Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)

"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Mon, 27 January 2020 20:23 UTC

Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E753A0BAD; Mon, 27 Jan 2020 12:23:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BxFwkIYg; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vsS8J0Qm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fj2Eqx5YhWyv; Mon, 27 Jan 2020 12:23:38 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB2CC3A0BB7; Mon, 27 Jan 2020 12:23:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12916; q=dns/txt; s=iport; t=1580156618; x=1581366218; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=D5+aPQ7VdF40Ivm+b2EAL1I94jiXgiw0w0XRgDVyY54=; b=BxFwkIYgC9pvyEXg0/KFGMQjHVh+MuNIz/2bbF9sY8fiNnsQ7i/Kc6PI BoBKQrV+XAiDFo0OkfuGM0j/xUe81Dl5td6/QMz8RCUprMKYv8i62WytF 8/fiJSoKMBdmDkGRVbm9n1Lz36mMG26V/dSZWz32tOq3DphPcVVSvdlyC 4=;
IronPort-PHdr: =?us-ascii?q?9a23=3ADJ31rR+tjqtgr/9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZB7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcKODELyN/7CZC0hF8MEX1hgrDm2?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CUBQCnRS9e/5pdJa1mHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXuBVCQsBWxYIAQLKoQUg0YDixOaboFCgRADUwEJAQEBDAEBJQg?= =?us-ascii?q?CAQGEQAIXgg0kOBMCAw0BAQQBAQECAQUEbYU3DIVfAgEDDgQREQwBASMUAQ8?= =?us-ascii?q?CAQYCDgwCJgICAjAVEAIEAQ0FIoMEAYJKAy4BAgwDkQyQZgKBOYglPHWBMoJ?= =?us-ascii?q?/AQEFhRYYggwDBoEOKolVgQaBQxqCAIERJyCCTD6CZAKBSwItgnkygiyNYIJ?= =?us-ascii?q?1nwcKgjmHQopQhCUbgkiICoRFi2WOYIFKhxqSKQIEAgQFAg4BAQWBaSIqgS5?= =?us-ascii?q?wFTsqAYJBUBgNk2wHBQEWFYM7hRSFPgF0gSmMYwEB?=
X-IronPort-AV: E=Sophos;i="5.70,371,1574121600"; d="scan'208";a="428185559"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Jan 2020 20:23:36 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 00RKNaru024479 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 Jan 2020 20:23:36 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 27 Jan 2020 14:23:35 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 27 Jan 2020 14:23:34 -0600
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 27 Jan 2020 15:23:34 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kr2MjmBzv/J3Qc4tUQ4mGou/hl6HrkR4m6OBvt3Sm39jcHSIwOPio5ZrNKdgxTqp/fqnoe1LjLx3HlLJYEnNyajRXUdfi6Z5BLQB/tke6LYZwcBK9n/C2zRs7kcprTt2u7yooK1bQzkoKSXX8yLDXVzZ5njRfa61vCnwC2wmzwH573xXgphukYGFEZBoM6rPSOxsrHEEyw4Ikp5fmJOWMemypkfjsofw9ef1W2VMT0TA8gWujVqha5gj6qU7/b1ahL8DabX2AfFI7c2Iaow9BnWApMzI8xjK2Lb9w8yhjLwswIJ1wTaBudHDdJqGJc9SmREqJ0LXyqMYEG+SBynAUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D5+aPQ7VdF40Ivm+b2EAL1I94jiXgiw0w0XRgDVyY54=; b=fpJGPkZPliugJRgnHWfaGscMgjEA2u/emFSncU0biETymgjXU099BYkCO3YJgQ7xVlXoqJ751WKU9U6+Z+HMC2s0wqQlkFrpzUD0aOIC0678ohbq26gMWNl251YCeVh1PJMToYEXHQosSKeElbnckJJ578Z05+c+0uxkAdQVg4dCharxsCjxrYnxg+IsqZb8osUdBgNmoc4QJTWNGQRGSgG8AT2yz1UQ0xnHV8aBcGcR+77134PZgy2N5kuHhqYXQa5fb75TQTErOfXq/byfMHzqwYJKXSop26MxidPLr1fa7S0hVmYqrf7CTgGptw6WAKnObrc6GANuBGpX6OnpSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D5+aPQ7VdF40Ivm+b2EAL1I94jiXgiw0w0XRgDVyY54=; b=vsS8J0QmtSRopHcMCULjr5cFL4pps5gB/jyJ0i4eLDLxZCsSciOB1RadaYHtHnIFYP8KJSf+KTFZdgaAL+LP6UwCPUVWXRTzTa6k90nBCROikgAiG6NXZG5t1HtzgKyHunmD8RrIAH0JY0y8w9eLDMVnlPdiizWXhXLUfLREZX4=
Received: from MN2PR11MB4190.namprd11.prod.outlook.com (20.179.151.223) by MN2PR11MB3902.namprd11.prod.outlook.com (10.255.180.77) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.22; Mon, 27 Jan 2020 20:23:32 +0000
Received: from MN2PR11MB4190.namprd11.prod.outlook.com ([fe80::d03a:678e:544a:d253]) by MN2PR11MB4190.namprd11.prod.outlook.com ([fe80::d03a:678e:544a:d253%7]) with mapi id 15.20.2665.017; Mon, 27 Jan 2020 20:23:32 +0000
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)
Thread-Index: AQHV1U+j0Dcjq/LsLk+2Gr7Hyqi/Jg==
Date: Mon, 27 Jan 2020 20:23:31 +0000
Message-ID: <00CA2AF7-C9EC-49CC-8C3F-7DDED4FC838A@cisco.com>
References: <155794757064.30599.16805992272677304176.idtracker@ietfa.amsl.com>
In-Reply-To: <155794757064.30599.16805992272677304176.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.26.0.170902
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dcmgash@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::27a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8da621be-23d0-49cf-fa92-08d7a366c768
x-ms-traffictypediagnostic: MN2PR11MB3902:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB39020E98A5C802C48A4EA156B70B0@MN2PR11MB3902.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(366004)(136003)(39860400002)(396003)(199004)(189003)(76116006)(478600001)(91956017)(66946007)(8936002)(2906002)(66476007)(33656002)(6506007)(64756008)(66556008)(66446008)(81156014)(86362001)(36756003)(5660300002)(71200400001)(81166006)(966005)(316002)(110136005)(54906003)(2616005)(186003)(8676002)(6486002)(6512007)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3902; H:MN2PR11MB4190.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: g9HKuPkDnJ8ZME9G7vtmGHphnCsMypRkAD80osKwyX2TvoyH39P9z7Xh7/qPaYgq8XuUnlsu0Qbc+0pGRgirkfFTeS/VMPChFmhA72U5KMCB2y5Y8XpR43B1tP7NSPYe2xUq5GUA9slOuM1opqnZPRNX66iLsrH6/jnDykYuCewj1+PQ98WyiSMiMiR9mHWuyDZZF5783VUSEYkwfAOxCxOnyyRYfOePViCa8SKefQLh2PBqwyHv7P9P3jPT0zfIaEy1IIxScsCFm+Xt4q7BDub0+EeSBJpw++AwEhTHP4WFotLBuOdrHBDF74qyGVxtV0l0ziawjU6C8+3kOp1tfgKSzVHGUwzB7fLKLN+6PAhqgBBq/Hr4c3fN2jQ725BjwI9WamKKZOJy5f1Nu+xVemxO4UNKVQjzmufawmTj+MH3x8gOhk5EdpufHNKtRIzdXPaX7iPlrPzTcPIAZd8AvDA+djXbUgiBXMRLhyDKNOE=
x-ms-exchange-antispam-messagedata: 0Ra0uHdtyeGjTrPuoNQqY3Je606KsAcM5oB1Kp+V1bdP8y+JbBOM0YR2eJu3v6RyJvIfWDhOJUzvqNpwQ1XRV8ZJJ8wbg81vZMSSuY+p8V3Y6DjeKrXyyN1+of3JM+Y36PPLGPVLPiXu859TAp0B5CeK2/rb8IYOVtNXs+NtUi4=
Content-Type: text/plain; charset="utf-8"
Content-ID: <25E66DB5E3D8F4418D92788C43CA7E01@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8da621be-23d0-49cf-fa92-08d7a366c768
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 20:23:32.2282 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TiRx06KftAGRq3KnYTm1cy2rPm5PKeYP6+z42+pmPHrTHb3uQwIV9al1r6VcVNMvCEB45FERhYcP0XCwL+aRyA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3902
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xch-aln-008.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/4n81qap59uz3ID3T5vEKZBIKRSo>
Subject: Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 20:23:43 -0000

Hi,

I hope that in the last few versions we have updated the document to sufficiently answer the concerns raised, please let me know if any concerns remain, many thanks.

The majority of the issues were answered last summer, but the balance should be by the latest version recently uploaded.

Please see the point-by point descriptions of changes or responses.

Many thanks,



On 15/05/2019, 20:12, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote:--------------------------------------------------------------------------------------------------

    (1) I appreciate the deliberate and thoughtful attempt in this section to
    enumerate the possible risks/attacks and mitigations of the protocol as is.  In
    addition to the top-level risks in Section 10.1, I can see the value of
    maintaining symmetry between Sections 5+10.2; 6+10.3 and 7+10.4.  In the spirit
    of the middle ground this draft is trying to realize (document the as-is, but
    highlight the issues), I have the following feedback:
    
    (a) Section 10.1.  I recommend replacing the first three paragraphs of Section
    10.1 (“TACACS+ protocol does not …”, “While the protocol …”, and “Even though
    …”) with the following text synthesized from Joe Salowey’s LC review
    (https://mailarchive.ietf.org/arch/msg/secdir/rsqrNbVEKph1RdWh836Ard73pHs) and
    the current introduction:
    
    TACACS+ protocol does not include a security mechanism that would meet
    modern-day requirements.  These security mechanisms would be best referred to
    as “obfuscation” and not “encryption” since they provide no meaningful
    integrity, privacy or replay protection.  An attacker with access to the data
    stream should be assumed to be able to read and modify all TACACS+ packets.
    Without mitigation, a range of risks such as the following are possible:
    
    Accounting information may be modified by the man-in-the-middle attacker,
    making such logs unsuitable and untrustable for auditing purposes.
    
    Invalid or misleading values may be inserted by the man-in-the-middle attacker
    in various fields at known offsets to try and circumvent the authentication or
    authorization checks even inside the obfuscated body.

TA>  Many thanks, looks like a  sensible proposal [AI=TA]
After consultation, the foll;owing chnages were made:

Section 10.1., paragraph 1:
OLD:

    TACACS+ protocol does not include a security mechanism that would
    meet modern-day requirements.  Support for MD5-based crypto pad
    encryption fails to provide any kind of transport integrity, which
    presents at least the following risks:

NEW:

    TACACS+ protocol does not include a security mechanism that would
    meet modern-day requirements.  These security mechanisms would be
    best referred to as "obfuscation" and not "encryption" since they
    provide no meaningful integrity, privacy or replay protection.  An
    attacker with access to the data stream should be assumed to be able
    to read and modify all TACACS+ packets.  Without mitigation, a range
    of risks such as the following are possible:


Section 10.1., paragraph 2:
OLD:

       Accounting information may be modified by the man-in-the-middle
       attacker, making such logs unsuitable and untrustable for auditing
       purposes.
 
       Only the body of the request is obfuscated which leaves all header
       fields open to trivial modification by the man-in-the-middle
       attacker.  For this reason, deployments SHOULD NOT use connections
       with TAC_PLUS_UNENCRYPTED_FLAG, as mentioned in the Best Practices
       section (Section 10.5) .

NEW:

       Accounting information may be modified by the man-in-the-middle
       attacker, making such logs unsuitable and not trustable for
       auditing purposes.
    
    (b) I recommend finding an alternative home and strengthening the text “For
    this reason, deployments SHOULD NOT use connections with
    TAC_PLUS_UNENCRYPTED_FLAG, as mentioned in the Best Practices section (Section
    10.5)”.  It seemed odd to mix deployment guidance in a list of risks as
    currently written.  I take Andrej Ota’s point from
    https://mailarchive.ietf.org/arch/msg/secdir/UgtsSfh1RaauNoMRi87FRqtI0YI that
    there is no harm in requiring the obfuscation, such as it is.  Furthermore, why
    couldn’t this be MUST NOT use?

TA> Yes, I think we can move to MUST NOT, and we can remove this reference at this point  [AI=TA]
Specifcially: Reference removed here, and reinforced in section 10.5.
    
    (c) Section 10.5.3.  I concur with the SECDIR recommendation and the follow-up
    discussion with Andrej Ota per
    https://mailarchive.ietf.org/arch/msg/secdir/UgtsSfh1RaauNoMRi87FRqtI0YI which
    would: s/stronger authentication/less weak/

TA> Agreed, We will update [AI=TA]

Section 10.5.3., paragraph 1:
OLD:

    To help TACACS+ administraots select the stronger authentication
    options, TACACS+ servers MUST allow the administrator to configure
    the server to only accept challenge/response options for
    authentication (TAC_PLUS_AUTHEN_TYPE_CHAP or
    TAC_PLUS_AUTHEN_TYPE_MSCHAP or TAC_PLUS_AUTHEN_TYPE_MSCHAPV2 for
    authen_type).

NEW:

    To help TACACS+ administrators select less weak authentication
    options, TACACS+ servers MUST allow the administrator to configure
    the server to only accept challenge/response options for
    authentication (TAC_PLUS_AUTHEN_TYPE_CHAP or
    TAC_PLUS_AUTHEN_TYPE_MSCHAP or TAC_PLUS_AUTHEN_TYPE_MSCHAPV2 for
    authen_type).
    
    (2) Section 10.2.  I’m confused by the deprecation of
    TAC_PLUS_AUTHEN_STATUS_FOLLOW but a seemingly weaker “SHOULD NOT be used in
    modern deployments”.  I was expecting a MUST NOT.
    
TA> Agreed, We will update [AI=TA]
Section 10.2., paragraph 2:
OLD:

    This document deprecates the redirection mechanism using the
    TAC_PLUS_AUTHEN_STATUS_FOLLOW option which was included in the
    original draft.  As part of this process, the secret key for a new
    server was sent to the client.  This public exchange of secret keys
    means that once one session is broken, it may be possible to leverage
    that key to attacking connections to other servers.  This mechanism
    SHOULD NOT be used in modern deployments.  It MUST NOT be used
    outside a secured deployment.

NEW:

    This document deprecates the redirection mechanism using the
    TAC_PLUS_AUTHEN_STATUS_FOLLOW option which was included in the
    original draft.  As part of this process, the secret key for a new
    server was sent to the client.  This public exchange of secret keys
    means that once one session is broken, it may be possible to leverage
    that key to attacking connections to other servers.  This mechanism
    MUST NOT be used in modern deployments.  It MUST NOT be used outside
    a secured deployment.

    (3) Section 10.4.  Why shouldn’t accounting sessions also use secure transport
    per 10.5 (like 10.3 and 10.4) given the risks outlined in the text?  I was
    expecting to see this section open with “Accounting Session SHOULD be used via
    a secure transport (see Best Practices section (Section 10.5))".
    
TA> We’ll bring this in line [AI=TA]
Specifically:

Section 10.4., paragraph 1:
OLD:

    Accounting sessions are not directly involved in authentication or
    authorizing operations on the device.  However, man-in-the-middle
    attacker may do any of the following:

NEW:

    Accounting sessions SHOULD be used via a secure transport (see Best
    Practices section (Section 10.5).  Although Accounting sessions are
    not directly involved in authentication or authorizing operations on
    the device, man-in-the-middle attacker may do any of the following:


Section 10.4., paragraph 2:
OLD:

       Replace accounting data with new valid or garbage which prevents
       to provide distraction or hide information related to their
       authentication and/or authorization attack attempts.

NEW:

       Replace accounting data with new valid or garbage which can
       confuse auditors or hide information related to their
       authentication and/or authorization attack attempts.
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    (1) Editorial Nits:
    
    ** Section 10.5.3.  Typo.  s/administraots/administrators/
    ** Global.  Various places in the document have an extra space between the end
    of a reference and the closing period.  Recommend: s/] ./]./g
    
TA> Thanks, will fix [AI=TA]

    (2) I endorse Mirja and Deborah’s point that strong text is needed in Section 1
    to state that this document is describing the current deployment of the
    protocol which has serious security issues.
    
TA> Agreed, added to the introduction: [AI=TA]

Specifically added to introduction: "This did not address all of the
    key security concerns which are considered when designing modern
    standards.  Deployment must therefore be executed with care.  These
    concerns are addressed in the security section (Section 10)."