Re: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)

[Toerless Eckert <tte@cs.fau.de>]

Less is more. We already refer to such entities as "middlebox".

"middlebox attack", "middlebox intervention". 

Box is the new Man ?

Toerless

On Fri, Sep 21, 2018 at 09:48:39AM -0400, Donald Eastlake wrote:
> On Fri, Sep 21, 2018 at 9:17 AM Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
> >
> > On Fri, Sep 21, 2018 at 2:12 AM Jari Arkko <jari.arkko@piuha.net> wrote:
> >>
> >> Evan, Carsten, John, Yoav,
> >>
> >> > On Thu, Sep 20, 2018 at 09:10:51PM +0200, Carsten Bormann wrote:
> >> >> The up-to-date term of art is ???middleperson attack???
> >> >
> >> > Perhaps "on-path attack".
> >>
> >> I agree.
> >>
> >> I have actually preferred the use of the "on-path attacker??? for a long time, for reasons not associated with this thread. While I have certainly used the term man-in-the-middle (and it is a widely understood term), for some reason I have found it imprecise. With ???on-path??? I can be accurate about the location of the attacker. It is also IMHO more nicely enhanced with additional qualifiers and variations:
> >>
> >> on-path attacker
> >> on-path active attacker
> >> on-path passive attacker (or eavesdropper)
> >> off-path attacker
> 
> I don't quite agree. The essence of X-in-the-middle, say between B and
> C, is that B and C end up only conversing with X. That is to say,
> there are no messages directly between B and C because the attacker is
> blocking them or because the attack causes B and C to be confused and
> only exchange messages with X even though B and C could directly
> exchange messages if they tried. "on-path" only implies ability to
> observe messages. "active" only implies that the attacker initiates
> messages or interferes with existing messages.
> 
> Thus all X-in-the-middle attackers are "on-path active attackers" but
> not all "on-path active attackers" are X-in-the-middle attackers. For
> example I do not consider an on-line active attacker that observes
> traffic and just inserts new messages to mess things up, for example a
> replay attacker, to be an X-in-the middle attacker.
> 
> Thanks,
> Donald
> 
> > This sounds like a good suggestion to me, a direct and to the point description.
> >
> > Thanks,
> > Kathleen
> >>
> >>
> >> The principle that should apply is the description of something in clearly understandable language, using the characteristics of that something. And adding gender to those characteristics is just technically wrong, as John points out below.
> >>
> >> (There may be some other common attacks that deserve a good term. Or maybe I just don???t know what the term is. E.g., what is the name of an attack where there???s a central server between users, and it is the server that misbehaves?)
> >>
> >> > As an
> >> > example, I've always found "man-in-the-middle" terminology
> >> > problematic, but at least as much because it implies human
> >> > intervention rather than something more automated as because of
> >> > gender.
> >>
> >> +1
> >>
> >> > I don???t think we are promoting inclusiveness by resorting to obscure mythology
> >>
> >> +1
> >>
> >> Jari
> >>
> >
> >
> > --
> >
> > Best regards,
> > Kathleen

-- 
---
tte@cs.fau.de