IETF Logo Mail Archive

Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01

t.p. <daedulus@btconnect.com> Tue, 10 December 2013 10:39 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 834131AC403 for <ietf@ietfa.amsl.com>; Tue, 10 Dec 2013 02:39:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.348
X-Spam-Level:
X-Spam-Status: No, score=-1.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, UNRESOLVED_TEMPLATE=1.252] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNjjRue0z0PB for <ietf@ietfa.amsl.com>; Tue, 10 Dec 2013 02:39:43 -0800 (PST)
Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe002.messaging.microsoft.com [216.32.180.185]) by ietfa.amsl.com (Postfix) with ESMTP id 125EB1AD8F4 for <ietf@ietf.org>; Tue, 10 Dec 2013 02:39:42 -0800 (PST)
Received: from mail84-co1-R.bigfish.com (10.243.78.242) by CO1EHSOBE025.bigfish.com (10.243.66.88) with Microsoft SMTP Server id 14.1.225.22; Tue, 10 Dec 2013 10:39:37 +0000
Received: from mail84-co1 (localhost [127.0.0.1]) by mail84-co1-R.bigfish.com (Postfix) with ESMTP id 0BE0ECC042A; Tue, 10 Dec 2013 10:39:37 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.249.213; KIP:(null); UIP:(null); IPV:NLI; H:AM2PRD0710HT004.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -18
X-BigFish: PS-18(zzbb2dI98dI9371I542I1dbaI1432I1418Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h20f7h2189h1d1ah1d2ah1fc6hzz8275ch1de098h1033IL17326ah8275bh8275dh1de097h186068hz2dh2a8h5a9h839h947hd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h184fh1898h18e1h1946h19b5h19ceh1ad9h1b0ah2222h224fh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h2218h2216h226dh22d0h2327h2336h304l1d11m1155h)
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009001)(51704005)(13464003)(479174003)(377454003)(51444003)(199002)(76104003)(24454002)(189002)(81342001)(81542001)(14496001)(62966002)(76796001)(74706001)(74662001)(76786001)(47446002)(31966008)(74876001)(74502001)(77096001)(50466002)(77156001)(15202345003)(61296002)(33646001)(74366001)(69226001)(90146001)(56816005)(89996001)(44716002)(62236002)(79102001)(47776003)(63696002)(80022001)(15975445006)(88136002)(66066001)(65816001)(19580395003)(83322001)(19580405001)(87286001)(87266001)(80976001)(87976001)(59766001)(4396001)(77982001)(50226001)(49866001)(47736001)(50986001)(84392001)(23756003)(53806001)(51856001)(46102001)(47976001)(54316002)(42186004)(76482001)(83072002)(85306002)(56776001)(85852003)(44736004)(74416001)(7726001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB244; H:AMXPRD0310HT004.eurprd03.prod.outlook.com; CLIP:157.56.248.133; FPR:; RD:InfoNoRecords; A:0; MX:1; LANG:en;
Received: from mail84-co1 (localhost.localdomain [127.0.0.1]) by mail84-co1 (MessageSwitch) id 1386671975104884_25738; Tue, 10 Dec 2013 10:39:35 +0000 (UTC)
Received: from CO1EHSMHS015.bigfish.com (unknown [10.243.78.225]) by mail84-co1.bigfish.com (Postfix) with ESMTP id 156E4700047; Tue, 10 Dec 2013 10:39:35 +0000 (UTC)
Received: from AM2PRD0710HT004.eurprd07.prod.outlook.com (157.56.249.213) by CO1EHSMHS015.bigfish.com (10.243.66.25) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 10 Dec 2013 10:39:34 +0000
Received: from AM3PR07MB244.eurprd07.prod.outlook.com (10.242.18.154) by AM2PRD0710HT004.eurprd07.prod.outlook.com (10.255.165.39) with Microsoft SMTP Server (TLS) id 14.16.383.1; Tue, 10 Dec 2013 10:39:13 +0000
Received: from AMXPRD0310HT004.eurprd03.prod.outlook.com (157.56.248.133) by AM3PR07MB244.eurprd07.prod.outlook.com (10.242.18.154) with Microsoft SMTP Server (TLS) id 15.0.837.10; Tue, 10 Dec 2013 10:39:12 +0000
Message-ID: <026401cef593$9e783a00$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, l.wood@surrey.ac.uk
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk>, <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com> <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk>, <529F7690.2050302@gmx.net> <290E20B455C66743BE178C5C84F1240847E510379C@EXMB01CMS.surrey.ac.uk>, <52A1BBBC.9090509@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E510379D@EXMB01CMS.surrey.ac.uk>, <52A4D7D9.9000603@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E510379F@EXMB01CMS.surrey.ac.uk> <52A4ED90.7020308@gmx.net>
Subject: Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
Date: Tue, 10 Dec 2013 10:14:43 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.248.133]
X-ClientProxiedBy: AMSPR07CA017.eurprd07.prod.outlook.com (10.242.225.175) To AM3PR07MB244.eurprd07.prod.outlook.com (10.242.18.154)
X-Forefront-PRVS: 005671E15D
X-FOPE-CRA-Verdict: 157.56.249.213$surrey.ac.uk%13189%4%btconnect.com%False%False%0$
X-OriginatorOrg: btconnect.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%0$Dn%SURREY.AC.UK$RO%1$TLS%0$FQDN%$TlsDn%
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 10:39:46 -0000

----- Original Message -----
From: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
To: <l.wood@surrey.ac.uk>; <stephen.farrell@cs.tcd.ie>
Cc: <ietf@ietf.org>
Sent: Sunday, December 08, 2013 10:07 PM

> Lloyd, I think we have expressed our positions here. I fear no
additional views from my side will change your positions on that topic.
You are just not a big fan of security.

<tp>
Lest it be thought that the same applies to me, let it be clear that I
am a MASSIVE fan of security, security being authentication,
authentication and authentication (with integrity not far behind, and
encryption, well you know my views on that).

It is phishing and its derivatives that I see as most damaging to the
general users of the Internet, such as I; and every time I hear the
media say, 'look for the padlock on the screen' I think 'another bunches
of lambs being led to the slaughter'. And I think that the IETF is not
doing what it should when it does not pay more attention to that.  What
did we do with "draft-hartman-webauth-phishing-05.txt"?

Tom Petch

> If I have a wrong impression drop me a note and we do a quick off-list
chat.
>
> Ciao
> Hannes
>
> On 12/08/2013 09:46 PM, l.wood@surrey.ac.uk wrote:
> >>> Stephen,
> >>>
> >>> I've no idea what you think you mean when you say 'moving beyond
> >>> mandatory to implement'. My take is that encryption should never
be
> >>> mandatory to implement.
> >> MTI security is what's called for by BCP 61.
> > ...only for standards-track protocols.
> >
> > And that document asks 'is encryption  a MUST' and sensibly answers
'no'
> > as far as confidentiality goes. draft-farrell-perpass-attack goes
beyond
> > that to insist on confidentiality everywhere.
> >
> > So, your take on MTI seems far far broader than that in BCP 61.
> >
> > [..]
> >
> >>> I did not discuss processing cost, though that's also relevant,
> >>> particularly for low-end systems.
> >>>
> >>> My concern is that the cost to designers of trying to design
> >>> transport protocols becomes unacceptably high, as any attempt
> >>> to design a transport protocol becomes defending against the
design
> >>> of what has just become a security protocol.
> >> I also meant that. Arguing that we don't know how to engineer
> >> this is also a fine 1990's era argument.
> > DTNRG (late 2000s, yet still persisting as a group as e.g. the TCP
> > convergence layer isn't published yet) is a much more recent example
> > of this.
> >
> >
> >>> I view the failure of DTNRG work - where tailoring for the DTN
> >>> scenario was dropped in favour of emphasising security work, and
> >>> problems with the protocol would be fixed by the security
framework,
> >>> but weren't - as an example of this. And where the IRTF leads,
> >>> the IETF follows.
> >> Your and my descriptions of about 90% of things related to DTN
> >> seem to be at odds. And that's the case here too.
> > Damn right.
> >
> > Lloyd Wood
> > http://sat-net.com/L.Wood/dtn
>
>

v2.23.0 | Report a Bug | By Email