IETF Logo Mail Archive

Re: Protocol Design Pattern (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>)

Paul Wouters <paul@nohats.ca> Sun, 17 August 2014 14:58 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C2741A09D3; Sun, 17 Aug 2014 07:58:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.668
X-Spam-Level:
X-Spam-Status: No, score=-2.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oPxkX7Bu_jNl; Sun, 17 Aug 2014 07:58:51 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B6051A09A7; Sun, 17 Aug 2014 07:58:51 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6096880048; Sun, 17 Aug 2014 10:58:50 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1408287530; bh=7Zl67rPIwi6Je2EXjI2/n/2BWhZgKl7PpQY76A6pB1U=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=EevlUGQ64TgvRYax5JVoS1AW5uvMcM71UbSQn2QipGz3vaxJomdvV+Ci37LBGEKY2 ffXocfIcxNZPY6GCAQCfDxNP4UJgwGcOBAX2dHb89eidwxh0bM+uQ5OfuLnYtjBfNU JLNVX+2v6Sb9i5gNMcYtAI8/Lo530cq3u52OiD74=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s7HEwmBJ005666; Sun, 17 Aug 2014 10:58:48 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sun, 17 Aug 2014 10:58:48 -0400
From: Paul Wouters <paul@nohats.ca>
To: Nico Williams <nico@cryptonector.com>
Subject: Re: Protocol Design Pattern (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>)
In-Reply-To: <20140816200706.GA8110@localhost>
Message-ID: <alpine.LFD.2.10.1408171047510.5233@bofh.nohats.ca>
References: <20140708150940.1412.7682.idtracker@ietfa.amsl.com> <53E4DF84.5030509@cs.tcd.ie> <53EDF437.6070108@cs.tcd.ie> <53EE7D42.2030900@bbn.com> <53EEA46F.80006@bbiw.net> <20140816200706.GA8110@localhost>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/99Z4M7uSP096A2AD-oWMYhLwcrY
Cc: ietf@ietf.org, Dave Crocker <dcrocker@bbiw.net>, saag <saag@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Aug 2014 14:58:52 -0000

On Sat, 16 Aug 2014, Nico Williams wrote:

>> However a quick search on the term produced some troubling existing
>> usages that conflict with the usage in the draft:
>
> Bikeshedding is what this is.

Except in this day, the bikeshed needn't have a name. Our products are
RFC numbers. As I said before, why define a term that we can't agree on?

Just call this document something like "Defending against pervasive
monitors". Get rid of "OS" and "opportunistic security" and "design
patterns". That's the actual bikeshed paint we don't need.

> Another question, even more important, is whether OS (the proposed
> protocol design pattern, not the term) is on the right path or whether
> it is dangerous, or how to improve it.  I've yet to see anargument that
> Viktor's OS proposal is weak tea, dangerous, or could be improved, only
> lots and lots of verbiage about verbiage.

I've actually contributed quite some text for clarifications (see git
history) and I know others have too, despite the paint discussion).
I've also suggested this document brings in mroe technical content helping
protocol designs but to some that seemed out of scope and a matter for
another document. To me, once you remove the sillyness of the terminology,
this document is precisely about giving protocol engineers generic help.

Things I came up with that I think belong in this document

- encrypt as much as possibly as soon as possible. eg no SNI style leaks
- Mandate PFS/session keys protection (Viktor included that in -03)
- Don't ask more identifying data then you need for protocol functioning
   (generic privacy/anonimity practises)
- Follow RFCs as strict as possible to defeat fingerprinting attacks
- If a connection is one-sided authenticated (eg like TLS) ensure your
   protocol is okay with a role-reversal (eg if it needs to authenticate
   the end that was anonymous)
- Ensure crypto agility doesn't come at the cost of more RTTs when the
   world moves to something stronger (eg the IKE modp problem)

Paul

v2.37.1 | Report a Bug | By Email | System Status