IETF Logo Mail Archive

Re: [Model-t] Considerations for modern COMSEC protocol design

Jim Fenton <fenton@bluepopcorn.net> Mon, 17 February 2020 21:15 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7534512086D for <model-t@ietfa.amsl.com>; Mon, 17 Feb 2020 13:15:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JoZ3HFE4nJYl for <model-t@ietfa.amsl.com>; Mon, 17 Feb 2020 13:15:28 -0800 (PST)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4247B120052 for <model-t@iab.org>; Mon, 17 Feb 2020 13:15:28 -0800 (PST)
Received: from steel.local ([12.124.76.250]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 01HLFP0f026792 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <model-t@iab.org>; Mon, 17 Feb 2020 13:15:27 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1581974127; bh=Z/DnseVa+oYOt8mjwOsyAWwnRbeiGDsONVNBd6itVnI=; h=Subject:To:References:From:Date:In-Reply-To; b=S4WIvPlWM/9z9RwPdxiBjueGgAVkikYdP6hq5E4FlozwLUbkYaCb02Bquu2r7Wyr6 1Wuy8KXI8WNouQHd6BQyxVJuSgvvEmV5dncubcnhZbMpxZdhV4j6Ihzoim3fX/APDv hQUQqSAmrY3Ym5x79OX4n8FdrlBcofLVVTt/nITg=
To: model-t@iab.org
References: <CABcZeBPgvsQGzyWEXK_U2x_wYthuxELCs7r+J+NLyA=knpp8pw@mail.gmail.com> <09e09f3d-9889-897d-7adb-561b2f5458af@cs.tcd.ie>
From: Jim Fenton <fenton@bluepopcorn.net>
Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCXVD9ggUJDORhvgAKCRAbJaiwFdCf vgiSEACd3Nem63zL2C6daCFfRzOANkf30Q8AvaRVwhfdFxs+5vETCzbqctrtIAHeqncXjm9G uEJWxecAiHZXKoWUEFECMp3+Saznw0np+c722M4k9xI+mxqbcE0qgpYQgA8zbS/Lbds3f/bk /00jrQg4VMkumONlh+RZVwxAsnWp8efrJsNTn0QOPZavAkPEN59wfyWQ3O4pNY8i3zum8Wge 8NS4BBMyG0fmjWgUq0K2QrTD4AKBslM2IWCLECypP1AOfHKmmTACKFOnzJJ4KspUw3hdBnS1 fvudUC8u26Q3T6rHosRqxGmgW7sQWwAusgMSa/A6zxR6soEBSsMT5Tf+VHebuz1FWE4ogrvJ InvewfYSCYzOQamYYGArcBtAzU00pUzW2Or7SlwZPHHy2EfMd0zvT7mwSYLwwwcCsWc1O/CI xHGea7PBgO3TdR0Ex254yc+NTyxF3isBC/fodF9aNWF6x6SV3VKYJ3U2uqS9ga85dZz8Qeps MwlSEGRVhVVWGbSxy0GxV5Up0yX4vl0kI0c7Tt57JCOoRBpn/lTK/7IEtZK6/uiw98KCy+BM uF7HPsgXjd/AQjSsZIJgDyVY/y7niduqhW2izNEdhV77htVbKHRf2SfJQNudWOIcOhUTlddH kOSjet+MDso61JxrFV4j/8wFno7NwpPIhD//HvKAiLkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQIAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJdUP9SBQkM5GOPAAoJEBslqLAV0J++vZoP/1shJ+5iImGzvGUTTDJcAX6Wha+22QP0G51Z QGZbeB0gE+gDmRwd2yw0cO3y1sPoTJliUSuZ3DFIjv8CLBgDlrkUnijBWbi5YznsAZkH0vKG ESGzinJC6y/Nzf2TZokKiOaYrTYcZx8x2wxjNO+zsihm/rvhV/YnHEYd9dlV/MjAL3xtHU/9 fNcTDtF3RchADyVCxlqrRUkFj61dHxU+U5JRftyIliLltsy2Nlr4uAsxNX+tpAH2D2HLmjwx bV2fpTnFCVImtuo6ZqNZ8SMk1Xq0fBBdo3acBw42kL/qGIKS9x3NWEy8vsmQXn0QqNBd1Q62 9ghm82mHMTRKnOXqkMgICpZ0HffPf3p7zMkEqWptgEHxE6ZHm9hJMGEf8RED9DCYh+N1uFaM 7ndQPPFKlj80sGmNF9+01mO53hrxeL/WAdGox/STpTb2BDpiyrLdT/2R0vJNEfMxBBYlw1gc g8mPEwHwZ940/qql7e41TkDGUZa2a1WegKLj8hK1pgDDBptcdIvlvuk284jOZ2/jDyaBDsMf 310OoJchJ3977odtSCArybQIwMjTx0rv6dqjsuqP89jqlrGV6izqf1n4p4FNrBSWOSRGaoWD JJVHL4YUhP44G5xDBCtp3TqatLa5F2Rgxj50EFIzOuu9Pg1tBCPP1G+0EiikVTdDkC63X4RG
Message-ID: <5950ef9f-060c-6836-9510-2d33fdca733b@bluepopcorn.net>
Date: Mon, 17 Feb 2020 13:15:20 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <09e09f3d-9889-897d-7adb-561b2f5458af@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="gAhwdMfKH1PfamJOkqvsQs9RPRXggz30g"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/hOLq4cjq8oT4OMwHDz-anpf9clc>
Subject: Re: [Model-t] Considerations for modern COMSEC protocol design
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2020 21:15:31 -0000

On 2/17/20 12:47 PM, Stephen Farrell wrote:
> Hiya,
>
> Thanks for the great text. That really ought land in some
> I-D or RFC sometime. (I'd probably like to use that with
> permission in our I-D if that'd be ok.)
>
> While I agree with all your text, there's maybe a little
> more to say on this bit...
>
> On 17/02/2020 17:06, Eric Rescorla wrote:
>> FORCING ACTIVE ATTACK
>> RFC 3552; Section 3.2 notes that it is important to consider passive
>> attacks. In general, it is much harder to mount an active attack, both
>> in terms of the capabilities required and the chance of being
>> detected. Another theme in recent IETF protocols design is to build
>> systems which might have limited defense against active attackers but
>> are strong against passive attackers, thus forcing the attacker to go
>> active. Examples include DTLS-SRTP and the trend towards opportunistic
>> security. However, ideally protocols are built with strong defenses
>> against active attackers. One prominent example is QUIC, which takes
>> steps to ensure that off-path connection resets are intractable in
>> practice.
> I'm still a fan of opportunistic security (OS) as
> described in RFC7435, but in the time since that was
> written, I think I've slightly modified my position on
> the topic. Nowadays, I think OS is most useful when
> it's a practical step on a realistic path from OS to
> defense against active attackers, e.g. the evolution
> from where we were in 2014 to MTA-STS (RFC8461) is
> maybe a good example. I won't try wordsmith that in,
> but be interested if you/others think similarly.


I'm somewhat less of a fan of opportunistic security; before deciding
that the capabilities required for an active attack are harder to mount,
you need to consider the threat model. Consider that there are several
countries that have been launching downgrade attacks against SMTP
STARTTLS on a substantial fraction of their outgoing traffic [1]. And
that doesn't even consider more targeted attacks against specific clients.

[1] Durumeric, Zakir, David Adrian, Ariana Mirian, James Kasten, Elie
Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael
Bailey, and J. Alex Halderman. 2015. “Neither Snow Nor Rain Nor MITM...:
An Empirical Analysis of Email Delivery Security.” In /Proceedings of
the 2015 Internet Measurement Conference/, 27–39. IMC ’15. Tokyo, Japan:
Association for Computing Machinery.
https://doi.org/10.1145/2815675.2815695.

v2.23.0 | Report a Bug | By Email