Re: [Pppext] Future of the PPP WG

Vernon Schryver <vjs@rhyolite.com> Sat, 10 September 2011 03:35 UTC

Return-Path: <vjs@rhyolite.com>
X-Original-To: pppext@ietfa.amsl.com
Delivered-To: pppext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C9D621F85B1 for <pppext@ietfa.amsl.com>; Fri, 9 Sep 2011 20:35:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8TlVK2s6lKt for <pppext@ietfa.amsl.com>; Fri, 9 Sep 2011 20:35:36 -0700 (PDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [IPv6:2001:4978:230::3]) by ietfa.amsl.com (Postfix) with ESMTP id D8B9C21F85AE for <pppext@ietf.org>; Fri, 9 Sep 2011 20:35:35 -0700 (PDT)
Received: from calcite.rhyolite.com (localhost [127.0.0.1]) by calcite.rhyolite.com (8.14.4/8.14.4) with ESMTP id p8A3bLT2074938 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pppext@ietf.org> env-from <vjs@rhyolite.com>; Sat, 10 Sep 2011 03:37:21 GMT
Received: (from vjs@localhost) by calcite.rhyolite.com (8.14.4/8.14.4/Submit) id p8A3bINo074937 for pppext@ietf.org; Sat, 10 Sep 2011 03:37:18 GMT
Date: Sat, 10 Sep 2011 03:37:18 GMT
From: Vernon Schryver <vjs@rhyolite.com>
Message-Id: <201109100337.p8A3bINo074937@calcite.rhyolite.com>
To: pppext@ietf.org
In-Reply-To: <201109100127.p8A1QxVI003799@cichlid.raleigh.ibm.com>
X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist
Subject: Re: [Pppext] Future of the PPP WG
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pppext>, <mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2011 03:35:36 -0000

> From: Thomas Narten <narten@us.ibm.com>

>            (By that, are there still folk doing PPP implementations
> that would read such documents?)
>
> This WG's current charter seems to be very realistic and pragmatic
> given the state of both PPP and the WG. We should not be updating the
> charter to add items that will in practice never get done, no matter
> how much we might like to see such work getting done (in an ideal
> world).

A more accurate way to say that is that this WG should not be turned
into a vanity press for old folks trying to prove we're not irrelevant.

If there is real and substantial work to be done, then it should be
proposed before changing the charter in sufficient detail to convince
honest and well informed third parties that and how the charter should
be changed.

Observations that the security of PPP protocols might be improved
would be valid but entirely insufficient.  Significant needs and
potential fixes must be proposed before starting yet another
multi-year PPP project that would not finish before IPv4 address
exhaustion finally makes IPv6 real.

 ...

Personally I think PPP insecurity was never a very pressing problem,
because link layer security never mattered as much as security at
higher layers.

Besides, other link layer protocols such as 802.11 that are more
popular (measured by nodes using them) and less secure (as commonly
deployed) make the insecurity of PPP links moot.  What bad guy would
bother attacking a PPP/DSL link when a radio can get bits on and
off the same PPP link easier and with fewer traces?

Link layer encryption, authentication, and authorization don't
matter a lot if you have end-to-end confidentiality, authentication,
authorization, non-repudiation, etc.  On the other hand, if you
haven't secured things end-to-end, then link layer security is 
snake oil.

If you've the least connection to today's operational security
community, you know that the worst that could happen with a link layer
attack is trivial compared what happens now in higher layers.  Even
if this WG could fix PPP security this decade, wouldn't the effort
of the rest of the IETF in reviewing, advancing, and shuffling our
documents be better spent in the higher layers?  Recall BPG security,
what DigiNotar and Comodo prove about PKI (that we all knew many years
ago), old style insecure DNS, DNSSEC vulnerabilities analogous to the
PKI problems, the RIR issues, and so forth and so on and on.


It would be nice to fix nasty messes such as PPPoE, but that ship
has also sailed.


Vernon Schryver    vjs@rhyolite.com