Re: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)
Donald Eastlake <d3e3e3@gmail.com> Fri, 21 September 2018 13:48 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC17130DC0 for <ietf@ietfa.amsl.com>; Fri, 21 Sep 2018 06:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNTncOKN2VN1 for <ietf@ietfa.amsl.com>; Fri, 21 Sep 2018 06:48:53 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9EA812F1A6 for <ietf@ietf.org>; Fri, 21 Sep 2018 06:48:52 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id w11-v6so12274247iob.2 for <ietf@ietf.org>; Fri, 21 Sep 2018 06:48:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Gg9w4+UUx2S6dzLWd1GDEojmBtj26OyHfLuA8bjWNvI=; b=kiTjbDln0i8NyAGnKO5Ime9Yi3QH2yokHxT9/uTtMhfqX8gfR/6seeXZvu3IEEYL3/ NuJiWUnu9obzGYSPrhxGjGdj2qxMBBdydG0wp7QDGAXq6wF0yXPWlvdQbCnreaATFu55 5DRKtMpJUy8uM3WR3+jUP9nOroH+TXNUKYco2nachvYm7S2BfB9EeDeHvxcUogovnExP ngbdVajbqaySTqWUFw3Hv4yHe2FP/32Try1vuwQVEm1rvRJ+c+s8RkGyy4obLlUk/l4u M5alU7r98Bbg9vi1YSY32bDh9eLKU7lVeG267hMqaaFUzqRxm2ET3w5d1UnC37OKs/NM EG0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Gg9w4+UUx2S6dzLWd1GDEojmBtj26OyHfLuA8bjWNvI=; b=D6Q767+MI/jJArhXDHia61tg7THnGTtB6LFQMUEwdNdq9cW8EeN1gGFtmCXiusxPlQ NbwDl9V02wzGkQkerB+Z7mQx5r55VME4V0ur73B8r0/hcEvUY3D9/c8xMrnBiOIJi4UN 8pJFiNupGMbjTgKaLGeoLx5Rq/ANmm5Qil32jWypmdDP4p/I0rhO3y/ng9UuGhMdLVE4 orEvkEOdUJ9DODdPyvHUl4PR1xLT+7hfBCxMaxpXNDU5ex6C2tI3NtRHhXyw69NKJlTD yhEHCKgCXWfNZZ1hBPo+etiBxZ0Uf9SrsZTiMTGRcTOAWS5vuX6K1dED5ZKMQWWnGIky W3ZA==
X-Gm-Message-State: ABuFfog/X4P2q/wcPXotsdgh/v0ylWoNd16HRCusN0Ktu6Vwn5dCdpdm NQICIyGUDmhKLgjaHkfl3qoWHtvIDbhFJM33cJ1AHjRe
X-Google-Smtp-Source: ACcGV60o2AA/2WYvWAjrDZS98zGpSdYOGupBHerjmoycjd8kEE1CRyMYA1/Dn1gj/ubq/rh5MdpM054XlaV6U4iMC9U=
X-Received: by 2002:a6b:24e:: with SMTP id 75-v6mr1935492ioc.131.1537537731728; Fri, 21 Sep 2018 06:48:51 -0700 (PDT)
MIME-Version: 1.0
References: <cafa1282-ae6a-93de-ea4a-d100af28d8b8@digitaldissidents.org> <CAKHUCzxL8xgn2D2W9G=Qk=AXzyw4mmcqPii6GKBSiByRyxbq+Q@mail.gmail.com> <c755471a7f744fdd958759c6c5001147@exchange02.office.nic.se> <20180920170939.GA68853@isc.org> <968547d5-7e96-5c31-69a3-20456baccf1a@comcast.net> <8EF9ACE5-7D4C-4511-B9B0-FDAE121FF2B6@tzi.org> <20180920194622.GB69847@isc.org> <7DF0DC82-B40A-441F-BFB0-78490121E530@piuha.net> <CAHbuEH5pPGaEjx=r68DDBndsqMV_4jDmL95=8Lkdkabmz5Xa4w@mail.gmail.com>
In-Reply-To: <CAHbuEH5pPGaEjx=r68DDBndsqMV_4jDmL95=8Lkdkabmz5Xa4w@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 21 Sep 2018 09:48:39 -0400
Message-ID: <CAF4+nEEWDM0jem7knoYDs9A5fM5M=_vbtSNOkLhi57_x2mq4+A@mail.gmail.com>
Subject: Re: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)
To: IETF Discussion <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/4iF3_8MADiLsiFinON3CrA0V_MA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2018 13:48:54 -0000
On Fri, Sep 21, 2018 at 9:17 AM Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > On Fri, Sep 21, 2018 at 2:12 AM Jari Arkko <jari.arkko@piuha.net> wrote: >> >> Evan, Carsten, John, Yoav, >> >> > On Thu, Sep 20, 2018 at 09:10:51PM +0200, Carsten Bormann wrote: >> >> The up-to-date term of art is “middleperson attack” >> > >> > Perhaps "on-path attack". >> >> I agree. >> >> I have actually preferred the use of the "on-path attacker” for a long time, for reasons not associated with this thread. While I have certainly used the term man-in-the-middle (and it is a widely understood term), for some reason I have found it imprecise. With “on-path” I can be accurate about the location of the attacker. It is also IMHO more nicely enhanced with additional qualifiers and variations: >> >> on-path attacker >> on-path active attacker >> on-path passive attacker (or eavesdropper) >> off-path attacker I don't quite agree. The essence of X-in-the-middle, say between B and C, is that B and C end up only conversing with X. That is to say, there are no messages directly between B and C because the attacker is blocking them or because the attack causes B and C to be confused and only exchange messages with X even though B and C could directly exchange messages if they tried. "on-path" only implies ability to observe messages. "active" only implies that the attacker initiates messages or interferes with existing messages. Thus all X-in-the-middle attackers are "on-path active attackers" but not all "on-path active attackers" are X-in-the-middle attackers. For example I do not consider an on-line active attacker that observes traffic and just inserts new messages to mess things up, for example a replay attacker, to be an X-in-the middle attacker. Thanks, Donald > This sounds like a good suggestion to me, a direct and to the point description. > > Thanks, > Kathleen >> >> >> The principle that should apply is the description of something in clearly understandable language, using the characteristics of that something. And adding gender to those characteristics is just technically wrong, as John points out below. >> >> (There may be some other common attacks that deserve a good term. Or maybe I just don’t know what the term is. E.g., what is the name of an attack where there’s a central server between users, and it is the server that misbehaves?) >> >> > As an >> > example, I've always found "man-in-the-middle" terminology >> > problematic, but at least as much because it implies human >> > intervention rather than something more automated as because of >> > gender. >> >> +1 >> >> > I don’t think we are promoting inclusiveness by resorting to obscure mythology >> >> +1 >> >> Jari >> > > > -- > > Best regards, > Kathleen
- Diversity and offensive terminology in RFCs Niels ten Oever
- Re: Diversity and offensive terminology in RFCs Riccardo Bernardini
- Re: Diversity and offensive terminology in RFCs Stewart Bryant
- Re: Diversity and offensive terminology in RFCs Petr Špaček
- Re: Diversity and offensive terminology in RFCs Niels ten Oever
- Re: Diversity and offensive terminology in RFCs Dave Cridland
- Re: Diversity and offensive terminology in RFCs Loa Andersson
- Re: Diversity and offensive terminology in RFCs Mukund Sivaraman
- SV: Diversity and offensive terminology in RFCs Anne-Marie Eklund-Löwinder
- RE: Diversity and offensive terminology in RFCs Roberta Maglione (robmgl)
- Re: Diversity and offensive terminology in RFCs Ole Troan
- Re: Diversity and offensive terminology in RFCs Michal Krsek
- Re: Diversity and offensive terminology in RFCs Tony Finch
- Re: Diversity and offensive terminology in RFCs Job Snijders
- Re: Diversity and offensive terminology in RFCs Anton Ivanov
- Re: Diversity and offensive terminology in RFCs Anton Ivanov
- RE: Diversity and offensive terminology in RFCs Adrian Farrel
- Re: SV: Diversity and offensive terminology in RF… Jaap Akkerhuis
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Andrew Sullivan
- Re: Diversity and offensive terminology in RFCs Kathleen Moriarty
- Re: Diversity and offensive terminology in RFCs lloyd.wood
- Re: Diversity and offensive terminology in RFCs Carsten Bormann
- Re: SV: Diversity and offensive terminology in RF… lloyd.wood
- Re: Diversity and offensive terminology in RFCs Paul Wouters
- Re: Diversity and offensive terminology in RFCs Paul Wouters
- Re: Diversity and offensive terminology in RFCs lloyd.wood
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Stephan Wenger
- Re: Diversity and offensive terminology in RFCs Mark Nottingham
- Re: Diversity and offensive terminology in RFCs Stephen Farrell
- RE: Diversity and offensive terminology in RFCs John E Drake
- Re: Diversity and offensive terminology in RFCs Melinda Shore
- Re: Diversity and offensive terminology in RFCs Dick Franks
- Re: Diversity and offensive terminology in RFCs ned+ietf
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Melinda Shore
- Re: Diversity and offensive terminology in RFCs Melinda Shore
- Re: Diversity and offensive terminology in RFCs Paul Hoffman
- Re: SV: Diversity and offensive terminology in RF… Evan Hunt
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- ""Man-in-the-middle""? <was, Re: SV: Diversity an… Charlie Perkins
- Re: Diversity and offensive terminology in RFCs Evan Hunt
- Re: Diversity and offensive terminology in RFCs Melinda Shore
- Re: Diversity and offensive terminology in RFCs Evan Hunt
- Re: SV: Diversity and offensive terminology in RF… Michael StJohns
- Re: ""Man-in-the-middle""? <was, Re: SV: Diversit… Dave Aronson
- Re: SV: Diversity and offensive terminology in RF… Heather Flanagan
- Re: Diversity and offensive terminology in RFCs Mark Nottingham
- Re: Diversity and offensive terminology in RFCs Heather Flanagan
- Re: Diversity and offensive terminology in RFCs Evan Hunt
- Re: Diversity and offensive terminology in RFCs Carsten Bormann
- Re: Diversity and offensive terminology in RFCs Ted Lemon
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Evan Hunt
- Re: Diversity and offensive terminology in RFCs Carsten Bormann
- Re: Diversity and offensive terminology in RFCs John C Klensin
- Re: Diversity and offensive terminology in RFCs Carsten Bormann
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: SV: Diversity and offensive terminology in RF… Anton Ivanov
- Re: Diversity and offensive terminology in RFCs Yoav Nir
- Re: Diversity and offensive terminology in RFCs Kyle Rose
- Re: Diversity and offensive terminology in RFCs Brian E Carpenter
- Re: Diversity and offensive terminology in RFCs Carsten Bormann
- Re: Diversity and offensive terminology in RFCs Dave Cridland
- Re: Diversity and offensive terminology in RFCs Ted Lemon
- Re: why exactly is HRPC for, was Diversity and of… John Levine
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Ted Lemon
- Re: Diversity and offensive terminology in RFCs Brian E Carpenter
- Re: Diversity and offensive terminology in RFCs Mark Rousell
- Re: why exactly is HRPC for, was Diversity and of… Mark Rousell
- Re: why exactly is HRPC for, was Diversity and of… Melinda Shore
- Re: Diversity and offensive terminology in RFCs Alia Atlas
- Re: why exactly is HRPC for, was Diversity and of… Allison Mankin
- Re: Diversity and offensive terminology in RFCs Mark Rousell
- Re: Diversity and offensive terminology in RFCs Mark Rousell
- Re: Diversity and offensive terminology in RFCs Mark Rousell
- Re: Diversity and offensive terminology in RFCs Phillip Hallam-Baker
- Re: Diversity and offensive terminology in RFCs Lloyd Wood
- Re: Diversity and offensive terminology in RFCs Lloyd Wood
- On-path attackers (Was: Re: Diversity and offensi… Jari Arkko
- Re: why exactly is HRPC for, was Diversity and of… Eliot Lear
- Re: why exactly is HRPC for, was Diversity and of… Niels ten Oever
- Re: why exactly is HRPC for, was Diversity and of… Lloyd Wood
- Re: Diversity and offensive terminology in RFCs Eliot Lear
- Re: On-path attackers (Was: Re: Diversity and off… Kathleen Moriarty
- Re: Diversity and offensive terminology in RFCs Alissa Cooper
- Re: why exactly is HRPC for, was Diversity and of… Paul Wouters
- Re: why exactly is HRPC for, was Diversity and of… Ted Lemon
- Re: On-path attackers (Was: Re: Diversity and off… Donald Eastlake
- Re: why exactly is HRPC for, was Diversity and of… Lloyd Wood
- Re: Diversity and offensive terminology in RFCs Niels ten Oever
- Re: On-path attackers (Was: Re: Diversity and off… Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Ted Lemon
- Re: Diversity and offensive terminology in RFCs Anton Ivanov
- Re: On-path attackers (Was: Re: Diversity and off… Ted Lemon
- Re: why exactly is HRPC for, was Diversity and of… John R Levine
- Re: Diversity and offensive terminology in RFCs Paul Wouters
- Re: Diversity and offensive terminology in RFCs Eliot Lear
- Re: Diversity and offensive terminology in RFCs Phillip Hallam-Baker
- Re: Diversity and offensive terminology in RFCs Toerless Eckert
- Re: Diversity and offensive terminology in RFCs Nico Williams
- Re: why exactly is HRPC for, was Diversity and of… Avri
- Re: Diversity and offensive terminology in RFCs Spencer Dawkins at IETF
- Re: Diversity and offensive terminology in RFCs Dave Cridland
- Re: why exactly is HRPC for, was Diversity and of… John Levine
- Re: why exactly is HRPC for, was Diversity and of… Spencer Dawkins at IETF
- Re: why exactly is HRPC for, was Diversity and of… Allison Mankin
- Tell me if I should send this Re: why exactly is … Mallory Knodel
- Mallory-in-the-middle attacks (Re: SV: Diversity … Nico Williams
- Re: Diversity and offensive terminology in RFCs Nico Williams
- Re: On-path attackers (Was: Re: Diversity and off… Brian E Carpenter
- Re: Diversity and offensive terminology in RFCs Glenn Deen
- Re: Mallory-in-the-middle attacks (Re: SV: Divers… Nico Williams
- Re: Tell me if I should send this Re: why exactly… lloyd.wood
- Re: Mallory-in-the-middle attacks (Re: SV: Divers… Mallory Knodel
- Re: why exactly is HRPC for, was Diversity and of… Mallory Knodel
- Re: Diversity and offensive terminology in RFCs Abdussalam Baryun
- Re: why exactly is HRPC for, was Diversity and of… S Moonesamy
- Re: why exactly is HRPC for, was Diversity and of… Mallory Knodel