Re: [Model-t] Considerations for modern COMSEC protocol design

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hiya,

Thanks for the great text. That really ought land in some
I-D or RFC sometime. (I'd probably like to use that with
permission in our I-D if that'd be ok.)

While I agree with all your text, there's maybe a little
more to say on this bit...

On 17/02/2020 17:06, Eric Rescorla wrote:
> FORCING ACTIVE ATTACK
> RFC 3552; Section 3.2 notes that it is important to consider passive
> attacks. In general, it is much harder to mount an active attack, both
> in terms of the capabilities required and the chance of being
> detected. Another theme in recent IETF protocols design is to build
> systems which might have limited defense against active attackers but
> are strong against passive attackers, thus forcing the attacker to go
> active. Examples include DTLS-SRTP and the trend towards opportunistic
> security. However, ideally protocols are built with strong defenses
> against active attackers. One prominent example is QUIC, which takes
> steps to ensure that off-path connection resets are intractable in
> practice.

I'm still a fan of opportunistic security (OS) as
described in RFC7435, but in the time since that was
written, I think I've slightly modified my position on
the topic. Nowadays, I think OS is most useful when
it's a practical step on a realistic path from OS to
defense against active attackers, e.g. the evolution
from where we were in 2014 to MTA-STS (RFC8461) is
maybe a good example. I won't try wordsmith that in,
but be interested if you/others think similarly.

Cheers,
S.