IETF Logo Mail Archive

Re: draft-dukhovni-opportunistic-security-04

Paul Wouters <paul@nohats.ca> Wed, 27 August 2014 15:49 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E410B1A0AF2 for <ietf@ietfa.amsl.com>; Wed, 27 Aug 2014 08:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.769
X-Spam-Level:
X-Spam-Status: No, score=-0.769 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T3Z-y7j-_x6t for <ietf@ietfa.amsl.com>; Wed, 27 Aug 2014 08:49:01 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 512061A0AE7 for <ietf@ietf.org>; Wed, 27 Aug 2014 08:49:01 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D5BC282E12 for <ietf@ietf.org>; Wed, 27 Aug 2014 11:48:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1409154540; bh=gDrj7XP6F9kRIY7fblwjU9dPlB/WVGtI7fe111dJzuA=; h=Date:From:To:Subject:In-Reply-To:References; b=tVA8QQfMjwHZkRQpHg0x+ng1PxsYJwJUxiv7scA6xcFJjJcLC3Dui+oFzujHsuURw hYgs+EL683lqhrJf5AUAzInHdxxEGlB27G3yQ7fv2tYcyukhI4Woj1Y5liG/IAJF8F Wd5m4KzdZV1NOX/HRzG7hMPfr0y96R02V0q2bCRE=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s7RFmxKg030156 for <ietf@ietf.org>; Wed, 27 Aug 2014 11:48:59 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Wed, 27 Aug 2014 11:48:59 -0400
From: Paul Wouters <paul@nohats.ca>
To: IETF Discussion <ietf@ietf.org>
Subject: Re: draft-dukhovni-opportunistic-security-04
In-Reply-To: <53FD5AA3.90703@dcrocker.net>
Message-ID: <alpine.LFD.2.10.1408271103440.32412@bofh.nohats.ca>
References: <53FD5AA3.90703@dcrocker.net>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/wgYWDEG_9DVEBpEjwJnzO4tyPCY
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 15:49:03 -0000

On Tue, 26 Aug 2014, Dave Crocker wrote:

> Subject: draft-dukhovni-opportunistic-security-04

ExecSum: The document sits between a "generic advise" and "specific
protocol recommendations" and accomplishes neither. The definition
is unclear and the used language makes this document hard to read,
especially for non-native English speakers.

> This is spite of the fact that /nearly every word/ of the newest draft
> is new.

While that in itself isn't a problem, as Stephen said when talking about
a two page RFC of this kind, I do find most of my textual changes that
I proposed to make the document more readab le have been rejected for
far more prosaic fluff language:

    Broadly speaking, Opportunistic Security (OS) is a pragmatic risk
    management approach.  With Opportunistic Security, one applies the
    tools at hand to mitigate the risks that can reasonably be addressed,
    and accepts the rest.

    Definition:  In the context of communications protocols,
       "Opportunistic Security" is defined as the use of encryption when
       possible, with authentication when possible.  In the above, the
       phrase "when possible" means when support for the corresponding
       capability is advertised by the peer, ideally in a downgrade-
       resistant manner.

This in my opinion is not very good text at all compared to much
simplier phrasing. Especially in light on non-native English speakers.
Doubly so for being the introduction text of the document.

I'm also really unhappy about language like:

 	this risk is consistent with the expected level of protection

 	This last outcome [...]

 	if and when all but a negligible fraction [...]

 	In essence, [...]

 	This document proposes a change of perspective. [...]

 	Now, with OS, the new viewpoint is that without specific
 	knowledge of peer capabilities (or applicable local policy),
 	the default protection is no protection, and anything more than
 	that is an improvement.

 	In this document, the word "opportunistic" carries a positive
 	connotation. [...]

 	In such a situation [...]

While "design principle" is a better choice compared to the previous
"design pattern", I still feel it is working around defining a precise
and concrete definition.

I still find the definition of OS to be unclear. It roughly means "use
existing auth/encr protocols, but try unauthenticated encryption in their
absence" but it is unclear when "other protocols" stand on their own
and when those other protocols are "part of OS". Which again comes down
to this really being opportunistic encryption, but people are afraid
of moving towards a definition defining "if other protocols offer no
authenticated encryption, try to throw in unauthenticated encryption".
Because then it becomes clear we are talking about "OE" and not "OS".
So OS keeps including and excluding the "other protocols" throughout
the document.  Example:

 	Opportunistic security protocols may hard-fail with peers for which a
 	security capability fails to function as advertised.

This clashes with the idea that OS must always soft-fail, because the
above listed "advertised capability" is really the "other protocol"
part. Eg, if DANE is used, we have an authenticated protocol, and "OS"
does not really apply at all. The "Opportunistic" part is really a MUST
for soft-fail. That is, if OS is a protocol addition or protocol feature
(or design principle) of unauthenticated encryption, it never hard-fails.
The text does state that, but doing so while squirming around the
definition.

A new section 5 was added that states:

 	OS protocols may need to employ "fallback", to work-around a failure
 	of a security mechanisms that is found in practice to encounter
 	interoperability problems.

This really sabotages the entire document. Again, because the term OS
is unclear. Should my "OS enhanced" IMAP authenticated channel stop using
encryption when there are interoperabilty problems? This documents
suggests that might be valid. If it is making a statement about the
mandatory encryption part of other protocols, it should not even make
any statement regarding applying work-arounds.

 	When protection only against passive attacks is negotiated over a
 	channel vulnerable to active downgrade attacks, and the use of
 	encryption fails, a protocol might elect non-intrusive fallback to
 	cleartext.

Apart from the hard to read sentence, "might elect" ? And seeing there
is non-intrusive fallback, is there intrusive fallback? What does this
even mean? The "design principle" is to give to user LESS toggles, but
this text just ADDS another security toggle. I thought "OS" was all
about adding security opportunisticly without needing the user or
toggles.

In my opinion, this document needs a lot of work. There needs to be
agreement on what it is trying to say, and needs better text saying
that. What this really comes down to, is that one is better of not
reading this 6 page document and telling protocol designers:

 	In absence of authenticated encryption, use un-authenticated
 	encryption with fallback to cleartext, transparent to the user.

That should be a 1 page RFC.

Paul

v2.37.1 | Report a Bug | By Email | System Status