IETF Logo Mail Archive

Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)

<mohamed.boucadair@orange.com> Tue, 22 January 2019 07:15 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD97B130DE9; Mon, 21 Jan 2019 23:15:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFi-gnTtpRG4; Mon, 21 Jan 2019 23:15:41 -0800 (PST)
Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4765612D4F2; Mon, 21 Jan 2019 23:15:41 -0800 (PST)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 43kKSq3Zk7zywM; Tue, 22 Jan 2019 08:15:39 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.33]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 43kKSq2KsGzDq7J; Tue, 22 Jan 2019 08:15:39 +0100 (CET)
Received: from OPEXCAUBM6C.corporate.adroot.infra.ftgroup (10.114.13.35) by OPEXCLILM42.corporate.adroot.infra.ftgroup (10.114.31.33) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 22 Jan 2019 08:15:38 +0100
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM6C.corporate.adroot.infra.ftgroup ([fe80::f58e:8e9d:ae18:b9e3%21]) with mapi id 14.03.0415.000; Tue, 22 Jan 2019 08:15:38 +0100
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
Thread-Index: AQHUsbSfqlO5vmTWCU+CwUtqisCqc6W61cdQ
Date: Tue, 22 Jan 2019 07:15:37 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA0B698@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93302EA08D24@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190118210258.GO81907@kduck.mit.edu> <BYAPR16MB279063917ED17BF8D0331060EA9D0@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA0ABE9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190121151025.GD81907@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA0B0DB@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190121181033.GG81907@kduck.mit.edu>
In-Reply-To: <20190121181033.GG81907@kduck.mit.edu>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/RjuM2PV-nNuFFY8jnDsKyLrI84Q>
Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 07:15:44 -0000

Hi Ben, 

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> Envoyé : lundi 21 janvier 2019 19:11
> À : BOUCADAIR Mohamed TGI/OLN
> Cc : Konda, Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org;
> dots@ietf.org
> Objet : Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> 
> On Mon, Jan 21, 2019 at 03:37:38PM +0000, mohamed.boucadair@orange.com wrote:
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> > > Envoyé : lundi 21 janvier 2019 16:10
> > > À : BOUCADAIR Mohamed TGI/OLN
> > > Cc : Konda, Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org;
> > > dots@ietf.org
> > > Objet : Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th
> Part)
> > >
> > > On Mon, Jan 21, 2019 at 07:31:28AM +0000, mohamed.boucadair@orange.com
> wrote:
> > > > Hi Ben, all,
> > > >
> > > > Please see inline.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : Konda, Tirumaleswar Reddy
> > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > > Envoyé : samedi 19 janvier 2019 07:32
> > > > > À : Benjamin Kaduk; BOUCADAIR Mohamed TGI/OLN
> > > > > Cc : draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> > > > > Objet : RE: [Dots] AD review of draft-ietf-dots-signal-channel-25
> (5th
> > > Part)
> > > > >
> > > > > Hi Ben,
> > > > >
> > > > > Please see inline
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > > > > > Sent: Saturday, January 19, 2019 2:33 AM
> > > > > > To: mohamed.boucadair@orange.com
> > > > > > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> > > > > > Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25
> (5th
> > > > > Part)
> > > > > >
> > > > > > This email originated from outside of the organization. Do not
> click
> > > links
> > > > > or
> > > > > > open attachments unless you recognize the sender and know the
> content
> > > is
> > > > > safe.
> > > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > Thanks for all the edits and the published -27.
> > > > > > Assuming I'm actually caught up on all the review/response threads,
> I
> > > think
> > > > > > we're pretty close to being able to go to IETF LC -- here's what I
> see
> > > as
> > > > > still left:
> > > > > >
> > > > > > - We need to settle the risk of needing normative downrefs called
> out
> > > for
> > > > > >   the last call
> > > >
> > > > [Med] I updated the text to:
> > > > * cite 7618/7624 as normative (+ indicate that a similar mechanism to
> false
> > > start may also be defined for DTLS).
> > > > * tweak the TFO text to maintain it as informative.
> > >
> > > Sounds good.
> > >
> > > > > > - I just noticed while reviewing the diff that we also need to say
> a
> > > > > >   little more about (D)TLS 1.3 0-RTT data (more below)
> > > > > > - It looks like we lost the guidance to the Experts and text about
> the
> > > > > >   review mailing list from the IANA Considerations, during the
> > > reshuffling
> > > > > >   around having IANA manage more things
> > > > > >
> > > >
> > > > [Med] That was on purpose. We would like to rely on RFC8126 rules for
> > > deigned expert reviews.
> > >
> > > I'm not sure I understand this -- 8126 explicitly says that documents
> > > should provide guidance to the designated expert on what to look for and
> > > what is grounds for rejecting a request.
> > >
> >
> > [Med] What I meant is that the text we used to have in -25 is generic, and
> IMHO does not bring new guidelines to what is discussed in Section 5 of 8126.
> 
> I think there can still be value in repeating the "general applicability,
> clarity of description, etc. language.  (But it would be even better to
> come up with some guidance that is tightly tailored to DOTS, if we can.)

[Med] I tried, actually. It is indeed when I rechecked 8126 that I found that text is generic. Seeking for expert reviews will be done via IANA, which is familiar with the process of soliciting experts. 

Moreover, I found a bug in the text because it does not apply to the range requiring IETF review, but only to a the comprehensive-optional range. 

> And the text about the mailing list and how to format registration requests
> is definitely not covered in 8126!

[Med] that mailing list is likely to include the designed experts. This is why I thought it is simple to let IANA decide how to reach out designed expert(s) once assigned. 

Anyway, I can reinsert the text if you still think it brings value. 

> 
> > > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that
> "Application
> > > > > > protocols MUST NOT use 0-RTT data without a profile that defines
> its
> > > use.
> > > > > > That profile needs to identify which messages or interactions are
> safe
> > > to
> > > > > use
> > > > > > with 0-RTT and how to handle the situation when the server rejects
> 0-
> > > RTT
> > > > > and
> > > > > > falls back to 1-RTT."  So we either need to say which client
> requests
> > > are
> > > > > 0-RTT
> > > > > > safe (and why) or defer that profile to another document.  draft-
> ietf-
> > > > > dnsop-
> > > > > > session-signal is perhaps an example of a document that specifies
> which
> > > > > > messages are/aren't allowed in early data.
> > > > > > (draft-ietf-acme-acme is another, but an uninteresting one, since
> they
> > > make
> > > > > > every request include a single-use nonce, and all messages are 0-
> RTT
> > > safe.)
> > > > > > Our use of increasing 'mid' values may help here, in terms of
> allowing
> > > > > DELETEs
> > > > > > to be safe, but I'd have to think a little more to be sure that
> > > requesting
> > > > > > mitigation would be safe.  (On first glance the session-managemnet
> bits
> > > > > would
> > > > > > not be safe, but I may be missing something.)
> > > > >
> > > > > The draft only uses idempotent requests (GET, PUT and DELETE), and
> CoAP
> > > is
> > > > > capable of detecting message duplication (see
> > > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both confirmable
> and
> > > > > non-confirmable messages.
> > > > >  [1] An attacker replaying DELETE will not have any adverse impact,
> 2.02
> > > > > (Deleted) Response Code is returned even if the mitigation request
> does
> > > not
> > > > > exist.
> > > > > [2] The techniques discussed in Section 8 of RFC8446 should suffice
> to
> > > handle
> > > > > anti-replay (e.g. an attacker replaying a 0-RTT data carrying an old
> > > > > mitigation request replaced by a new mitigation scope).
> > > > >
> > > >
> > > > [Med] FWIW, we do already have this text in the draft:
> > > >
> > > >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> > > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > > >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> > > >       A DOTS server can reject 0-RTT by sending a TLS
> HelloRetryRequest.
> > >
> > > (As I noted in my reply to Tiru, we need a more explicit statement.)
> > >
> >
> > [Med] OK. If the assessment is confirmed, we can update the text as
> follows:
> >
> >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> >       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
> >       The DOTS signal channel messages sent as early data by the DOTS
> >       client are idempotent requests.  Owing to the protections afforded
> >       by CoAP deduplication (Section 4.5 of [RFC7252]) and RFC 8446
> >       anti-replay mechanisms, all DOTS signal channel messages are safe
> >       to transmit in TLS 1.3 0-RTT data.
> 
> That text would meet the "application profile" requirements.  Hopefully
> it's a true statement so we can actually use it :)
> 

[Med] That is at least the authors' conclusion :) 
We will wait for your ACK before implementing changes and posting the updated version of the draft.

v2.29.0 | Report a Bug | By Email | System Status