Re: Gen-ART review of draft-dukhovni-opportunistic-security-01
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 11 July 2014 02:39 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DCD1A01C1 for <ietf@ietfa.amsl.com>; Thu, 10 Jul 2014 19:39:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfZLDlldtepp for <ietf@ietfa.amsl.com>; Thu, 10 Jul 2014 19:39:56 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3721A01AD for <ietf@ietf.org>; Thu, 10 Jul 2014 19:39:56 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 2AF722AB2A6; Fri, 11 Jul 2014 02:39:55 +0000 (UTC)
Date: Fri, 11 Jul 2014 02:39:55 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: Gen-ART review of draft-dukhovni-opportunistic-security-01
Message-ID: <20140711023954.GY27568@mournblade.imrryr.org>
References: <CABkgnnV-z1_WKcFF4W3-4MP6o42mi1W5+xa___M2evMwQfmrmw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnV-z1_WKcFF4W3-4MP6o42mi1W5+xa___M2evMwQfmrmw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/EVSJDKt8qgrNYQVCLLhbbsfuw2k
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 02:39:58 -0000
On Thu, Jul 10, 2014 at 05:16:15PM -0700, Martin Thomson wrote: > Major issues: > > This misses one of the key principles behind opportunistic security: Strongly disagree. Opportunistic security does not always downgrade to unauthenticated or unencrypted communication. For example, with opportunistic use of DANE TLS, authentication is enforced for peers with usable TLSA records, while communication with other peers is unauthenticated or perhaps even unencrypted. So in fact, this draft specifically, and deliberately leaves the door open for MiTM-resistant authentication of peers for which some suitable mechanism (DANE, TOFU, ...) makes authentication possible. > Insistence on failure, as opposed to downgrade or some lesser level > of security - a characteristic of non-opportunistic security - elicits > responses from users to work around the problem (accept the bad > certificate, suppress certificate checking, etc...). For MTA-to-MTA SMTP there is no user to click OK. Not all applications are web browsers. > The willingness > of an opportunistic security implementation to accept unvalidated > credentials means that it still benefits from resilience against > passive attack. This is only really noted through an example of a > "design blunder". Opportunistic security is NOT a synonym for unauthenticated encryption. > The document skirts around it's key goal: defining OS. Section 2 > needs to start with a definition. The paragraph that follows the list > in S2 is a reasonable attempt at that and could be tweaked fairly > perform that function. The definition is a summary of the design principles. We're defining an umbrella term for a family of protocols sharing a design philosophy. It is helpful to set out the design principles first, and then state that OS protocols are those that adhere the design principles, and amplify the key points. > The Security Considerations is a response to an unstated argument, but > I think that the document needs to be clearer about what that argument > is, i.e.: > > The willingness of an OS implementation to downgrade can be > trivially exploited by an active attacker to strip an opportunistic > mechanisms. The Security Considerations section says that some protection is strictly better than no protection. Thus it is often OK to accept some protection, even if some risks are left unmitigated. > Section 3 is unnecessary in its entirety: No terminology section required? It is a subset of the Terminology from Steve Kent's draft. If it is felt that all the requisite terms are adequately defined in-line, I am not opposed to its removal, for this draft less bloat is better. It should be a succint definition. > 1. 2119 language isn't really appropriate for this document. Many > of the statements that rely on this would be much better without that > language. Some of the uses are actually completely inappropriate: > "When possible, opportunistic security SHOULD provide stronger > security on a peer-by-peer basis." I can downcase the "SHOULD", what is the objection to 2119? > 2. I think that the description of "unauthenticated encryption" and > "TOFU" belong in the text proper. TOFU is covered well enough by the > text in S1; unauthenticated encryption needs to be covered in the > description as a first class section, rather than piecemeal (see > above). MitM and PFS are defined in RFC4949. Anyone care to suggest new language? Is there agreement that the proposed changes are needed? -- Viktor.
- Re: Gen-ART review of draft-dukhovni-opportunistiā¦ Viktor Dukhovni