Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Mon, 04 March 2019 21:25 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F2BF130EA8; Mon, 4 Mar 2019 13:25:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.503
X-Spam-Level:
X-Spam-Status: No, score=-14.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gw/TC2FP; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CQpdUGPT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DOu5LhZ3eNor; Mon, 4 Mar 2019 13:25:54 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3166E12008A; Mon, 4 Mar 2019 13:25:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6240; q=dns/txt; s=iport; t=1551734754; x=1552944354; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Z0Qgs82ddqUtSCv4auBh0O0oiw+/2Q8hysmlFjkYHfU=; b=gw/TC2FP7j/yHMdGY3s4+zTGlW+jxp05XIN73I9W7djZ7fBJPoPsCtD2 mf62dgOuKZJIKDG05pVJ4A//1LjeZ/3dyH3rdVNwa7PYrfPbp7yxr3v5k ng02Of4n77f3OiwqJ+9bbZKMtjnxm+YHpbR7rsa0PG56YDgQgV6tLxwym g=;
IronPort-PHdr: 9a23:jIbV2hfSvz+yP5jVu3m2/kLPlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/aSczGdtDUlBN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOAAB1l31c/5hdJa1lDg0BAQEBAwEBAQcDAQEBgVEGAQEBCwGBPCQFJwOBXAQLJ4QIg0cDhFCLAUqCDZghFIEQA1QLAQEshEACF4QOIjQJDQEBAwEBAwEDAm0cDIVKAQEBAQIBIxEMAQEqCgMBDwIBCBgCAhQSAgICMBUQAgQBDQWDIoFeAw0IAZ4mAooUcYEvgngBAQWFARiCCwiBCyQBiycXgX+BEScfgU5+hGkCFk+COzGCJooVggUql0IJAos5hzkZgXSFYogJJYMeimSSIwIEAgQFAg0BAQWBRziBVnAVZQGCQYIKDBcTbQEJgkGKGDtygSiNRIIpAQE
X-IronPort-AV: E=Sophos;i="5.58,441,1544486400"; d="scan'208";a="526766488"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2019 21:25:26 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x24LPQ1i021983 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Mar 2019 21:25:26 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Mar 2019 15:25:26 -0600
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Mar 2019 15:25:25 -0600
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 4 Mar 2019 15:25:25 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z0Qgs82ddqUtSCv4auBh0O0oiw+/2Q8hysmlFjkYHfU=; b=CQpdUGPTbGcVGm6Xy2TEJqXuNSrGhTkq5srOpGg+RkLsDKI/XUqwSIsPttjDieFP6xOfxAPMuNlDtzHEpkd0KWZxGBjbMEdn+V17cy0fCHGpnzyO6yWKXGcgZo8ChPSZ1KJMo8MEpEOd3GbtZX/cTocMgEY/aFNdErxgmFYmc2Y=
Received: from BN6PR11MB1732.namprd11.prod.outlook.com (10.175.99.7) by BN6PR11MB1460.namprd11.prod.outlook.com (10.172.21.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Mon, 4 Mar 2019 21:25:23 +0000
Received: from BN6PR11MB1732.namprd11.prod.outlook.com ([fe80::3df6:de14:447c:4146]) by BN6PR11MB1732.namprd11.prod.outlook.com ([fe80::3df6:de14:447c:4146%3]) with mapi id 15.20.1665.019; Mon, 4 Mar 2019 21:25:23 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Alexey Melnikov <aamelnikov@fastmail.fm>
CC: The IESG <iesg@ietf.org>, "mile@ietf.org" <mile@ietf.org>, "mile-chairs@tools.ietf.org" <mile-chairs@tools.ietf.org>, "takeshi_takahashi@nict.go.jp" <takeshi_takahashi@nict.go.jp>, "draft-ietf-mile-xmpp-grid@ietf.org" <draft-ietf-mile-xmpp-grid@ietf.org>, "mile-chairs@ietf.org" <mile-chairs@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)
Thread-Index: AQHUs5kxbBDm41kVLUGxKBrym1LTSKW+poyAgAArNoCAPOJ+AA==
Date: Mon, 04 Mar 2019 21:25:23 +0000
Message-ID: <373B07D7-B122-41BA-A877-033AE87F1065@cisco.com>
References: <154830236119.7369.16213460588216390150.idtracker@ietfa.amsl.com> <1548331471.370290.1642501848.3FF05D24@webmail.messagingengine.com> <20190124143910.GL81907@kduck.mit.edu>
In-Reply-To: <20190124143910.GL81907@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.7.190210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ncamwing@cisco.com;
x-originating-ip: [2001:420:292:1260:1dfe:3a6c:3efe:7107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 11a836d5-bfec-4775-f78d-08d6a0e7e998
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BN6PR11MB1460;
x-ms-traffictypediagnostic: BN6PR11MB1460:
x-microsoft-exchange-diagnostics: 1;BN6PR11MB1460;23:ZzePu5Ir+qfDzAj5gkuCbx53+3LhDj7Awrn425mlczAa4N7EoyQwphsTwftE61ZCjuZE113CAdpIcT5RX9DSYU7aQS/CKy8A+cxCQOg74BhszCGSZ4sjX8HjamPCc4M8S0UNM8X49KSQB7+0tfRIU3eN0FYRIwz+m6cSRyZ5P01dCfoP85UIHYJSO8dZtRlm6ca3SHgl/EhtjyIUYs9BsSzY+UzcO1p85UXoW+p4+UoII8DwezjrLTQIhLA8sWcp5d+9Y05XbofETXnhQZtayUa922optRV7j0tgwI2J5fPDyNEjg6EILpUGCH9Njbu0hlHtT3MPvOVSuGA5NpgRjRFCrixPJGjHWN3QOf7uCThz+o0zl/bNVtVIqJ4lTDaNxk2lygkBruLvWQyC6QkLWRjTfXyiVr+pvntPhk4017TGuIJQN7u/mYavic0piBCPhqvdm/SVJzTe2dF2gbzV1Se+LJpoR3l3Mt1LaFkahE9zHvA5756Gi8cE993sYKxZdhH4o9VsE9SkoRgkEGYVlsKGLeebQlXFjNceuUsUStH7FF76bbEuiyVsbs0xHOb2sa/j3YcqG0UeD32LooV6JpgEDthttm6F1G7JHyDntkzTVNPj8qNSnic3+SP2m3Cp5gp/RVS8DJSjSYjnA3orb+SpQr2uhOCz4tFGpoiynNL/yAJpw22cu0xsMrpcdU8H04frfVz+h1awiNHiDA8dsHK2xydi7sgqahioBXca6oe9FBh4aiHQ0e6axWd/WV53RX5JqannKUXrYB/Q4AXwV4I6TzAtXtGHniaNl4JXr9el8jKSEZSl8K0DtHuvjNJQeXMKm/gXf4IhIDwdBhrvWjd1jh+ZzilIdO3N1VHe2fkDrDUvNOO++j16AJNicAb69HojFb9cBpf57RrKwZ+ANQTDHb4EA+IDKLNXnUHIlkog9Sc6N/9EY87arwxfw2hQ8l7/HAXOD2Ub7DwWvnM3hctsw7/MZBTGaumnrcyAfWmAit+cHgOQEfmS414Z3v7K4WfEmZmjVnYU9RCqzhc6ta324ehNJx4ujsFzqnXow958cmiuN2wS1qZ+jlUBIB/mI4w7kPzXF329Kft8DnGPG0AHpF04dvDND2zi428AynZD3SuRqkZUftOX7FbA+Q+0hlgj3okkpZQs0OWkQABRcJbM+MgoK9ggE4mjRfNiwF4e9VYvt9+cxgd5e3MXO97DORAhsdbPjt3IbpmuopQ84bumIwIs5mNpvPv16bhbE2DzEIQ/sz9GflO9+1A8MeXj
x-microsoft-antispam-prvs: <BN6PR11MB14608DEC6AFF8B00B36095E4D6710@BN6PR11MB1460.namprd11.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(136003)(39860400002)(376002)(189003)(199004)(106356001)(36756003)(7736002)(305945005)(478600001)(105586002)(8936002)(8676002)(68736007)(86362001)(81156014)(14454004)(5660300002)(66574012)(76176011)(81166006)(99286004)(102836004)(6506007)(71190400001)(71200400001)(33656002)(14444005)(256004)(110136005)(6246003)(11346002)(6512007)(6436002)(476003)(2616005)(486006)(446003)(6116002)(97736004)(46003)(54906003)(2906002)(229853002)(6486002)(25786009)(4326008)(186003)(58126008)(83716004)(316002)(82746002)(2171002)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR11MB1460; H:BN6PR11MB1732.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: wafkCfwlkZzjTHg/KXM4D3xMhK7yZRkj40uL4EMoHcSR+wZvy3x3jBIYk6Zpo8AURDUsaihSDMr66iUb+ELEF58Caw2+SDjWaz05HDUzKzVfJgdSMG+rm+oPbOd5wqut70GVCVOshmRYgizpvAXcfKbxWsNIldY5xMUjwO//4XZr5oZRdNT6gqno0xGO2CYs/XIVhakgI5Dp30aiTXNVhoilac8AflOXQCjxMou9Abz2KrCCn+Mgg3Khcs2ytbnyKqsVSSFtHS6HwvCvEqWllgSVYt5mI5/GDT1wo7Y5L0SXVGGuf+uMHYJnKKR9rB7gLxm7AL+442ZhKwAXqu3CbKjwPcM2/QmfBsJb8qgLjjTVlIHBse2Uf3yitjGFlnsAm7wNP55hu2KRC1iTR4y8pAhu9VTvLJ1kwYUb3K9JSDI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <CFB6EFCC9B795645BD81CE98268514D2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 11a836d5-bfec-4775-f78d-08d6a0e7e998
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 21:25:23.4127 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1460
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/Cc0a2h2k0Bh1Ktv70-4J3psiVmY>
Subject: Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 21:25:57 -0000

Apologies for the prolonged delay in responding.  Please see below:

On 1/24/19, 06:39, "Benjamin Kaduk" <kaduk@mit.edu> wrote:

    On Thu, Jan 24, 2019 at 12:04:31PM +0000, Alexey Melnikov wrote:
    > Hi Benjamin,
    > 
    > Thank you for your comments.
    > 
    > I will let editors reply to your comments, but I will quickly comment one part of your DISCUSS:
    > 
    > On Thu, Jan 24, 2019, at 3:59 AM, Benjamin Kaduk wrote:
    > > ----------------------------------------------------------------------
    > > DISCUSS:
    > > ----------------------------------------------------------------------
    > > 
    > > In the vein of Alissa's comments, I think this document does not adequately
    > > present the normative requirements for an implementation of the "XMPP
    > > Grid".  As far as I can tell, these requirements are just relating to the
    > > communications security measures used to protect XMPP traffic, per Section
    > > 8.3.  (Adhering to the MTI and MTN requirements of RFC 6120 does not seem
    > > like a new requirement.)  The main bulk of the document consists of
    > > examples that show how to use standard XMPP functionality to discover
    > > pubsub streams that convey data (types) that are of relevance for the types
    > > of behavior that MILE is interested in (e.g., security incident reporting
    > > and discovery), with inline mention of which XMPP features are used to
    > > negotiate and discover the streams in question.  (Several of my comments
    > > are related to this Discuss point.)
    > 
    > I think you and Alissa are right that the document needs to be clearer on whether it just relies on RFC 6120 and various XEP requirements or whether it adds any of its own.
[NCW] I have updated the draft to make it explicit that it solely relies on XMPP....nothing new is added other than implementation guidelines and applicability to sharing security information.
    > 
    > > I also think this document does not adequately justify restricting to just
    > > the EXTERNAL and SCRAM families of SASL mechanisms;
    > 
    > I want to push back on this. The document is adding new requirement on top of what RFC 6120 requires, this is effectively new mandatory to implement SASL mechanisms for use XMPP with grids. Ideally this would be a single SASL mechanism, but I think one password based and one X.509 based is a good compromise here.
    
    Dave has correctly inferred that my objection is to the "mandatory to use"
    -- these are fine mandatory-to-implement choices.  I think we could move
    away from the "MUST authenticate [...] using" language to a combination of
    "MUST authenticate using a mechanism that provides strong authentication,
    transport encryption, ...", and "in order to establish a common baseline
    for XMPP-Grid usage, participants MUST implement [EXTERNAL and SCRAM]".
[NCW] That is fair.  I've removed the offending sentence and also made more clear the MTI
For SASL EXTERNAL or SCRAM.
    
    >  there are other
    > > mechanisms in use that provide equivalent or better security properties,
    > > and this sort of unjustified restriction is detrimental to the evolution of
    > > the Internet.
    > 
    > Let's not exaggerate here. If you want to suggest one or two alternative choices for mandatory to implement SASL mechanism for XMPP grids, I think you need to make a better argument in front of the WG.
    
    (possibly OBE) My point here is something like "suppose I already have
    Kerberos set up, or whatever the latest hotness in authentication is.  Why
    do I have to set up some SCRAM infrastructure or try to shim my thing into
    EXTERNAL instead of using it as native SASL?"
[NCW] Hopefully the updates address this, if not, please provide suggestions to improve intent for interoperability given what XMPP has defined.
    
    -Benjamin
    
    > > The current requirements on SASL mechanisms also seem inconsistent with the
    > > claims in the threat model that the controller can obtain credentials to
    > > allow impersonation of platforms; RFC 5802 (SCRAM) is quite explicit that
    > > "The server does not gain the ability to impersonate the client to other
    > > servers", and my understanding is that usage of EXTERNAL is generally not
    > > susceptible to this threat.  (A bit more discussion in the COMMENT section.)
    > 
    > I agree that this needs to be reviewed.
    > 
    > Best Regards,
    > Alexey