Re: [MSEC] Multicast Security Considerations

Robert Moskowitz <rgm-sec@htt-consult.com> Fri, 12 November 2021 16:25 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAA743A0BD2 for <msec@ietfa.amsl.com>; Fri, 12 Nov 2021 08:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.229
X-Spam-Level:
X-Spam-Status: No, score=-5.229 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-3.33, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xb0-CKotTIrA for <msec@ietfa.amsl.com>; Fri, 12 Nov 2021 08:25:46 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AC1C3A0BE0 for <msec@ietf.org>; Fri, 12 Nov 2021 08:25:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 0CBF262718; Fri, 12 Nov 2021 11:24:46 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1JCtXYP36S8S; Fri, 12 Nov 2021 11:24:39 -0500 (EST)
Received: from lx140e.htt-consult.com (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 3D0C762569; Fri, 12 Nov 2021 11:24:37 -0500 (EST)
To: "Holland, Jake" <jholland=40akamai.com@dmarc.ietf.org>, "msec@ietf.org" <msec@ietf.org>
References: <C831F66E-3D94-4CBF-9968-97ED2E42638B@akamai.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <c2e55c6d-4611-092a-2ed8-7bd78c48fa36@htt-consult.com>
Date: Fri, 12 Nov 2021 11:25:33 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <C831F66E-3D94-4CBF-9968-97ED2E42638B@akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/msec/rgIV0Ix9BmK0MwF8P6It2QOpH_M>
Subject: Re: [MSEC] Multicast Security Considerations
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/msec/>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 16:25:51 -0000

Wow!  first traffic on this list in 4 years.

IMHO, Jake, this is the place to continue from your presentation in 
secdispatch.

On 11/12/21 10:58 AM, Holland, Jake wrote:
> Hi msec,
>
> I know this WG is shut down and the list is mostly defunct, but for
> anyone still on it:
>
> I had a slot in secdispatch last Tuesday to talk about multicast
> security:
> - https://datatracker.ietf.org/doc/html/draft-krose-multicast-security
> - https://www.youtube.com/watch?v=vbbFgM761t4&t=1h37m51s
> - https://datatracker.ietf.org/meeting/112/materials/slides-112-secdispatch-multicast-security-privacy-considerations-00
>
> The dispatch decision was to go to a mailing list for further discussion,
> possibly msec, or possibly a new one.
>
> The stuff we're looking to get discussed is closely related to msec's
> prior work, but I think not fully in-scope for the old msec charter,
> mainly because (I think?) the GDOI model may not be fully applicable
> to the sort of broadcast TV scale we're aiming to support in the latest
> efforts I covered in the secdispatch presentation, as we don't anticipate
> having quite the same kind of trusted key server setup, and we aim to
> do the Authentication and Integrity constraints differently.  But with
> that said, the particulars are open for discussion.
>
> Anyway, my first question is whether anybody objects to opening
> discussion on the topic on this list?  The other main option was to
> create a new mailing list for the new multicast security discussion, and
> I think the opinions of current msec list members would be key.
>
> If we do it here, I'd be inviting all the interested parties I can find
> to join and discuss the draft and the plans.  I'd be trying to figure
> out if we can get to where a BoF seems useful, and if the problem space
> can get the kind of discussion and feedback that it needs to reach a
> consensus status on what it takes to deliver multicast safely with the
> modern internet's ideas of safety (specifically aiming to include Web
> traffic, against the advice of some of the web security luminaries).
>
> Other possibly useful background includes the one review from Ekr on the
> secdispatch list and the ensuing discussion:
> https://mailarchive.ietf.org/arch/msg/secdispatch/N1jDh7MRHupuPIf1S5BiLDecGGY/
>
> And also the discussion the next day in mboned, where some of the background
> work ahead of this has been happening:
> https://www.youtube.com/watch?v=xCl9NlRZoik&t=31m24s
> https://datatracker.ietf.org/meeting/112/materials/slides-112-mboned-multicast-to-the-browser-update-00.pdf
>
> Please send back opinions if you have them, else I'll assume it won't
> bother anybody to start using this list.
>
> Best,
> Jake
>
>
> _______________________________________________
> MSEC mailing list
> MSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/msec