Re: [pcp] Posted auth req slide that was edited during meeting
Sam Hartman <hartmans@painless-security.com> Tue, 26 March 2013 02:21 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1465321F88A3 for <pcp@ietfa.amsl.com>; Mon, 25 Mar 2013 19:21:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Axqh+GkIlWE for <pcp@ietfa.amsl.com>; Mon, 25 Mar 2013 19:21:31 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id D444121F889D for <pcp@ietf.org>; Mon, 25 Mar 2013 19:21:31 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id 6E4342016B; Mon, 25 Mar 2013 22:20:38 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id DC40E4497; Mon, 25 Mar 2013 22:21:22 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: yoshihiro.ohba@toshiba.co.jp
References: <341064315C6D0D498193B256F238CF9747C9C9@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <5EF8B214-6563-47C7-9D48-621D9D5E1B29@yegin.org> <tslip4r42r3.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CD0A01@tgxml337.toshiba.local> <tslk3p4zyze.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB0CB@tgxml337.toshiba.local> <tsl620ox0zb.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB148@tgxml337.toshiba.local> <674F70E5F2BE564CB06B6901FD3DD78B12CDEA18@tgxml337.toshiba.local>
Date: Mon, 25 Mar 2013 22:21:22 -0400
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12CDEA18@tgxml337.toshiba.local> (yoshihiro ohba's message of "Thu, 21 Mar 2013 16:41:58 +0000")
Message-ID: <tslvc8e52al.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 02:21:33 -0000
>>>>> <yoshihiro.ohba@toshiba.co.jp> writes: > Can we take silence as agreement about re-auth to happen before > the SA expires? Yoshihiro Ohba I'm sorry; I missed this message somehow (my fault) and noticed it because you replied to it. When we were last conversing, we agreed that the attacks we were trying to prevent were a PCP client modifying mapping state after the SA has expired. However, I don't see how those attacks are possible with either option 3 or 4. Option 3 provides protected signaling of a re-auth request. At worst, option 3 is no more secure than option 2. Option 4 provides protected signaling about potential server updates in an expired SA. However, the attacks we agreed are the ones of concern cannot happen with option 4 , because the client cannot change PCP state using an expired SA in that case. My preference list of options is 4, 3, 2, 1, your modified option 1. The reason I dislike your modified option is that it's not clear when a client or server should offer re-authentication in that case, so I believe that your proposal will lead to less interoperability than option 1. Prior to the meeting, I believe that we had ruled out option 1 and 4 and had a consensus on the list that was ambiguous between option 2 and 3. At the meeting Stuart asked to re-open option 4. My assumption is that Stuart probably also considers option 4 most preferred. --Sam
- [pcp] Posted auth req slide that was edited durin… Dave Thaler
- Re: [pcp] Posted auth req slide that was edited d… Alper Yegin
- Re: [pcp] Posted auth req slide that was edited d… Rafa Marin Lopez
- Re: [pcp] Posted auth req slide that was edited d… Sam Hartman
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Sam Hartman
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Sam Hartman
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Sam Hartman
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Sam Hartman
- Re: [pcp] Posted auth req slide that was edited d… Dan Wing
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Dan Wing
- Re: [pcp] Posted auth req slide that was edited d… Dave Thaler
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… Dave Thaler
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba
- Re: [pcp] Posted auth req slide that was edited d… yoshihiro.ohba