IETF Logo Mail Archive

Re: [perpass] Howdy!

"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Fri, 06 September 2013 20:02 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABBE521F9EAE for <perpass@ietfa.amsl.com>; Fri, 6 Sep 2013 13:02:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.392
X-Spam-Level:
X-Spam-Status: No, score=-2.392 tagged_above=-999 required=5 tests=[AWL=0.207, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXtHxEqHw1DK for <perpass@ietfa.amsl.com>; Fri, 6 Sep 2013 13:02:33 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id 9C41C11E80EE for <perpass@ietf.org>; Fri, 6 Sep 2013 13:02:30 -0700 (PDT)
Received: from maildlpprd53.lss.emc.com (maildlpprd53.lss.emc.com [10.106.48.157]) by mailuogwprd53.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r86K2DUZ018150 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Sep 2013 16:02:15 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com r86K2DUZ018150
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1378497735; bh=r30ZqGETAFe6/ZevE4/HxGAcE8o=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=wmna5MQwyh6crgztuYcLf85mrnRE2HJRjwtvooGYYnqciml1KRrdyIVeQjZVdJDCE JdP0Y3PxzU44LLfN7IvXN6SjSs5mdqLczA/27RFpsDvbGL/h4U4r9YoqJ6m4+jbW9F 6Rm+fAVw5OYVNhArn8UGInkWOWLe8TSfRMVHSMaw=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com r86K2DUZ018150
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com [10.106.48.19]) by maildlpprd53.lss.emc.com (RSA Interceptor); Fri, 6 Sep 2013 16:02:00 -0400
Received: from mxhub31.corp.emc.com (mxhub31.corp.emc.com [128.222.70.171]) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r86K1vRa024466 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 6 Sep 2013 16:02:00 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub31.corp.emc.com ([128.222.70.171]) with mapi; Fri, 6 Sep 2013 16:01:58 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dean Willis <dean.willis@softarmor.com>
Date: Fri, 06 Sep 2013 16:01:56 -0400
Thread-Topic: [perpass] Howdy!
Thread-Index: Ac6rOrMmHbMKw99NQbah4syTAb3YJwAAFmvA
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E642232@MX15A.corp.emc.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie> <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com> <522A328A.5060008@cs.tcd.ie>
In-Reply-To: <522A328A.5060008@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-EMM-GWVC: 1
X-EMM-McAfeeVC: 1
X-RSA-Classifications: DLM_1, public
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 20:02:37 -0000

Hi,

I agree, some are great suggestions.  However, I don't think the use of well-known ports matter that much.  Proxy firewalls know how to detect and decipher protocols regardless of the port the protocol is sent over.  We have been aware of those capabilities as well as the MITM capabilities of products (firewalls, load balancers, etc.) for quite some time, but just accepted them in corporate settings or limited what we do/did from those environments.

I am also thinking more about information sharing and object level security since I co-chair MILE.  In RID, RFC6545 Section 9.1, it describes how to apply object level security specific to traffic over RID.  Many of us know that you can cite sections of an RFC, but not everyone knows that.  I am wondering if it would be helpful for me to write a generic version of that section (updating it where needed) to apply to any XML schema and any form of transport.  If so, I'll get that ready for the cut off.  This could be used by SACM as well, maybe other groups too.

The draft Matt Miller is working on addresses object level security for XMPP, so you may not need what I described for XMPP...

Thanks,
Kathleen

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf Of Stephen Farrell
Sent: Friday, September 06, 2013 3:53 PM
To: Dean Willis
Cc: perpass@ietf.org
Subject: Re: [perpass] Howdy!


Hi Dean,

My bet would be that some some but not all of those might fly.

Others opinions?

S.

On 09/06/2013 02:23 AM, Dean Willis wrote:
> 
> On Sep 2, 2013, at 1:55 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>> So, given you've been thinking about this for maybe longer than most 
>> I'm wondering if you have any specific protocol changes or additions 
>> you'd suggest, or descriptions of new threat models that could be 
>> useful to WGs developing or maintaining protocols? IMO, things like 
>> that would be most useful for now.
>>
> 
> I think there are a couple of principles that we need to adopt IETF-wide.
> 
> Part of the definition of "good Internet citizen" for a protocol or application is that not only does that protocol/application include anti-surveillance principles for itself, but that it helps OTHER protocols avoid surveillance. Surveillance-resistance is MORE IMPORTANT than optimizing transport efficiency.
> 
> So, a couple of rules, probably badly organized:
> 
> 1) Everything SHOULD be encrypted, unless there is an absolute operational requirement not to. This means "encryption by default" in new protocols, and not even specifying unencrypted operations modes unless necessary. Older protocol specs still in use should be revised to require encryption. Deprecate the non "s" versions of protocols.
> 
> 2) Well-known ports should be avoided. Or overloaded to the point where the port number is no longer a significant indicator to the application. This gives rise to the "everything over 443" mentality, which we need to find a way to handle gracefully. Demuxing the service within the channel is a better idea than I used to think.
> 
> 3) Packet sizes should be variable, preferably random. This is the opposite of the "discover the MTU and fill every packet" model of efficiency. Or, we could make all packets the same fixed size by padding small ones. I like random better, but there might well be some hardware optimizations around fixed packet sizes.
> 
> 4) Every protocol spec needs to include a pseudonymous usage model, and most should include an anonymous usage model.
> 
> 5) New protocols should be built around end-to-end crypto rather than relying on transport-level wrappers for everything. It's too easy to use a compromised CA-cert to dynamically build a TLS proxy cert. Some level of key delivery out-of-band, coupled to in-band footprint verification, is probably needed. zRTP is a good model.
> 
> 6) Randomizing interpacket timing is useful. This does all sorts of horrible things to both TCP optimization and the jitter buffers in real-time communications. But it's worth it. Remember, surveillance-resistance is MORE IMPORTANT than efficiency.
> 
> 7) Peer-to-peer, DTN, and peer-relay (TURN, for example) all have lessons we should learn. So does TOR.
> 
> 8) Every piece of crypto-advice needs serious, multiparty, international, and aggressive review. No more documents authored by NSA shills (which Schneier says we seem to have).
> 
> --
> Dean
> 
> 
> 
> 
> 
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email