Re: [quicwg/base-drafts] Threat model discussion does not cover handshake MITM (#3512)

Eric Kinnear <notifications@github.com> Mon, 20 April 2020 06:14 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9191A3A1137 for <quic-issues@ietfa.amsl.com>; Sun, 19 Apr 2020 23:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pdj1rLc1aSq for <quic-issues@ietfa.amsl.com>; Sun, 19 Apr 2020 23:14:18 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC3643A1134 for <quic-issues@ietf.org>; Sun, 19 Apr 2020 23:14:17 -0700 (PDT)
Received: from github-lowworker-0eea13f.ash1-iad.github.net (github-lowworker-0eea13f.ash1-iad.github.net [10.56.109.26]) by smtp.github.com (Postfix) with ESMTP id BFD692C0E8A for <quic-issues@ietf.org>; Sun, 19 Apr 2020 23:14:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1587363256; bh=Oh44++DJstL/bLosLVUj6HdjPUDKIr0a3rNgc3KRQhA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=2akbl7DzGybxkOXKDf7v7dZgEh4/HI7FT84r/3i2fqzT6B3z2SgEsYkcwe3hcKpzg 8fED0q2w2SXs+/nRh/9s9BQfTkpgxZhZLiof76ll5Uwz101hxXETx+pf58uk9WBxNt PNONiO1kz2i7FOv4tJCkuHr72ekKjD+qal/ueltM=
Date: Sun, 19 Apr 2020 23:14:16 -0700
From: Eric Kinnear <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6FEHIJMDXGVFQ7FQ54VEPLREVBNHHCFCMR3U@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3512/616333629@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3512@github.com>
References: <quicwg/base-drafts/issues/3512@github.com>
Subject: Re: [quicwg/base-drafts] Threat model discussion does not cover handshake MITM (#3512)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e9d3db8b1154_52463ffbd18cd964982944"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/U6S-XDLZIOmflAGlieHhfGikl-0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 06:14:20 -0000

I can always provide comments, no guarantees on how much they'll help triage 😃 

IIRC, this is an issue filed from a comment on the threat model PR that was several-months merged to potentially increase the scope of what that covered.

I think that the original threat model that @ekr and I put together, covering the handshake and migration respectively, is intended to be the start of that section -- as additional items are discovered that could use coverage there to help clarify QUIC's stance on whatever issue, they should totally be added. I agree with @martinthomson that adding such items seem editorial, as it they aren't introducing any new requirements and are only capturing current realities as specified elsewhere.

(Of course, as that text is written, it seems logical that putting it all in words next to each other may highlight issues, and if the WG decides that we don't like how the current spec results in a particular security stance, we can open a design issue to change normative text elsewhere.)

So, I'd probably consider this editorial, and ask @mikkelfj to potentially contribute some text or clarify what he's looking to have covered by the original comment -- once that's clear, happy to help get a PR up if needed (or @martinthomson's text is always good too!).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3512#issuecomment-616333629