IETF Logo Mail Archive

Re: [Atoca] Requirement for Originator Authentication?

"Thomson, Martin" <Martin.Thomson@andrew.com> Sun, 16 January 2011 23:29 UTC

Return-Path: <Martin.Thomson@andrew.com>
X-Original-To: earlywarning@core3.amsl.com
Delivered-To: earlywarning@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFD0728C0CE for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 15:29:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.536
X-Spam-Level:
X-Spam-Status: No, score=-2.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20GvoK1mOJxe for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 15:29:51 -0800 (PST)
Received: from csmailgw1.commscope.com (csmailgw1.commscope.com [198.135.207.244]) by core3.amsl.com (Postfix) with ESMTP id 1A12B3A6E63 for <earlywarning@ietf.org>; Sun, 16 Jan 2011 15:29:50 -0800 (PST)
Received: from [10.86.20.102] ([10.86.20.102]:51837 "EHLO ACDCE7HC1.commscope.com") by csmailgw1.commscope.com with ESMTP id S41426324Ab1APXcU (ORCPT <rfc822; earlywarning@ietf.org>); Sun, 16 Jan 2011 17:32:20 -0600
Received: from SISPE7HC2.commscope.com (10.97.4.13) by ACDCE7HC1.commscope.com (10.86.20.102) with Microsoft SMTP Server (TLS) id 8.3.137.0; Sun, 16 Jan 2011 17:32:20 -0600
Received: from SISPE7MB1.commscope.com ([fe80::9d82:a492:85e3:a293]) by SISPE7HC2.commscope.com ([fe80::58c3:2447:f977:57c3%10]) with mapi; Mon, 17 Jan 2011 07:32:17 +0800
From: "Thomson, Martin" <Martin.Thomson@andrew.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "earlywarning@ietf.org" <earlywarning@ietf.org>, Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Date: Mon, 17 Jan 2011 07:32:09 +0800
Thread-Topic: [Atoca] Requirement for Originator Authentication?
Thread-Index: Acu06rVOLwvhgOa0T5WSS8cq4sczfAA5M37g
Message-ID: <8B0A9FCBB9832F43971E38010638454F03F52595D6@SISPE7MB1.commscope.com>
References: <D15CC605-98D7-4959-9CA3-7B1ADED306D6@gmx.net>
In-Reply-To: <D15CC605-98D7-4959-9CA3-7B1ADED306D6@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-cr-puzzleid: {9C5849DE-E27E-47CA-91DA-C7378CB587E0}
x-cr-hashedpuzzle: EmeP E7q9 Fv9Y LByE O0vN O9+p RBKH RYyZ SnfP Ss3c XfEX alrI bw89 cAyw cqSV dm31; 3; ZQBhAHIAbAB5AHcAYQByAG4AaQBuAGcAQABpAGUAdABmAC4AbwByAGcAOwBoAGEAbgBuAGUAcwAuAHQAcwBjAGgAbwBmAGUAbgBpAGcAQABnAG0AeAAuAG4AZQB0ADsAaQBnAG8AcgAuAGYAYQB5AG4AYgBlAHIAZwBAAGEAbABjAGEAdABlAGwALQBsAHUAYwBlAG4AdAAuAGMAbwBtAA==; Sosha1_v1; 7; {9C5849DE-E27E-47CA-91DA-C7378CB587E0}; bQBhAHIAdABpAG4ALgB0AGgAbwBtAHMAbwBuAEAAYQBuAGQAcgBlAHcALgBjAG8AbQA=; Sun, 16 Jan 2011 23:32:09 GMT; UgBFADoAIABbAEEAdABvAGMAYQBdACAAUgBlAHEAdQBpAHIAZQBtAGUAbgB0ACAAZgBvAHIAIABPAHIAaQBnAGkAbgBhAHQAbwByACAAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAD8A
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-BCN: Meridius 1000 Version 3.4 on csmailgw1.commscope.com
X-BCN-Sender: Martin.Thomson@andrew.com
Subject: Re: [Atoca] Requirement for Originator Authentication?
X-BeenThere: earlywarning@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <earlywarning.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/earlywarning>
List-Post: <mailto:earlywarning@ietf.org>
List-Help: <mailto:earlywarning-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jan 2011 23:29:52 -0000

On 2011-01-16 at 06:30:33, Hannes Tschofenig wrote:
> Igor raised an interesting question during the meeting in context of
> the security threats, namely:
> 
> " Do we have the requirement to authenticate the originator? "

The question that I heard was not so much related to authentication as it was to authorization.  There was also a question about whether authentication was identity-based or on some other property, like some asserted trait.

What statements can we make about how recipients (and relays) authorize the receipt (and sending) of alert messages?
 
> I couldn't provide him an answer during the meeting because I was not
> quite sure whether he was asking the question in the style of
> 
> "Do we need end-to-end security or is a hop-by-hop security solution
> good enough?"

In the context of this interpretation, I think that there's a real need to delegate alert distribution.  The scale of distribution makes intermediaries a valuable addition.  Relying on the integrity of relays makes the authorization question more difficult to resolve.

For something concrete, the relay case is probably the simplest.  I might trust my signalling peer to a certain extent.  I certainly don't trust them enough to generate the massive packet storm requested by an alert message.  They might say the alert comes from the government, but I might require better proof than their say-so alone.  Distributing an alert will cost me money and I want proof.

That's one argument.  The other argument says that peering relationships require a degree of trust that would not be broken without serious ramifications - enough to discourage its abuse.

The recipient case might have some interesting quirks.  Particularly in wholesale/reseller arrangements.  A recipient that relies on hop-by-hop might receive an alert from the network operator: an entity with whom they have no direct relationship.  For instance, no fewer than two different operators are involved in getting packets to my house, neither of which I have a business relationship with.  How would someone - ignorant of the convoluted business arrangements that underpin their Internet service - decide to authorize an alert that is relayed by either party?

--Martin

v2.23.0 | Report a Bug | By Email