IETF Logo Mail Archive

Re: [saag] Fwd: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

Rene Struik <rstruik.ext@gmail.com> Fri, 11 July 2014 14:09 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC411B2B06; Fri, 11 Jul 2014 07:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzqwurVxnefY; Fri, 11 Jul 2014 07:09:31 -0700 (PDT)
Received: from mail-ig0-x234.google.com (mail-ig0-x234.google.com [IPv6:2607:f8b0:4001:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0DC91B2B1D; Fri, 11 Jul 2014 07:09:06 -0700 (PDT)
Received: by mail-ig0-f180.google.com with SMTP id l13so1016824iga.13 for <multiple recipients>; Fri, 11 Jul 2014 07:09:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=0fujVlMbsXz5EalpHWWMHSDAXF/KCjd2Spx5FQNSXjo=; b=y0IrWa81Xfs2NZaI2HHHArTxaKjUJQhxyOPjWp4lFn9dvLYtIgiUyeuTpOp7psP16O 07Fh6UAL7m5g5QdP5XPNnfq8oik5+s75mp/GB8vssXtxWy3IY94P12SUZz8TtKD6ocWx Q132pI7qOICqwP7fBv+NZJNqlkOJYel0wMAxFjzWEGRoDjuFxXOkL/yndazaCuFJY4E2 sqofmS0vuM2YiyZae/r4o2yYhXFHQhk0F2Q9lfoZrOPQ1h5KMZJw5cwaJw0lbyEEK9Bj iZJ90KG5YqEou68yC8FhxkOKt7OI3w9hAshWF3wLOUlUBr6ckjHpUjPE7SBqRI4HV72L l9vQ==
X-Received: by 10.42.202.14 with SMTP id fc14mr5042096icb.8.1405087746117; Fri, 11 Jul 2014 07:09:06 -0700 (PDT)
Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.3.110]) by mx.google.com with ESMTPSA id db12sm6268697igc.14.2014.07.11.07.09.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 11 Jul 2014 07:09:05 -0700 (PDT)
Message-ID: <53BFEFFB.80809@gmail.com>
Date: Fri, 11 Jul 2014 10:08:59 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [saag] Fwd: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
References: <20140708150940.1412.7682.idtracker@ietfa.amsl.com> <53BC0F94.8020608@cs.tcd.ie>
In-Reply-To: <53BC0F94.8020608@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/5VBuPY1iQpJqFbBn18-ZPsi4dyo
X-Mailman-Approved-At: Fri, 11 Jul 2014 08:34:24 -0700
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 14:09:33 -0000

Dear colleagues:

One of my concerns with Optimistic Encryption is that it may have as 
side effect that it may be tempting for implementers to move from secure 
and authentic channel set-up to just encrypted (but unauthenticated) 
channels, since it - how convenient - removes the need for any admin... 
I can already see arguments about why one should spend money on 
authentication support if the attack window is so small, etc., akin to 
discussions I have seen rampant in industrial control settings, where 
some people have argued that communicating symmetric keys wirelessly 
over the air for bootstrapping is okay, "since nobody would listen in 
anyway". I think this is a major risk.

If this "substitution risk" would materialize, we might actually lower 
the bar  and set back the clock nearly 40 years, since realizing 
encrypted, unauthenticated  channels already proposed in the 1976 paper 
on "New Directions in Cryptography".

Shouldn't one at least add some more extensive verbiage about security 
policy enforcement? After all, reason to do authentication would be to 
have some evidence on the party one is communicating with and can then 
arrive at more fine-grained conclusions as to authorization and scope 
hereof, based on that evidence.

The the day-to-day risk for security architectures may be increase of 
admin cost if there would ever be a lifecycle event after initial 
provisioning and where lack of authentication may really hurt.

Rene

On 7/8/2014 11:34 AM, Stephen Farrell wrote:
> IETF LC started as promised.
>
> Cheers,
> S.
>
>
> -------- Original Message --------
> Subject: Last Call: <draft-dukhovni-opportunistic-security-01.txt>
> (Opportunistic Security: some protection most of the time) to
> Informational RFC
> Date: Tue, 08 Jul 2014 08:09:40 -0700
> From: The IESG <iesg-secretary@ietf.org>
> Reply-To: ietf@ietf.org
> To: IETF-Announce <ietf-announce@ietf.org>
>
>
> The IESG has received a request from an individual submitter to consider
> the following document:
> - 'Opportunistic Security: some protection most of the time'
>    <draft-dukhovni-opportunistic-security-01.txt> as Informational RFC
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2014-08-05. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
>
>     This memo defines the term "opportunistic security".  In contrast to
>     the established approach of delivering strong protection some of the
>     time, opportunistic security strives to deliver at least some
>     protection most of the time.  The primary goal is therefore broad
>     interoperability, with security policy tailored to the capabilities
>     of peer systems.
>
>
>
>
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-dukhovni-opportunistic-security/
>
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-dukhovni-opportunistic-security/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
> This document and a predecessor have been the subject of discussion
> on the saag mailing list. [1]
>
>      [1] https://www.ietf.org/mail-archive/web/saag/current/maillist.html
>
>
>
>
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

v2.23.0 | Report a Bug | By Email