IETF Logo Mail Archive

Re: [mile] Ben Campbell's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)

Peter Saint-Andre <stpeter@mozilla.com> Mon, 25 March 2019 13:52 UTC

Return-Path: <stpeter@mozilla.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43AF712041B for <mile@ietfa.amsl.com>; Mon, 25 Mar 2019 06:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvZAu68W6JEH for <mile@ietfa.amsl.com>; Mon, 25 Mar 2019 06:52:20 -0700 (PDT)
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2AC91204B1 for <mile@ietf.org>; Mon, 25 Mar 2019 06:52:15 -0700 (PDT)
Received: by mail-pg1-x541.google.com with SMTP id g8so6648088pgf.2 for <mile@ietf.org>; Mon, 25 Mar 2019 06:52:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:from:to:cc:references:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=XAnsKUOFheUQNGfd4jTzhPmF3bZ1/nR6iwPa9ez8Z3A=; b=V6rToLfGfra+/D0X9e1ILLnP7sC7BgiXqtDJSdwCyxdveJX+DjwoYqkmUWbkKZBd8N yxUuJEuIqNb/OMn9iP3W5kLVAT+RsmYZonmakWmZAsvg5fp0nBfUlj8WQnz8kasaMLNi Mus6rXtN9FlZ1nPyCNeEdj2KlXOfhvfkGfSrU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=XAnsKUOFheUQNGfd4jTzhPmF3bZ1/nR6iwPa9ez8Z3A=; b=X3bPqlcqkb3CG8a1XqIo3o+WiImGaP91YFQhSjHWP/LDJr5bHfYUgWm8jQB7P/M0+5 TucYxvHgeOPBiNr2BqY3pCEtWP+tonu9lUoKRxgSNy+543KmgfaoFs01LMoMQ3bdjYiU hu6zYx8jAxtNbVooSlrqlh5p4GtTOjEhx2wnUfLEziHP5MeAQLZz2UYCF5vui4MQOvwv MocAOaDSNYJO70fdj6VdsYNBM8giyLj80k5ChyepDJYmwE2H/w1qobtrLQPboveryg0K fMzTmeuvaZ0kAFfHPc2F9ZoK90ODOITHpa8IWvXt+tNB5p4WhptzpU6/5hzSqbINjI9u 8AXg==
X-Gm-Message-State: APjAAAX/HSioRUF/1dQrngBTqBrLd2p+KDo5xqZSQnz3piwgUoumGP/7 zJGe1t/Ib49nZAHhIOkofQso7Q==
X-Google-Smtp-Source: APXvYqzzz3gB76mc0cpBLNR3iXD7SDQqCG2m1zSZoD3LXJ31GqfzJ3Y8P+fpTNs4JHpyEDwsmk3cjw==
X-Received: by 2002:a17:902:bb90:: with SMTP id m16mr26223772pls.49.1553521935381; Mon, 25 Mar 2019 06:52:15 -0700 (PDT)
Received: from dragon.local ([74.85.93.170]) by smtp.gmail.com with ESMTPSA id r24sm19424628pfn.19.2019.03.25.06.52.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Mar 2019 06:52:14 -0700 (PDT)
From: Peter Saint-Andre <stpeter@mozilla.com>
To: Ben Campbell <ben@nostrum.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-mile-xmpp-grid@ietf.org" <draft-ietf-mile-xmpp-grid@ietf.org>, "mile@ietf.org" <mile@ietf.org>, "mile-chairs@tools.ietf.org" <mile-chairs@tools.ietf.org>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>, "mile-chairs@ietf.org" <mile-chairs@ietf.org>
References: <154821326562.13271.17282561556237229622.idtracker@ietfa.amsl.com> <4BD85B49-9F10-4724-B5C7-B4257D8A83CD@cisco.com> <8125411B-783D-4469-B60B-422FA4E447FF@cisco.com> <50DCB5B2-8045-4878-ACA2-A9BE1246DFF1@cisco.com> <C92CD6AF-CC03-4734-8CB4-2FACD071EBFC@cisco.com> <840D870A-36F9-4B32-918B-8F4A3D04EBDF@cisco.com> <7F9B5B96-D304-44B4-88D3-A598450477FF@nostrum.com> <2cee29b8-99ce-2053-6044-2c2e4c501557@mozilla.com>
Openpgp: preference=signencrypt
Autocrypt: addr=stpeter@mozilla.com; prefer-encrypt=mutual; keydata= mQINBFonEf4BEADvZ+RGsJoOyZaw2rKedB9pBb2nNXVGgymNS9+FAL/9SsfcrKaGYSiWEz7P Lvc97hWH3LACFAHvnzoktv+4IWHjItvhdi9kUQ3Gcbahe55OcdZuSXXH3w5cHF0rKz9aYRpN jENqXM5dA8x4zIymJraqYvHlFsuuPB8rcRIV9SKsvcy14w9iRqu770NjXfE/aIsyRwwmTPiU FQ0fOSDPA/x2DLjed/GYHem90C5vF4Er9InMqH5KAMLnjIYZ9DbPx5c5EME4zW/d648HOvPB bm+roZs4JTHBhjlrTtzDDpMcxHq1e8YPvSdDLPvgFXDcTD4+ztkdO5rvDkbc61QFcLlidU8H 3KBiOVMA/5Rgl4lcWZzGfJBnwvSrKVPsxzpuCYDg01Y/7TH4AuVkv5Na6jKymJegjxEuJUNw CBzAhxOb0H9dXROkvxnRdYS9f0slcNDBrq/9h9dIBOqLhoIvhu+Bhz6L/NP5VunQWsEleGaO 3gxGh9PP/LMyjweDjPz74+7pbyOW0b5VnIDFcvCTJKP0sBJjRU/uqmQ25ckozuYrml0kqVGp EfxhSKVqCFoAS4Q7ux99yT4re2X1kmlHh3xntzmOaRpcZsS8mJEnVyhJZBMOhqE280m80ZbS CYghd2K0EIuRbexd+lfdjZ+t8ROMMdW5L51CJVigF0anyYTcAwARAQABtCdQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBtb3ppbGxhLmNvbT6JAlQEEwEIAD4WIQQ1VSPTuPTvyWCdvvRl YYwYf2gUqQUCWicR/gIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBlYYwY f2gUqdaREAChG8qU1853mP0sv2Mersns8TLG1ztgoKHvMXFlMUpNz6Oi6CjjaMNFhP7eUY4T D43+yQs7f4qCkOAPWuuqO8FbNWQ+yUoVkqF8NUrrVkZUlZ1VZBMQHNlaEwwu1CGoHsLoRohP SiZ0hpmGTWB3V6cDDK4KN6nl610WJbzE9LeKY1AxtePdJi2KM281U0Fz8ntij1jWu0gF2xU4 Sez46JDogHLWKgd0srauhcCVzZjAhiWrXp1+ryzSWYaZO8Kh8SnF1f4o6jtYikMqkxUaI5nX wvD3kNX4AMSkCAZfG7Jcfj/SLDojTcREgO87g7B9bcOOsHN4lj3lHoFV0aXpgPmjfIvAjJHu fHkXZAQAH8w0u9bgJqRn703+A4NPfLopnjegyhlNi7fQ3cMQV1H7Oj7WrB/pCcprx+1u/6Uq oTtDwWh1U5uVthVAI0QojpNWR08zABDX19TlGtVoeygaQV3CAEolxTiYQtCfVavUzUplCZ/t 3v4YiRov+NylflJd+1akyOs1IAgARf444BnoH1fotkpfXNOpp9wUXXwsQcFRdP7vpMkSCkc0 sxPNTVX3ei0QImp4NsrFdaep7LV3zEb3wkAp6KE5Qno4hVVEypULbvB0G6twNZbeRfcs2Rjp jnPb2fofvg2WhAKB20dnRfIfK8OKTD/P+JDcauJANjmekLkCDQRaJxH+ARAApPwkbOTChAQu jMvteb/xcwuL5JZElmLxIqvJhqybV7JknM+3ATyN0CTYQFvPTgIrhpk4zSn0A6pEePdK8mKK 5/aHyd7pr7rLEi1sI/X3UE8ld/E83MExksKrYbs0UX1wSQwYXU6g64KicnuP2Abqg+8wrQ18 1nPcZci9jJI75XVPnTdUpZD5aaQWGp7IJ06NTbiOk30I50ORfulgKoe4m3UfsMALFxIx3pJk oy76xC2tjxYGf+4Uq1M0iK3Wy655GrcwXq/5ieODNUcAZzvK5hsUVRodBq0Lq3g1ivQF4ba7 RQayDzlW6XgoeU49xnCr9XdZYnTnj4iaPmr2NtY6AacBwRz+bJsyugeSyGgHsnVGyUSMk8YN wZHvUykMjH21LLzIUX5NFlcumLUXDOECELCJwewui4W81sI5Sq/WDJet+iJwwylUX22TSulG VwDS+j66TLZpk1hEwPanGLwFBSosafqSNBMDVWegKWvZZVyoNHIaaQbrTIoAwuAGvdVncSQz ttC6KkaFlAtlZt3+eUFWlMUOQ9jxQKTWymyliWKrx+S6O1cr4hwVRbg7RQkpfA8E2Loa13oO vRSQy/M2YBRZzRecTKY6nslJo6FWTftpGO7cNcvbmQ6I++5cBG1B1eNy2RFGJUzGh1vlYo51 pdfSg0U1oPHBPCHNvPYCJ7UAEQEAAYkCPAQYAQgAJhYhBDVVI9O49O/JYJ2+9GVhjBh/aBSp BQJaJxH+AhsMBQkJZgGAAAoJEGVhjBh/aBSpAw0P/1tEcEaZUO1uLenNtqysi3mQ6qAHYALR Df3p2z/RBKRVx0DJlzDfDvJ2R/GRwoo+vyCviecuG2RNKmJbf1vSm/QTtbQMUjwut9mx6KCY CyKwniqdhaMBmjCfV2DB2MxxZLYMtDfx/2mY7vzAci7AkjC+RkSUByMEOkyscUydKC/ETdf9 tvI8GhTY/8Q7JSylS3lQA5pMUHiIf+KpSmqKZeBPkGc7nSKM1w1UKUvFAsyyVsiG6A/hWrTr 7tTQAl7YfjtOGE8n4IKGktvrT99bbh9wdWKZ5FdHUN9hx2Q8VP8+0lR1CH2laVFbEwCOv1vM W4cgQDLxwwpo1iOTdHBVtQDxlQ9hPMKVlB1KP9KjchxuiLc24wLmCjP3pDMml4LQxOYB34Eq cgPZ3uHvJZG309sb2wTMTWaXobWNI++ZrsRD5GTmuzF3kkx3krtrq6HI5NSaemxK6MTDTjDN Rj/OwTl0yU35eJXuuryB20GFOSUsxiw00I2hMGQ1Cy9L/+IW6Dvotd8O3LmKh2tFArzXaKLx /rZyGNurS/Go5YjHp8wdJOs7Ka2p1U31js24PMWO6hf6hIiY2WRUsnE6xZNhvBTgKOY6u0KT V6hTevFqEw7OAZDCWUoE2Ob2/oHGZCCMW5SLAMgp7eihF0kGf2S2CmpIFYXGb61hAD8SqSY7 Fn7V
Message-ID: <1d13de82-402c-a22c-c6af-8f12af72a389@mozilla.com>
Date: Mon, 25 Mar 2019 07:52:12 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <2cee29b8-99ce-2053-6044-2c2e4c501557@mozilla.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ie9YrLSpjI1S0O6lfcj0jknA8Q53amQUK"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/l4cpX8E0qmd_M2CEBjUwSt6bXs0>
Subject: Re: [mile] Ben Campbell's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 13:52:22 -0000

On 3/24/19 3:14 PM, Peter Saint-Andre wrote:
> On 3/24/19 1:32 PM, Ben Campbell wrote:
>> Hi, apologies for not getting back to this sooner. I’m trying to close
>> or clarify my DISCUSS points prior to stepping down from the IESG this
>> week. Please see inline:
>>
>> Thanks!
>>
>> Ben.
>>
>>> On Mar 4, 2019, at 6:49 PM, Nancy Cam-Winget (ncamwing)
>>> <ncamwing@cisco.com <mailto:ncamwing@cisco.com>> wrote:
>>>
>>> Hi Ben,
>>>     Thanks for the careful review and comments, please see answers below:
>>>     
>>>     On 1/22/19, 19:14, "Ben Campbell" <ben@nostrum.com
>>> <mailto:ben@nostrum.com>> wrote:
>>>     
>>>         

<snip/>

>>>         2) The security considerations suggest that the use of TLS
>>> mitigates  all of
>>>         the "network attacks". However, the potential or eavesdropping
>>> or data
>>>         modification are only mentioned in terms of such "network
>>> attacks". It is also
>>>         possible for the controller (aka XMPP server) to do those
>>> things unless some
>>>         sort of e2e protection is used. This is not discussed in the
>>> sections about how
>>>         the controller is trusted, nor is it discussed in the
>>> countermeasures sections.
>>>         There is a mention of e2e protection in the privacy
>>> considerations, but I think
>>>         that really needs treatment under the security considerations.
>>>     [NCW] Section 8.2.3 does try to delineate the controller attacks,
>>> but we can add the
>>>     Notion of eavesdropping and modification attacks there as well. 
>>> As to the considerations,
>>>     We can add in 8.3.3 a sentence to the effect of using e2e
>>> protection to address this attack.
>>
>> Unless you expect to really have e2e protection, it’s more important to
>> discuss the effects of not having it.
> 
> True. I'll draft text about that (probably later today).

I propose adding a new subsection under "Countermeasures":

8.3.6.  End-to-End Encryption of Messages

   Because it is expected that there will be a relatively large number
   of Consumers for every Topic, for purposes of content discovery and
   scaling this document specifies a "one-to-many" communications
   pattern using the XMPP Publish-Subscribe extension.  Unfortunately,
   there is no standardized technology for end-to-end encryption of one-
   to-many messages in XMPP.  This implies that messages can be subject
   to eavesdropping, data injection, and data modification attacks
   within a Broker or Controller.  If it is necessary to mitigate
   against such attacks, implementers would need to select a messaging
   pattern other than [XEP-0060], most likely the basic "instant
   messaging" pattern specified in [RFC6121] with a suitable XMPP
   extension for end-to-end encryption (such as [RFC3923] or a more
   modern method such as [XEP-0384]).  The description of such an
   approach is out of scope for this document.

Peter

v2.23.0 | Report a Bug | By Email