On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)

Jari Arkko <jari.arkko@piuha.net> Fri, 21 September 2018 06:11 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81013130DFD for <ietf@ietfa.amsl.com>; Thu, 20 Sep 2018 23:11:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nMjLURvdsYn for <ietf@ietfa.amsl.com>; Thu, 20 Sep 2018 23:11:47 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id DC4C3130DFC for <ietf@ietf.org>; Thu, 20 Sep 2018 23:11:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id D43576601AE; Fri, 21 Sep 2018 09:11:44 +0300 (EEST)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jWwbGasEolX; Fri, 21 Sep 2018 09:11:43 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id B94816600CA; Fri, 21 Sep 2018 09:11:43 +0300 (EEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <20180920194622.GB69847@isc.org>
Date: Fri, 21 Sep 2018 09:11:43 +0300
Cc: Carsten Bormann <cabo@tzi.org>, IETF <ietf@ietf.org>, John C Klensin <john-ietf@jck.com>, ynir.ietf@gmail.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <7DF0DC82-B40A-441F-BFB0-78490121E530@piuha.net>
References: <cafa1282-ae6a-93de-ea4a-d100af28d8b8@digitaldissidents.org> <CAKHUCzxL8xgn2D2W9G=Qk=AXzyw4mmcqPii6GKBSiByRyxbq+Q@mail.gmail.com> <c755471a7f744fdd958759c6c5001147@exchange02.office.nic.se> <20180920170939.GA68853@isc.org> <968547d5-7e96-5c31-69a3-20456baccf1a@comcast.net> <8EF9ACE5-7D4C-4511-B9B0-FDAE121FF2B6@tzi.org> <20180920194622.GB69847@isc.org>
To: Evan Hunt <each@isc.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/aCVTb7EDJyOkPAFSO3qd17oMiXE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2018 06:11:50 -0000

Evan, Carsten, John, Yoav,

> On Thu, Sep 20, 2018 at 09:10:51PM +0200, Carsten Bormann wrote:
>> The up-to-date term of art is “middleperson attack”
> 
> Perhaps "on-path attack".


I agree.

I have actually preferred the use of the "on-path attacker” for a long time, for reasons not associated with this thread. While I have certainly used the term man-in-the-middle (and it is a widely understood term), for some reason I have found it imprecise. With “on-path” I can be accurate about the location of the attacker. It is also IMHO more nicely enhanced with additional qualifiers and variations:

on-path attacker
on-path active attacker
on-path passive attacker (or eavesdropper)
off-path attacker

The principle that should apply is the description of something in clearly understandable language, using the characteristics of that something. And adding gender to those characteristics is just technically wrong, as John points out below.

(There may be some other common attacks that deserve a good term. Or maybe I just don’t know what the term is. E.g., what is the name of an attack where there’s a central server between users, and it is the server that misbehaves?)

> As an
> example, I've always found "man-in-the-middle" terminology
> problematic, but at least as much because it implies human
> intervention rather than something more automated as because of
> gender. 

+1

> I don’t think we are promoting inclusiveness by resorting to obscure mythology

+1

Jari