IETF Logo Mail Archive

Re: [pcp] Posted auth req slide that was edited during meeting

<yoshihiro.ohba@toshiba.co.jp> Wed, 27 March 2013 03:54 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01D5021E8083 for <pcp@ietfa.amsl.com>; Tue, 26 Mar 2013 20:54:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAXqpHs-1dkn for <pcp@ietfa.amsl.com>; Tue, 26 Mar 2013 20:54:42 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 7789A21E8084 for <pcp@ietf.org>; Tue, 26 Mar 2013 20:54:42 -0700 (PDT)
Received: from tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp ([133.199.200.50]) by imx2.toshiba.co.jp with ESMTP id r2R3sfjU001366 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Mar 2013 12:54:41 +0900 (JST)
Received: from tsbmgw-mgw02 (localhost [127.0.0.1]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2R3sfuR011487; Wed, 27 Mar 2013 12:54:41 +0900
Received: from localhost ([127.0.0.1]) by tsbmgw-mgw02 (JAMES SMTP Server 2.3.1) with SMTP ID 720; Wed, 27 Mar 2013 12:54:41 +0900 (JST)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2R3sfwu011484; Wed, 27 Mar 2013 12:54:41 +0900
Received: (from root@localhost) by arc1.toshiba.co.jp id r2R3seT7012630; Wed, 27 Mar 2013 12:54:40 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id NAA12629; Wed, 27 Mar 2013 12:54:40 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id r2R3seiY014786; Wed, 27 Mar 2013 12:54:40 +0900 (JST)
Received: from TGXML330.toshiba.local by toshiba.co.jp id r2R3seAR021830; Wed, 27 Mar 2013 12:54:40 +0900 (JST)
Received: from TGXML337.toshiba.local ([169.254.3.203]) by TGXML330.toshiba.local ([133.199.60.204]) with mapi id 14.02.0328.009; Wed, 27 Mar 2013 12:54:40 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: dthaler@microsoft.com, hartmans@painless-security.com
Thread-Topic: [pcp] Posted auth req slide that was edited during meeting
Thread-Index: AQHOKiGOZVo7fOcKTKW7xX5uXeSScpi4uthAgAAgv3CAAAL14IAABiHA
Date: Wed, 27 Mar 2013 03:54:40 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B12CE116D@tgxml337.toshiba.local>
References: <341064315C6D0D498193B256F238CF9747C9C9@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <5EF8B214-6563-47C7-9D48-621D9D5E1B29@yegin.org> <tslip4r42r3.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CD0A01@tgxml337.toshiba.local> <tslk3p4zyze.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB0CB@tgxml337.toshiba.local> <tsl620ox0zb.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB148@tgxml337.toshiba.local> <674F70E5F2BE564CB06B6901FD3DD78B12CDEA18@tgxml337.toshiba.local> <tslvc8e52al.fsf@mit.edu> <tslip4e48td.fsf@mit.edu> <44E744236D325141AE8DDC88A45908AD0BEE66@TK5EX14MBXC264.redmond.corp.microsoft.com> <674F70E5F2BE564CB06B6901FD3DD78B12CE1134@tgxml337.toshiba.local> <44E744236D325141AE8DDC88A45908AD0BF2D1@TK5EX14MBXC264.redmond.corp.microsoft.com>
In-Reply-To: <44E744236D325141AE8DDC88A45908AD0BF2D1@TK5EX14MBXC264.redmond.corp.microsoft.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.199.147.66]
msscp.transfermailtomossagent: 103
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 03:54:44 -0000

-----Original Message-----
From: Dave Thaler [mailto:dthaler@microsoft.com] 
Sent: Wednesday, March 27, 2013 12:19 PM
To: ohba yoshihiro; hartmans@painless-security.com
Cc: pcp@ietf.org
Subject: RE: [pcp] Posted auth req slide that was edited during meeting

> -----Original Message-----
> From: yoshihiro.ohba@toshiba.co.jp 
> [mailto:yoshihiro.ohba@toshiba.co.jp]
> Sent: Tuesday, March 26, 2013 8:13 PM
> To: Dave Thaler; hartmans@painless-security.com
> Cc: pcp@ietf.org
> Subject: RE: [pcp] Posted auth req slide that was edited during 
> meeting
> 
> I agree to enforce in servers that clients cannot send messages using 
> expired SAs to avoid security issues.
> 
> For the same reason, we should also enforce in clients that servers 
> cannot send messages using expired SAs.

No, the same reason doesn't apply.   The reason to enforce in servers is
to prevent modification of server state.

Enforcing in clients wouldn't mitigate any state change attack I understand.
The message from a server using an expired SA would just have the effect of (for example) being a hint to the client that it needs to refresh its state in the server, and could trigger the client to do reauth as it needs to send a MAP or
PEER or whatever.   So I think the effects are quite different.

Is there some attack you have in mind that doing enforcement in the client would mitigate?

[YO] Since it is only "a hint" (since the client has no state for the "expired" SA), there can be  a false re-authentication trigger DoS attack.  If the client has to keep the expired SA, I consider it is not actually expired as I mentioned in Orlando meeting. I feel that we do not have a common understanding about "expired SA" in this debate.

Yoshihiro Ohba

-Dave

> 
> Yoshihiro Ohba
> 
> -----Original Message-----
> From: Dave Thaler [mailto:dthaler@microsoft.com]
> Sent: Wednesday, March 27, 2013 10:09 AM
> To: Sam Hartman; ohba yoshihiro
> Cc: pcp@ietf.org
> Subject: RE: [pcp] Posted auth req slide that was edited during 
> meeting
> 
> 
> > -----Original Message-----
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf 
> > Of Sam Hartman
> > Sent: Tuesday, March 26, 2013 5:58 AM
> > To: yoshihiro.ohba@toshiba.co.jp
> > Cc: pcp@ietf.org
> > Subject: Re: [pcp] Posted auth req slide that was edited during 
> > meeting
> >
> > I'm sorry, but I think it's totally reasonable to mandate in a spec 
> > and enforce in servers that PCP clients cannot send messages using 
> > expired
> SAs.
> [...]
> 
> (With no hats on) I agree with the above.   It's totally reasonable to mandate
> such a thing, if that's what the WG decides to do.
> 
> -Dave

v2.23.0 | Report a Bug | By Email