Re: [Patient] [saag] [EXT] Re: Internet Draft posted as requested -

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 20 December 2017 01:46 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35B9D126C83; Tue, 19 Dec 2017 17:46:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TDzhW5HeYPyZ; Tue, 19 Dec 2017 17:46:55 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94ABB124D85; Tue, 19 Dec 2017 17:46:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1513734414; x=1545270414; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=3RqtFr1zo/6OszrdqAc5Fd2lv/LChW5pjwDXaHZVVkY=; b=ZiG38+jGy9eeKX98pFnNydHhxopW7yz2GPAY8V5KlAze7lNmGYjv3SFW +3zrs0zNXagRHfNkpquOedM4G159GVVkoYQ8rjB5yzEB4O+l+dJBDcCWF K15abp4ybKUpNn7yNYo8m/jWebA01z/RYsOpI9EjqOykY25iqWJtKh4fu sTx4o4nr7hiZeZ3qB+PwESMvnIkDDvaolSu93z+hwzFefNl91IfH2ZD9Z 2exRNTVPULWqvBPQehAnv7LIxm33X991CkHpj+9Qyo0xxJQMpWXS5RT+h uZ8x04rIURUYakwiayeX2BlOQ8++eHxFaqbmx3Y6fhoZhDqn4GXpkjFct w==;
X-IronPort-AV: E=Sophos;i="5.45,429,1508756400"; d="scan'208";a="204760792"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-c.UoA.auckland.ac.nz) ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 20 Dec 2017 14:46:52 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.4) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 20 Dec 2017 14:46:52 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Wed, 20 Dec 2017 14:46:52 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Tero Kivinen <kivinen@iki.fi>, "Black, David" <David.Black@dell.com>
CC: "patient@ietf.org" <patient@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] [EXT] Re: [Patient] Internet Draft posted as requested -
Thread-Index: AQHTeCdAqRYgAb7440utfVulMGX/iaNJof+AgACmfICAAAfmgIABJ/t+
Date: Wed, 20 Dec 2017 01:46:51 +0000
Message-ID: <1513734394190.22316@cs.auckland.ac.nz>
References: <MWHPR16MB14881688FE400E3277CA8A9393310@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14889BEE3EB0ED5F328D7C3993370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14889B7535153E5844649CA393370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14880A12D15AC58FDD5CEC8793370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488D43F3B53BC7BBE9D836593370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488853B0E4F7BB8E557288D93370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB148845FB069D03625BC399B193370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488848D7AC828EBB8DA90B093350@MWHPR16MB1488.namprd16.prod.outlook.com> <DM5PR16MB148477E1FAA4C210A3B013F7930A0@DM5PR16MB1484.namprd16.prod.outlook.com> <dfdb52ca-81ae-50b7-cd5f-e256b5cb047d@cs.tcd.ie> <AF4C62E0-61AB-45DB-B3E6-56AB67A1070A@telefonica.com> <d47e82af-5c6f-9be5-4226-4d6713701148@cs.tcd.ie> <MWHPR16MB14889F9F1671437D969B83D8930E0@MWHPR16MB1488.namprd16.prod.outlook.com> <23096.60715.827133.431108@fireball.acr.fi> <CE03DB3D7B45C245BCA0D243277949362FE218DC@MX307CL04.corp.emc.com>, <23097.32627.710293.414741@fireball.acr.fi>
In-Reply-To: <23097.32627.710293.414741@fireball.acr.fi>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/JHC7FwOFT2Fq8-a7A6t7P7kvtqg>
Subject: Re: [Patient] [saag] [EXT] Re: Internet Draft posted as requested -
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2017 01:46:57 -0000

Tero Kivinen <kivinen@iki.fi> writes:

>On the other hand as that configuration is so common, lots of IoT devices
>have "call home" protocol, i.e., they will periodically connect to some home
>server and ask if there is anything they need to do, and this allows attack
>vector for attacking those devices.

Implementation of the equivalent of RFC 3093 is so widespread that I don't
know why it wasn't issued as standards-track...

The near-universal use of rendezvous servers as an extension of 3093 may
actually be worse than leaving the things exposed on the Internet [0]. Instead
of having to locate and compromise thousands or millions of individual
devices, all an attacker needs to do is get the rendezvous server and they own
all of them at once.

Peter.

[0] Comment based on no evidence whatsoever.