Re: Security for various IETF services
Phillip Hallam-Baker <hallam@gmail.com> Wed, 09 April 2014 13:12 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237D51A02A4 for <ietf@ietfa.amsl.com>; Wed, 9 Apr 2014 06:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8S5dptrh2CKu for <ietf@ietfa.amsl.com>; Wed, 9 Apr 2014 06:12:17 -0700 (PDT)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C49BB1A028C for <ietf@ietf.org>; Wed, 9 Apr 2014 06:12:16 -0700 (PDT)
Received: by mail-la0-f47.google.com with SMTP id pn19so1126917lab.34 for <ietf@ietf.org>; Wed, 09 Apr 2014 06:12:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=iJU4fI87/k6u7JK5qX1Jka6QLnvlN1HThAA+bompvjg=; b=EG+LWPlM+6w3VMNJb/dTAoXUwnrVSbQqnGCZtEvB3ROe9bJiLvlfjHjWc3ZMgEDHlT vhvQBDE3btg24fJsvc6b95pXvAHZLR/BUG83YbHghOb0u8EWczb0hdU44Tj2OUdrJBKh 2f5yd2xMbHPJmtQc14R1QbqaFLrp2mm7ASmWzwUuFYNrIUsNRpIMDi81BfPbKFEqjv8T k/Tmc3W7wzVjo1pwleTepyMmjeZ4QOl+bjodj4cSIaXqhYTYmp5+vLp3GxRXad2rhj9T loqFByNUeq//+sZaQ4OMEr1qIwpJ7Nqe5CtySmozvLptcSIB2PeCX9fL0X0dopjUd+R2 lYmA==
MIME-Version: 1.0
X-Received: by 10.112.134.230 with SMTP id pn6mr7156618lbb.37.1397049134440; Wed, 09 Apr 2014 06:12:14 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Wed, 9 Apr 2014 06:12:14 -0700 (PDT)
In-Reply-To: <F8AEEDAE-C8BB-4979-8122-1110DFF62770@cisco.com>
References: <533D8A90.60309@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E779EEB6@EXMB01CMS.surrey.ac.uk> <p06240601cf639cb2113b@99.111.97.136> <F8AEEDAE-C8BB-4979-8122-1110DFF62770@cisco.com>
Date: Wed, 09 Apr 2014 09:12:14 -0400
Message-ID: <CAMm+LwgLxR65a1nKmKpqW39_BvgMgAGwBCxAE+eEs-9bnLdv8A@mail.gmail.com>
Subject: Re: Security for various IETF services
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/r1MXawm1Eq22Ey3VqVYMjEVguIY
Cc: Randall Gellens <randy@qti.qualcomm.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 13:12:22 -0000
On Thu, Apr 3, 2014 at 7:40 PM, Fred Baker (fred) <fred@cisco.com> wrote: > In view of recent issues in TurkTelecom and Indosat, it seems like the simplest reason would be to ensure that data putatively obtained from the IETF would in fact be obtained from the IETF. > > From my perspective, I would support a statement to the effect that IETF technology should be obtainable using https or whatever else we are recommending as "secure." I'd also be in favor of asking IETF contributors to obtain and use PGP keys and/or DKIM encodings to sign messages. And of asking that IETF tools not reformat email in ways that corrupt data that has been signed. > > To that end, I could imagine a requirement for some kind of roadmap. "The tools that access the IETF SMTP and HTTP sites use protocols X, Y, and Z. After <date>, we require them to use Secure X, Secure Y, and Secure Z, and traffic originated by the IETF sites shall use such protocols." This sounds like a good idea. But we currently have a big problem in that the IETF has two email security standards, not one. And the two sides don't talk and this has created a stalemate that has blocked ubiquitous use of either. Today PGP has all the mindshare for encrypted messages and S/MIME has all the deployment. Neither is a success at anything approaching Internet scale. And neither is going to succeed in its current form. The only way forward is going to be to develop a new specification that is a worthy successor to both. Fortunately this is more a matter of optics than technical work. 95% of the work is already done. Any solution needs to comprise a message format, a trust model and a configuration model. And all need to be just as easy to use as regular mail is. 'Quite easy' does not cut it any more, today a security standard must have no impact at all or it won't be used. If we use the deployed infrastructure as a starting point and agree that any new scheme must support the trust models of both PGP and S/MIME, the way forward is pretty straightforward: Take the S/MIME message format and graft the PGP web of trust and fingerprint trust models onto it. What I have found is that this model is actually demonstrably more secure than either model on its own when measured against a time based work factor model. The reason to take the S/MIME message format is twofold. First it is the one that is already supported in billions of email clients. This means that if we build on the S/MIME model those clients can read encrypted messages without changing the client at all. That is a big plus since I have to be able to read any message I receive on my iPhone, iPad, and either of my two laptops and three desktops (total 7 machines). But I only need to be able to respond securely on two (though all is better of course). The other advantage to the S/MIME format is that it is a lot more mature than PGP/MIME and has been completely and thoroughly tested in the deployed mail infrastructure. I won't justify my trust model argument here since everyone who is approaching the problem in good faith should be willing to accept that the other side has good reasons for wanting their model. But in my podcast I show that a hybrid of both is superior. I explain why both is better here: http://www.youtube.com/watch?v=PBFnBpWkK8M (if people are interested I have put the whole design rationale onto YouTube). I do have code as well as specs. Right now I am working on a part of the design to make it easy to move keys from one client to another. This is necessary because if I am trying to read an encrypted message I need to be able to read it on any of my 7 machines. Right now that is a hand cranked operation but there is no reason that it can't be automatic. So I have a model that makes it easy to transfer the private decryption key to other machines. -- Website: http://hallambaker.com/
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent