Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 24 January 2019 14:39 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C015127598; Thu, 24 Jan 2019 06:39:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtBDxlm2lakO; Thu, 24 Jan 2019 06:39:18 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780110.outbound.protection.outlook.com [40.107.78.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C12F8124BE5; Thu, 24 Jan 2019 06:39:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DKhv7Jeww7seN/7n8p1spMWyaHpOA049kC1eGYomrLg=; b=LUV66CGJepU1Lhx9knliV/tKiYTvOQTqLv9RPWTd3W8farlR7TSmYfv496ZJrCzprxvuPI7zEYDAO4uQ2ka66R1OnuMtlf8EYafYAjithxJ+o2LUbCyNjIy4RylkU2KlxFRmcmhVqjC++/zDh6Fo1zt5/uI/JdNEMh1Ii6Knxp4=
Received: from SN2PR01CA0054.prod.exchangelabs.com (2603:10b6:800::22) by SN6PR01MB4495.prod.exchangelabs.com (2603:10b6:805:e1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.30; Thu, 24 Jan 2019 14:39:16 +0000
Received: from DM3NAM03FT015.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::208) by SN2PR01CA0054.outlook.office365.com (2603:10b6:800::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26 via Frontend Transport; Thu, 24 Jan 2019 14:39:16 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT015.mail.protection.outlook.com (10.152.82.195) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.11 via Frontend Transport; Thu, 24 Jan 2019 14:39:16 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0OEdBL5008298 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 24 Jan 2019 09:39:13 -0500
Date: Thu, 24 Jan 2019 08:39:11 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
CC: The IESG <iesg@ietf.org>, <mile@ietf.org>, <mile-chairs@tools.ietf.org>, <takeshi_takahashi@nict.go.jp>, <draft-ietf-mile-xmpp-grid@ietf.org>, <mile-chairs@ietf.org>
Message-ID: <20190124143910.GL81907@kduck.mit.edu>
References: <154830236119.7369.16213460588216390150.idtracker@ietfa.amsl.com> <1548331471.370290.1642501848.3FF05D24@webmail.messagingengine.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1548331471.370290.1642501848.3FF05D24@webmail.messagingengine.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(136003)(39860400002)(346002)(396003)(2980300002)(199004)(189003)(88552002)(26005)(356004)(446003)(26826003)(186003)(6246003)(104016004)(246002)(54906003)(426003)(55016002)(336012)(478600001)(33656002)(11346002)(47776003)(486006)(345774005)(58126008)(75432002)(106466001)(16586007)(97756001)(2906002)(8936002)(8676002)(106002)(76176011)(7696005)(4326008)(53416004)(476003)(229853002)(126002)(956004)(316002)(786003)(36906005)(305945005)(6916009)(46406003)(14444005)(66574012)(50466002)(1076003)(86362001)(23726003)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR01MB4495; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT015; 1:6xnZBayaHDhYwp5AfrrkXokYQNUpaU8mftzY/K7BKxG4ST/mBDa+Fd9tRHVK4yCnLH8+OSMFJdBLchI4OjAB00rXsQ8rrBR9aYR4ya65GqNl4FPWjJ+ud3LV137joQgNvG0fTnUZ2fqbS8VnG93vYPOgSOmCtDmWncqz51uHLfg=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8c44d0c1-2759-46b7-bd9d-08d68209b79e
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:SN6PR01MB4495;
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4495; 3:HU13vY+jG5JjeeiNYb+igulip2MnomFW9wc+jOYg+qF6/IfzqTNzrJsbBeCF3Ab0ptmgEBCv1hwEcusfdIQuJqrbgsuRsEikX47VsswRXk1klyFxI9MBDtAZctlR3Pm1fj3C9ISSxnWzWhQ4z8COIVn5WjDOmK7big5p2SE3pYgzK2Ocx9YfTHwG9ZBYqWbn4SOcJhGMp30CbZjEFaV+Zme2Jn/HeEo/sDmgOZLje/ZjYS6mCIaGl5BO+x3cPI0pPRMehF7CDMCDbjfSL+wATqs5vl2QDIoojP9YFfPV0zL5LNo2W9TBjiviDpMwBLIyYA+c8BsAUm7Mte9lk+klR72NuvPmirH93g33MKExDUNLzGmbSmc33/ONkuOLeKo1; 25:vpw0sldANopcjoWzmV7P5a79+h67uFZEpAmMtdwLrVuwoNvjV/RF61Xe0XibMOi104Rr89KoeWuCB78z0Ob3i62riJvN1J1XZViirbWC005XwaGPPqooCnnVj2GnblW5uROiRFyqIEFNQaNClyLlFreaFSudECT692rjUPHMb+ZRdhtKpss3ex1JD5vdxyyR/RlIl4N5fuFz55dKDhpvf0Fl4j86eyvGBFE6YRas5T55zytZ/8dObXprYsKCCxcoOYnVgQXzsNZZ/AZrxiNXS97TJrtAkpZ2pTTA9qgIUNxUjMLwSB0BQ59IigIVNq+kKLvs2rT4e28fZijDFuRlFw==
X-MS-TrafficTypeDiagnostic: SN6PR01MB4495:
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4495; 31:29+MaR03QWCRmoGUssKltATb/HECaNv6Cpgg26jtYcL3ZgnjVGXIxPcHvBZ9EDn7rxpeE0Qv5Py1hGBHfQn/8yL48okn70MUM0A7fhGVOHsPGFl0HvlavIcjPbzZbvuLomDj3sPibNQgzPNc1/aolGD1+Vt1QhFRrBrNYZm/ZPUJZfp4993rWDsxhHNoFCq7H2YRckprF5XIxgd4HSTDemMJ1ze7GOHaIUG+5eFr3ZQ=; 20:2xft88ZR/qL8EARZVAJFUN5CElWJh0ZM10cnXK32B3cI9WvSkbSPiJJBu94QZfM3FBJvDMvoHdZbKfmSRdYDQldcP5UD28fkZJN+XUA0oGa8abRyslj4mg5sGeGj3I3LgWIX+CbTopISRSjOc4JeqQO0Rw+XXI6NQ2rQ0GpDrtZ5FYygMj+yfPh/IIJnLqHtKMdDCkzLNWmXL2NEPvj7lwmB6Ynjnz4CgziBq+3cTCNyEg7P7zaRy7iJqifHJqGer+48S5EDanCUFqcgC/Cmjc+8qQNyMxCHmauOUQ+DnFezhSpHoNXNeMn6vFHIUhv0KtZacQzYXZE//IgjEhitlxU/SVDGEJL2W59kM5xK0hy43fv3S7C6UbYQYKN/dSAPXnLwEYHOYwXkA6IOCwb3/0vBVzQu5zyqtv7jGfVh6zB3PNRMxOLALBbZtwn/Q7y7MseNUS5btDbaIM0yG9hmMVl/fBAGijvHeLKtpLJF7S16xv2TN5d3Te/Avs3mJ0zVJUu9sLsW+gfqgzbY6vdQmh/B/u3aq/uzQMPId2FicWLPv9wVGJ3cq8X/GWQd4NOOJceqM54/jE+IAe4xZWzsBOvpwl03Ca1oTQrUTtwd/CQ=
X-Microsoft-Antispam-PRVS: <SN6PR01MB449521F26A119D7901EC5B87A09A0@SN6PR01MB4495.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4495; 4:vy+xOiiUKJb4S66gZWL6HMyfe6GXKor35gmEDPTMIV3z345Pqk3vWq7XR8iz1X38FxACv+BZjidSTUe8e135NKXU4IyGCZQcotm5JBeWtYixyize5DN2xZSX5ZnVd8wXb52LcpgEl0IucE1Mo55cdOwv1DkMaLLIbNAOYDPmQxDL0+fTGPuYoe6sRK36h/AkEUEsA/r3rVjEj/ir6lTqWaC5V6LshHGaxxOORxtSVrNMGQENtFodAVk3pMA0mYHvsRiVyI7nagpiAxRjUTq3mHOVaARORWwSvIUJpukI0XBlefPtsO86uUG1zRwYSa2X
X-Forefront-PRVS: 0927AA37C7
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN6PR01MB4495; 23:fWPkrQ4CZChdtfB0ZPB2X4e6q2dlM7ojlhGz1KcKH?= =?us-ascii?Q?MwensV0orK5Kv/LefpXfQSTdlkt/lDfmnibKbQBUehA5+SsQxm7mxnqRVl4x?= =?us-ascii?Q?YKb5tPuaTwANGQ83RJEMLTE4+DMhKylqYFiBn1F3wuQoXcoure5MgtlWdonH?= =?us-ascii?Q?y4mlLq7UuNGpHBahofoqBDQjf/2ptpbFT/0bgXGsT7UokYaiAkEPjCu9J6mH?= =?us-ascii?Q?NNDSScic8gWB4AxwdsIQkl/nVs7dVDlpkzrYQoz+qnohh5Hj7o18jP4RSekh?= =?us-ascii?Q?E+dM327OxudBpUAbqwsKwsLr3OEzTBz042b95lA9XNDjoqIyU2OSLmfy1CC8?= =?us-ascii?Q?nQrmWzjDY/g1vm/FZHxfIVPWp3nRqf4eH1g6+zY1E5OyGlkWcpWo/QAtq5Ib?= =?us-ascii?Q?W0yyfOeSjZ94VLpWZh92ctO/rOCxVwNgWmGmFt2npTrk3Z5ltUYoQQqCvf3i?= =?us-ascii?Q?gZUsyw0xzuIM/YEISslbXzx0P3nlYQjJ2ILBjEbsXg16Mh5RvXh8tGTPGsUX?= =?us-ascii?Q?ToorRG0iBgLweyaDDIZv6EOXneeIEDKaQaGeIFuYg9jatxHxcgdXcP8neMce?= =?us-ascii?Q?azMuPCN1ubezY2INPYBD+WvAmhzPR9+vquEW28TDC/sDZG+Ghl3Q1Du64z8U?= =?us-ascii?Q?pGlxYPjRKbQNtFmFTP/3gznAtrxcs1miyc6M7kNykNKu0Jfj2tUZSl4PChML?= =?us-ascii?Q?1heBpaOscFnreuHrlMdG80RGXndQ0gwg85IrLrB7XlMrucHmqaALQP7Nw6eH?= =?us-ascii?Q?YJPfi6PtcQl7pwTzpV9/IaQNFG70/6no0gf+K44vb/Hu0eN9ndoAcI7GHs3Y?= =?us-ascii?Q?0WZRSHEC5dv+R7mseCW4bGtRvvAV7REZDJimXO/aTXHcHfNdtYTtfEBmN/Vl?= =?us-ascii?Q?BuBVIe7qO/0pzZtr582bPG/t6VISlddRU758LHId/vv9eRMBXcuH843NTrp6?= =?us-ascii?Q?sGsJLhZPHU9YOBefEtwx1f+k0Ct9nWPENLoNQym3vW+1otCgTZ9mfKqG2rt7?= =?us-ascii?Q?ZIffbKPwcA91IcmX5gzOwthM1EqF3ktTpBH3qU4pA9XkasnSG969bXQETeA9?= =?us-ascii?Q?65cyP/A03xLwNAw+68BaQPWRCiH0OCpl0frBjI6Pfpw9lamthJaV2r+OBIGo?= =?us-ascii?Q?8OviTT61VniGcbDGJ1mUYmH/0kMTR9Z0UYpxo0TpLiocMS2glTGEm2RR5Fp2?= =?us-ascii?Q?kcWHGprnzgWkLrxT1DAEvWP9aMqJugmGa9QZBLJREJ8FssocmB2DwljhPPaC?= =?us-ascii?Q?X2u4FfuMLNPJ8CDuxg=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: Ybu6hjsTMS0tI4oT0ZQoqyg8+/9oIkWnGTCcnznXcQrxyuH0KgSENqqDyha2IWrAEBYMKVy7txTtNzIaicjvjg5OgPmf5poNk+Bgnqeji+fwCIQuoaStDEoONcJJIiBG9gvHMMe6ZLeevh7S+IiDIb9/upkJBUMZsR9jzJUoN59CmHwvJJm/kT3+pnt730JHHpuABd1xzTq8eAWUktZzfzTpZZ7y1QKzYC/YXm+7BD8G2o9waE52xtxyCu47dgVmLOExpKlrOGho9A2aI/PjsYpWRbDbw/CVqpRRWVWHl4JaF7+6Sz4aK8UoNt0zqyNECD+Bgi0idQ7cbnrrARYcUAE7+y0lCsLdNcDPX8l254Y6LBnpLOBaSvN9m556PwojX/9X/2B6KjkLkTW7gQaYEzqDaJxE6mQz3ZoLq7/cIxk=
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4495; 6:893ZtDXxloKdUsetVcz6xYCSIRxhreAGwtd/7/b607TDIqFPM/7HYfMTpiSKiXwDDTH5ZPcljsq9XzrpbrPvwLXB0yxoy6I4fyxU2gy9hf7GcXe6eAVSMaBCR6u8sIOiJ3KTZXHWOnzJDBLk+v+m749PbIgMj2Y+uj8G6L4gshMW/Ofs5YixxY1TorNOqaHHVvJ/cjFc1teSriAFevqQPhSThg1eksShlDGrZmTeniBIh6Yqycba7UWd5bpAHNsAKOxKIR5IlrW/VKpt5MMPVgIUmYt4FTRA38nlz50Uc0JA7RjTjKt9SB5hu+xe8F31RpanOV5lwxFwfWGVSz5kkxMPrcg6qkgJG/LfTpKcWXEyAPLRoU6WuMo9I0E9M4+q7AzljsMFPK017kRStruzryftcNX1o7Gi0W5izCMZJbBMSQSplhi7kp14geypHmbJaKXlQOz8PVbGvgudARe+7Q==; 5:uFDJ/WKvVzND4nHWBJ5/pDBdoVcK4foj7jiXeYCw6EOIZXJkxAZmOf3/2bdUTYd7BmFEQz7LxMxceyxlF/tGcpdGwfI2K+MZPuxMp1a7qvhH1CH6J52cc9dHjFBsldyF3LtkTX7QkfPllvQ+2ERKiMBTwk0QsWIbyxKGyDygI1ErzzkBtBOmPHYBQemR15XGtki+U05BUCVKc7M0Cs/rQw==; 7:btnG6DZJWIVw+cGYkWdQ1khn741T3lNOpKbPWt00A0qoldwYs2QH0A3zcgEhifCCiUlHMtshg6wQ8/S0aa+A1wWlM4S9MFF8sDL6CXAvb+ZD07KLM4WHPayDXkS+Zb7XBdD+uYWLSFLrVWXo+fycLw==
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2019 14:39:16.0985 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8c44d0c1-2759-46b7-bd9d-08d68209b79e
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4495
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/tqY4V4zlcak1updzSSyymtNhLAI>
Subject: Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 14:39:22 -0000

On Thu, Jan 24, 2019 at 12:04:31PM +0000, Alexey Melnikov wrote:
> Hi Benjamin,
> 
> Thank you for your comments.
> 
> I will let editors reply to your comments, but I will quickly comment one part of your DISCUSS:
> 
> On Thu, Jan 24, 2019, at 3:59 AM, Benjamin Kaduk wrote:
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> > 
> > In the vein of Alissa's comments, I think this document does not adequately
> > present the normative requirements for an implementation of the "XMPP
> > Grid".  As far as I can tell, these requirements are just relating to the
> > communications security measures used to protect XMPP traffic, per Section
> > 8.3.  (Adhering to the MTI and MTN requirements of RFC 6120 does not seem
> > like a new requirement.)  The main bulk of the document consists of
> > examples that show how to use standard XMPP functionality to discover
> > pubsub streams that convey data (types) that are of relevance for the types
> > of behavior that MILE is interested in (e.g., security incident reporting
> > and discovery), with inline mention of which XMPP features are used to
> > negotiate and discover the streams in question.  (Several of my comments
> > are related to this Discuss point.)
> 
> I think you and Alissa are right that the document needs to be clearer on whether it just relies on RFC 6120 and various XEP requirements or whether it adds any of its own.
> 
> > I also think this document does not adequately justify restricting to just
> > the EXTERNAL and SCRAM families of SASL mechanisms;
> 
> I want to push back on this. The document is adding new requirement on top of what RFC 6120 requires, this is effectively new mandatory to implement SASL mechanisms for use XMPP with grids. Ideally this would be a single SASL mechanism, but I think one password based and one X.509 based is a good compromise here.

Dave has correctly inferred that my objection is to the "mandatory to use"
-- these are fine mandatory-to-implement choices.  I think we could move
away from the "MUST authenticate [...] using" language to a combination of
"MUST authenticate using a mechanism that provides strong authentication,
transport encryption, ...", and "in order to establish a common baseline
for XMPP-Grid usage, participants MUST implement [EXTERNAL and SCRAM]".

>  there are other
> > mechanisms in use that provide equivalent or better security properties,
> > and this sort of unjustified restriction is detrimental to the evolution of
> > the Internet.
> 
> Let's not exaggerate here. If you want to suggest one or two alternative choices for mandatory to implement SASL mechanism for XMPP grids, I think you need to make a better argument in front of the WG.

(possibly OBE) My point here is something like "suppose I already have
Kerberos set up, or whatever the latest hotness in authentication is.  Why
do I have to set up some SCRAM infrastructure or try to shim my thing into
EXTERNAL instead of using it as native SASL?"

-Benjamin

> > The current requirements on SASL mechanisms also seem inconsistent with the
> > claims in the threat model that the controller can obtain credentials to
> > allow impersonation of platforms; RFC 5802 (SCRAM) is quite explicit that
> > "The server does not gain the ability to impersonate the client to other
> > servers", and my understanding is that usage of EXTERNAL is generally not
> > susceptible to this threat.  (A bit more discussion in the COMMENT section.)
> 
> I agree that this needs to be reviewed.
> 
> Best Regards,
> Alexey