IETF Logo Mail Archive

Re: [mile] Artart last call review of draft-ietf-mile-rolie-10

Benjamin Kaduk <kaduk@mit.edu> Mon, 16 October 2017 01:43 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEEF41332DA; Sun, 15 Oct 2017 18:43:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auoN8ggvMH8W; Sun, 15 Oct 2017 18:43:06 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B68F812895E; Sun, 15 Oct 2017 18:43:05 -0700 (PDT)
X-AuditID: 12074424-8a5ff70000004fa7-d2-59e40ea61300
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 45.E4.20391.7AE04E95; Sun, 15 Oct 2017 21:43:03 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v9G1h1NZ009738; Sun, 15 Oct 2017 21:43:01 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v9G1guMP002994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 Oct 2017 21:42:59 -0400
Date: Sun, 15 Oct 2017 20:42:57 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, ART Area <art@ietf.org>, MILE IETF <mile@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, draft-ietf-mile-rolie.all@ietf.org
Message-ID: <20171016014256.GK96685@kduck.kaduk.org>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <20171009235717.GN96685@kduck.kaduk.org> <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com> <CAHbuEH5C_GAkeLj6Pda5usY4PYXb1uwY8jzwnnvAV6Ao7v+d2A@mail.gmail.com> <CABkgnnU8BAdaB05-VQR6R=Ei-E_Ji=OZvVXa=JzX=UoFFDS2wA@mail.gmail.com> <1D786709-4F2C-4D39-B55D-A4F9EBE82C99@gmail.com> <CABkgnnU=FJvYzjK0B8z3Ry=W9DXzd98Miw8YB2cP9r0tFeef8A@mail.gmail.com> <CAHbuEH7dC7TcgzYmEEjfRh5HHcu4Mu1eOm9MWzq8EH9v3EGTmw@mail.gmail.com> <CABkgnnVS+h_A8Yz5fYn0SLXnnCHLLO6vFRnU+6kvnedR-=rPWg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnVS+h_A8Yz5fYn0SLXnnCHLLO6vFRnU+6kvnedR-=rPWg@mail.gmail.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLIsWRmVeSWpSXmKPExsUixCmqrbuc70mkwasnyhYr7npY/L/zl93i 2cb5LBYNO/Mtrp35x2ix538fkwObx85Zd9k9liz5yRTAFMVlk5Kak1mWWqRvl8CV8fuWa8Fh iYpJcw+yNzBeF+5i5OSQEDCRaH5zhLWLkYtDSGAxk8TaxQ8ZIZyNjBJH7j9kB6kSErjKJPFn UQyIzSKgKrF9TwNYnE1ARaKh+zIziC0ioCux6OwDdpBmZoHDjBJrz58HKxIWcJDY/qMJrIgX aN3xX++hNpxmkTh4chEbREJQ4uTMJywgNrOAlsSNfy+Zuhg5gGxpieX/OEDCnAKBEruvXQYr ERVQlpi3bxXbBEaBWUi6ZyHpnoXQvYCReRWjbEpulW5uYmZOcWqybnFyYl5eapGuuV5uZole akrpJkZQKLO7qOxg7O7xPsQowMGoxMO74tzjSCHWxLLiytxDjJIcTEqivOdaH0YK8SXlp1Rm JBZnxBeV5qQWH2KU4GBWEuHdy/skUog3JbGyKrUoHyYlzcGiJM67LWhXpJBAemJJanZqakFq EUxWhoNDSYJ3FUijYFFqempFWmZOCUKaiYMTZDgP0PAesOHFBYm5xZnpEPlTjIpS4rySIAkB kERGaR5cLyjVSGTvr3nFKA70ijDvdpAqHmCagut+BTSYCWjwu4gHIINLEhFSUg2MK6NKy6LX Of9w+ul4umZXUO6sBaJNZnbXF7zdfeW2nULSkbd7zRrbuDd3PGz46/92QdOXQruy+rfqvj+/ hE/TkbjO6ujkM7f+aPKB3Ng/tzqZrmWfVv/uJpDc/3C1zaM/HLMvLk9t/7IwPuhtt6Fj/+XT Fz9snuCXpz/5Q9eVEN6dH2+2B+0PUWIpzkg01GIuKk4EAMPnNXcQAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/PV6AAFZAVSOdjfSrakkomsyzDlE>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 01:43:08 -0000

Sorry for the slow response to this thread; I wanted to have a closer
read of the ROLIE document itself (and not just the cherry-picked
TLS-specific bits).

On Mon, Oct 16, 2017 at 11:45:59AM +1100, Martin Thomson wrote:
> On Sat, Oct 14, 2017 at 1:20 AM, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
> > The systems running ROLIE will be ones that enterprises will regard as
> > high value assets. Replay attack and lack of forward secrecy aren't
> > acceptable.  The same will be true of many other HTTP enabled
> > services.  A performance gain isn't worth the trade off.
> 
> My point isn't to reject this sort of analysis, which is possibly
> correct, but to point out that this analysis is one that a deployment
> makes based on the circumstances
> 
> Everyone thinks that their thing is a special snowflake, and that's
> OK, but you are asking for a levy on all implementations that would
> prevent use of 0-RTT in all deployments.  I think that is
> inappropriate.  I don't want to see every draft that the IETF ever
> published making its own assessment and a policy statement regarding
> this particular feature.  (We don't mandate a particular
> authentication mechanism here either.)

Every draft doesn't have to; in the absense of an explicit statement
it is assumed that 0-RTT should not be used.

But, for protocols built on top of HTTP, perhaps things are not
as clear cut.

> Note that TLS 1.3 permits resumption without forward secrecy.  It's
> not widely implemented that way, but it is possible.  If you care
> about forward secrecy (I'm not sure that it's especially critical in
> this context given the time-sensitive nature of the information you
> are talking about), then you have to make statements about that as
> well.  But again, I would not on the same grounds: the purpose of this
> work is to define what interoperability looks like, not to legislate
> deployment configuration.  Explain the trade-off and let the
> operational teams do their work.

My main consideration is that the ROLIE document we're talking about
is a framework, and does not define any information types itself.  So,
you are asking the operational teams to know and anlayze not just what
events they are currently handling but also all types that might be
handled in the future, which seems like an intractable analysis for
them to perform.  But yes, you are right that a statement about forward
secrecy as a requirement would be appropriate.

I'm also quite reluctant to provide a general recommendation to send
client-authenticated requests in 0-RTT, as it still seems too risky to me.

I also don't see how preventing the use of 0-RTT is supposed to be
a "levy on all implementations".  It seems to only require *not* adding
additional code/logic to handle 0-RTT.  I could perhaps see calling it
a "levy on deployments" that are unable to take advantage of the
performance benefits, but given the large number of unknowns in what
will be conveyed via ROLIE, it seems to me an unwarranted risk to try
to take advantage of those benefits in general.

-Ben

v2.23.0 | Report a Bug | By Email