IETF Logo Mail Archive

Re: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)

Ted Lemon <mellon@fugue.com> Fri, 21 September 2018 14:44 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6331C130EBF for <ietf@ietfa.amsl.com>; Fri, 21 Sep 2018 07:44:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5uUQG1a822O for <ietf@ietfa.amsl.com>; Fri, 21 Sep 2018 07:44:24 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E704130ED6 for <ietf@ietf.org>; Fri, 21 Sep 2018 07:44:24 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id z13-v6so1924835qts.5 for <ietf@ietf.org>; Fri, 21 Sep 2018 07:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=FnxmfOyiKgmybnX+50kKWKuI9oYGBsiDADgOs4bo7Wo=; b=Ha0uE9UIAODY0C+zQVFBH9oz8WEqpYfzkqcYAF5XSeJIeydN1IfUiV8VQ6yVDKL3W6 S/STFOjCh3JE5onRy+aB1dDZyMmEv5n5LRXXUkK2OSeiH9dIdk6/yyD+9U2i8kMcQHL3 K1MHpdkQpvA+Wp2+mOs7BT18EkdYl083LyXlvJL/z6aPnuRe1ZB+opDnisY40OYVmNxE 0XUYp0zQw5MV43RUKu2I3NJDQLuP8hrfwm+5Yn6VNkqXaWuIVtAHSWEtMQevI0QBZF6F d796sl1TN8jrNYaii4Vd+0M68/g1pg79opJqjhSrtCl3ieWPxtMzUmzpjlj8ntSEAhVA ho/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=FnxmfOyiKgmybnX+50kKWKuI9oYGBsiDADgOs4bo7Wo=; b=lLfkYCLn0VrYDwHINtXNcHseMAUE7aB2c04bphF0Fm8/XkNxs3Y1YLMLhCMq/0jGe/ piEsfjfIEDCBVtYhHdn2CbNusN0iqFKYLbzMSPDU5yrfDwr1pDQTRuvAmX0NaCOr/SAZ J4d8PjSea20z/LWh+P3BViSkeeasNSvyWfCVYdmXCwVGkVTlCvBz3xhhklIOrCA+sjHQ AduyfeZOcJrmuxyXd6kUVH89fuHwVFkZT/J1Xwonf6sJ7V7jbFAly+KOo/4HLHUiOWB5 0CtQTcm2oAJiKgeqhS5q4OMvN5UIcPQZ0iTYP2SGc0RZjCqXNK3pCAMwoY3ZPRwzpF0H my/w==
X-Gm-Message-State: APzg51APpMRl+1ssMmNae0zdXoJ9teJI0YWWSxDwIAWftTb2bYbQXOYL aGxxCSkH/5WSnDy2Tm7Fw8jZjg==
X-Google-Smtp-Source: ANB0VdaJD0RvSa6R5rbE4W1Xc/VSKoEUwmgEteB27pTR+5aNl2cg/fs6zzUoYy06tn01bnkleKAt8Q==
X-Received: by 2002:a0c:f446:: with SMTP id h6-v6mr31758122qvm.208.1537541063022; Fri, 21 Sep 2018 07:44:23 -0700 (PDT)
Received: from [10.0.100.12] (c-73-167-89-221.hsd1.ma.comcast.net. [73.167.89.221]) by smtp.gmail.com with ESMTPSA id g14-v6sm20473763qtc.66.2018.09.21.07.44.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 07:44:22 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <503900CC-CC68-48A7-91E9-4C73DD9C7B51@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9B0DDFFF-8AAA-45B8-BDA1-C83DA52AEE7B"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Subject: Re: On-path attackers (Was: Re: Diversity and offensive terminology in RFCs)
Date: Fri, 21 Sep 2018 10:44:20 -0400
In-Reply-To: <CAF4+nEEWDM0jem7knoYDs9A5fM5M=_vbtSNOkLhi57_x2mq4+A@mail.gmail.com>
Cc: IETF Discussion <ietf@ietf.org>
To: Donald Eastlake <d3e3e3@gmail.com>
References: <cafa1282-ae6a-93de-ea4a-d100af28d8b8@digitaldissidents.org> <CAKHUCzxL8xgn2D2W9G=Qk=AXzyw4mmcqPii6GKBSiByRyxbq+Q@mail.gmail.com> <c755471a7f744fdd958759c6c5001147@exchange02.office.nic.se> <20180920170939.GA68853@isc.org> <968547d5-7e96-5c31-69a3-20456baccf1a@comcast.net> <8EF9ACE5-7D4C-4511-B9B0-FDAE121FF2B6@tzi.org> <20180920194622.GB69847@isc.org> <7DF0DC82-B40A-441F-BFB0-78490121E530@piuha.net> <CAHbuEH5pPGaEjx=r68DDBndsqMV_4jDmL95=8Lkdkabmz5Xa4w@mail.gmail.com> <CAF4+nEEWDM0jem7knoYDs9A5fM5M=_vbtSNOkLhi57_x2mq4+A@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/utvzcxuhq5gq-sOQHutEuHoDbXM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2018 14:44:35 -0000

On Sep 21, 2018, at 9:48 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
> Thus all X-in-the-middle attackers are "on-path active attackers" but
> not all "on-path active attackers" are X-in-the-middle attackers. For
> example I do not consider an on-line active attacker that observes
> traffic and just inserts new messages to mess things up, for example a
> replay attacker, to be an X-in-the middle attacker.

I don't actually think we need to change this particular term, but if we decide that it is worth changing, there are some fairly obvious ways to address your concern here.   E.g., "agent-in-the-middle" or "on-path interception."

I tend to agree with Jari that the technical reason for using clearer terminology is strong; man-in-the-middle is often used for types of on-path attack that you are, rightly, excluding here.

v2.23.0 | Report a Bug | By Email