, which term?
 >
> OK vs. OE.

Thanks for the clarification.

Joe