Re: [pkix] RFC 5742 review of draft-hotz-kx509 and about RFC 4211

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

On Jun 1, 2012, at 12:24 AM, <denis.pinkas@bull.net> wrote:

> First of all, thank you for both of you for your fast response. 

No prob.

> I am not arguing there is an RFC 5742 conflict with this document. 

OK.  Thanks.

> Since you said that is an attempt to document an existing deployed protocol, we cannot change it. 
> 
> Since you said that designing a better protocol is an expected follow-on work, I raise the question to both the editors and the WG chairs whether the document should be on the experimental track rather than on the informational track. 

The question has come up before, at least generically.  (With Steve Kent IIRC.)  I don't think it should be standards track because we want to fix it.  I don't think it's actually experimental because it's somewhat widely deployed.  I don't think it's historic because it's currently in use and we don't have a replacement designed yet.  I do think it's informational because, well, the document is providing useful information about a real internet protocol.

> Clearly, I believe that only changes to the security consideration sections should be made, keeping in mind that confidentiality an integrity protection can be done at lower layers. This is what the security considerations section should recommend. 

As I said in other email, adding confidentiality will probably be done in a future, incompatible version.  Integrity protection is already provided (though without algorithm agility which will also be added in a future, incompatible version).  The existing deployments are over bare UDP.

> Finally, I believe an errata on RFC 4211 should be prepared, but this is a separate concern with Jim. 
> 
> Denis 
> 
> 
> 
> De :        Russ Allbery <rra@stanford.edu> 
> A :        denis.pinkas@bull.net 
> Cc :        hotz@jpl.nasa.gov, Jim Schaad <ietf@augustcellars.com>, pkix <pkix@ietf.org> 
> Date :        01/06/2012 07:20 
> Objet :        Re: [pkix] RFC 5742 review of draft-hotz-kx509 and about RFC 4211 
> 
> 
> 
> denis.pinkas@bull.net writes:
> 
> > I skimmed through the document and read the following two sentences:
> 
> >    The public key in the request is sent in the clear, and without any
> >    guarantees that the requestor actually possesses the corresponding
> >    private key.
> 
> >    [RFC4211], Appendix C contains a more detailed discussion of why 
> >    proof-of-possession is important.
> 
> > I have concerns with both sentences.
> 
> > [RFC4211] is incorrect and this has security implications on the
> > proposed protocol.
> 
> Hi Denis,
> 
> As Henry has mentioned, we have the limitation with this particular
> document that we're attempting to document an existing, deployed protocol
> sufficiently that interoperable implementations can be created.  This
> protocol is deficient in multiple ways, and designing a better protocol is
> expected follow-on work.  Changing something fundamental, such as
> requiring confidentiality in this protocol exchange, would defeat the
> point of the current work.
> 
> Therefore, I think that any remedy here should be limited to clearly
> documenting the issue in the Security Considerations section rather than
> changing the protocol.
> 
> If I'm understanding your message properly, you're saying that there is a
> partial defense against the lack of proof-of-possession by adding
> confidentiality protection to the exchange.  I'm not sure in this context
> whether this really changes the security analysis of this protocol, given
> that no confidentiality is used.  But if I'm missing something, could you
> suggest something that we could add to Security Considerations?
> 
> -- 
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
> 

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu