IETF Logo Mail Archive

RE: Request for Authenticated but not Encrypted Traffic

"Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org> Fri, 30 September 2022 10:32 UTC

Return-Path: <randy.armstrong@opcfoundation.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 960A1C157B5A for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 03:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_RED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opcfoundation.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQBwtJH_Rm05 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 03:32:22 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BC6AC157B59 for <quic@ietf.org>; Fri, 30 Sep 2022 03:32:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZP9gVLT9P494aTCNrRPwvGfzILi0dH8N8aj7hcAWZeu/uVvJ03JOedGxmNc7844Fk3xTfwCeI0mNtPFOfN/MxyaJIJqvpnQWaurHYVJDbv9nJTJ5hrNMEe6qftJaLDVCPsFX7xe0Nk9Lko10WU3YM/HUZidnnemCePrJXnmXe/3YrW9dC/i3mgISLQqKWrjtoMsbugQEzUJs8wTfwn39FXh3tES/IuSL3TBJaQUZVT5kpiHwmZt8ItUPbhN44CvhlFANG1F4gEphVgbLlXD7Ad8IjRyPqDujX+4eRp2ArhXWLpRGeWQLEPL+qIbXaF4OV3NAslwjL82bxxJlH1dN2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7tfQjsJytgxyj08xjgCMUSl9p38lCWWlkHXS+2Oh1CM=; b=gwL5szTg0Ynt+ShMy4n38iqGp1/7nOYWNq4cYTHm4M0pyOIplbjM5TUsNjnpTzCnbhd645QnXnltDRUkCpisVEXm1PSUgS435OYAaMWjsDIBzWZqzx+tx5JBqdLRGEUrso7qgrRgfBAJGAYfJpkOn1748S9Ha3LOYNISR+IiymQwPZybF3gEHMjgkzmio6Fhf0XWP52Bo6QW+Mg+sgo1Sb5rR5VDGqsY11bGmJim8rir5HbdxwwKx3dhmMx24sZ691/te4xqbUu/Kh4m8rQrbO5moACN9Fhn9xICP5b1r0J2tu93Uomu0iX8nObSWk47n0el0ZL9rQzZNLtRZ3JHuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opcfoundation.org; dmarc=pass action=none header.from=opcfoundation.org; dkim=pass header.d=opcfoundation.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opcfoundation.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7tfQjsJytgxyj08xjgCMUSl9p38lCWWlkHXS+2Oh1CM=; b=nijXSWuesDCuLyNh6kk0qUUpGnWBsKoI1AqKDlNuHGuAjqnciKPJHd31KU+AC43a+0MJr0kSXlUG/DwY2N+g0hdGO/aFYRVU0+mwKQbnrGdDF1WYQwDoUiOdB4Upt61VnJV3DpOqCWqMd4MUD+jSvDIdu98ds/PWS8gKEZK+IHc=
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com (2603:10b6:a03:41a::13) by PH0PR08MB7672.namprd08.prod.outlook.com (2603:10b6:510:dc::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.22; Fri, 30 Sep 2022 10:32:18 +0000
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0]) by SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0%9]) with mapi id 15.20.5676.017; Fri, 30 Sep 2022 10:32:17 +0000
From: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
To: Eliot Lear <lear@lear.ch>
CC: Phillip Hallam-Baker <phill@hallambaker.com>, "quic@ietf.org" <quic@ietf.org>
Subject: RE: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAeZlEAAAE43xAABNiTgAAEnpxwAAGgIwAAAbrB8AAAiVmAAAARkjA=
Date: Fri, 30 Sep 2022 10:32:17 +0000
Message-ID: <SJ0PR08MB82881B90F6E5B79F9CC56BD7FA569@SJ0PR08MB8288.namprd08.prod.outlook.com>
References: <SJ0PR08MB8288DD5A44F1E2259E01BA3FFA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <93C70EB8-EAB9-4394-8D9C-8E8EBDAF30F1@lear.ch>
In-Reply-To: <93C70EB8-EAB9-4394-8D9C-8E8EBDAF30F1@lear.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=opcfoundation.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR08MB8288:EE_|PH0PR08MB7672:EE_
x-ms-office365-filtering-correlation-id: b2399400-3fff-47f9-b1a9-08daa2cf0c93
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zi8FEt+7+H2krw5aawebwSYnkWFSLb+9+wwShmcflHSebDSE3c2oB/X4qj9+wO32azKagjb6vkAxgszp5NrBREJtBz87PKvgbNXmc1nNiliOJ9+vJ7GYRTO3HyaR80bMQqrQufFwG/KPu5EKPpd5wDUyc+bI8GPjDA6HEaHZ65RV42APFtIvYjnachAmaeUWShs6li3r5z1glbvIL7SN1dCl6eMDjKL84nrz8QwjwHmJ6dxpyQf8XmWCQxUWM4bMZey6MYbtnCzqrnyF2fiLWNZvKfT+veAB8Y6tb9rBa2/ZzZtywtwi33s8D8oUOvsBVCU9VwZwFNh0Zq3gOy+0/cgEFm/gJJ5lYa8ZSHuGqh5UV9Zw3k8oP78Z6Iu6R8ANLCBSXwFNnsQErZxXRQ/qIliPdIQ1lEWaxbzJ8/6J0XIFXkQfwUp3aYB9eal3qs9+uZysrYPi+PmLegft0m3Vn1VAndsMW3coVH7M7g7w2hvHRlnDshce7Qno1yPqGqti8LJmDZL5sigm0yZ/3nd/8jSD3H5JLMAFyHugLF+VAEFBu/X9VnJ1MTkA8dvJzJQ2MvU6aGT8eKLmLDKYEHlBuqSe9v8Vp2zovXxr9TeDMk6ZXCN9xz8Q6zcl1aPFit1Q225JdJKa5xvm+obB6Nl1b31MdeEsEV8q94laRTWpHa8KB0WJzj650brOdPjrfMMOqML2ZwfPR6n2jrrh7OfXVuzOgKS/SMnB+ClBw0kp/75/OMDLORnqA9awySrmSz0Xx1lfDiCDARFlN7y0wld0MA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR08MB8288.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(366004)(376002)(39830400003)(346002)(136003)(396003)(451199015)(66946007)(54906003)(122000001)(66476007)(66446008)(66556008)(64756008)(8676002)(4326008)(38070700005)(55016003)(76116006)(316002)(6916009)(66574015)(83380400001)(9686003)(33656002)(186003)(53546011)(26005)(7696005)(6506007)(8936002)(71200400001)(38100700002)(478600001)(86362001)(41300700001)(5660300002)(52536014)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SAozPs7nNCpJdGZnBtAiQSzeaPrAPySOLI7Gvjux0Hc0ELzDnxQ07q4AnCqXL9kr6Whm3na9fURrVdow+vpDI+z8Czzd1g6KERLnBWUfInsbXuHbKHx/ChBzRX4h1mJIbnSuGScGA3CbzqImdyJAT+nkYVsDgFh2P1u6KdZJ7JwAPcA0Af+8s0VY2PSM4jJ8Zb2jl+Yr114jm1Rt8g1eRK/e6EIe0vrvQDfnW7dFQxwWSwaOnE2TxdyLwR6SzMIXzH+X4+rueS2S6t4cOwYsc9UzaExnZ+bFyh0fgHd2s6xdFU2fzSfdJmS/eLYf0lHD1ygwPHAHitZZQyF6Ue455ANlsmtsrak0PJrV9iGLFLHt7kDxbE8N5Wo1OeaYoNr/HtWAI3LzR8+BongjUZs0F2p8Qv6wMx9O1Ctv98RnGtUG1lb/tHqc7ZN/8SZ+Bx8jt9apjyfFXWSF0+Ih8VHYb9oGsvaZ0/mKh7Rp+9sK4wEX0yB0suQTBncBGxkXWLvJ1k3xjxeIT+xwAEkZZqaKuJfA8Zm/+rInLwiECM9mv6L01mtyDL4bhnIuzrO0SUGEA9qpkQA3dNRCae9aMTyrPyAkxoD7vimlPMrOiaTuyQcZq8FQhTYisBdvABUkZ6g0LEvsDhGI3GJfXOCp5KX5vir9q8tU65n85/3fn5ZZG9LNWPXvXKjxKO50KU/n+GZ50Jm/SuZKWCWuK7a666Dv8wUi7SHvD8r/KKA/TKlliDclgOQmW+lHVZtjVAYmmMBKkvIc7JwvVDgPWY5+CcGffZTJTQUnEoTee98Zr0sxOOH+0hAEvrh7V5ws3Q6/TdO6RMiyGhEjYpPd8iHqb38gm2JSa5y4u32/f/lDq2+Nm8p1sD/XregsxAa6WzQf3REyh63qNdkvRwX/R/KiQ2SYHbFXKm6zYGKvWZEMPPA7lUQjuVIA6jfn7knTl1QKff5siCFvXUfDI0ZVDwUmZo/NhsAimN4g59QB+015DUlvjzaQDqll8xpv+d/cUtZ5KxM1hhCJkgEVGDWZq9p6rXmO8nmhqPHN+RJtSFD9eigvpM9W+4h1cwIJt+AAebs0Xsxch+ChQkQ49XPeGwJM8MyDUYcq72RSSeBYr/qvhiCweuSuH0FR4/i7k191ohsGVvnnKlDJlbLkkGr+JQCWzrSMzDewSTIrH6Cz5VFIxLpUjetMd1Vh0XPTF07ItUAaz2bqfdAyOcxiyo/bfYd76O9cglk09Gzz4A/I1eeWnmp7iFZPOkCGSjC0+HuUl1O355HOYWewqYmLZ8zu2PrSjdTHQ3y6gUvp6eCd42IIpnqAHs6/ptb9VqUSs5Im7ie2VJdmcpA/PmX0bet4e16IDe10EhFtDZ9cuuZWhBkK3PsC3Wj/lfvgWRwwV25zp3pUBsOWwDIzjusypH4BgvZwAG/ENkUx0WMbFA6IRHAd4+2Yr/82zHh5D76fzZlgB/qwzrEUUGKG9mf1igBLAzoqBazIG17UeIEpIgK67iAY6ynVhEownSmKCXvacAFlUDWS6AbWiBrEBq5ESMgZvbZOuo9XYURKMC5iWGeIeb5JNoLvpZf9poaLjR5tLdkGz5JOoUUOIFb/yqfz6dXyX36O/mTOc6+DSMG+DmOrY7rsQUFfRd8=
Content-Type: multipart/alternative; boundary="_000_SJ0PR08MB82881B90F6E5B79F9CC56BD7FA569SJ0PR08MB8288namp_"
MIME-Version: 1.0
X-OriginatorOrg: opcfoundation.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR08MB8288.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b2399400-3fff-47f9-b1a9-08daa2cf0c93
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2022 10:32:17.8969 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2d8ef4e4-d41c-489c-8004-bb99304b60fe
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qZx9guqtrxgYPDRGEQGpxaM+S7lzzzx/6ARkW7f4Zq2GDHDykJ7A9xGq1BWB3Co/7oJbAo92BqX/1XyTYZICUEG2o4SqqGdO2BeRpEyjERFX8j3EbGmuA4/Q62bsEKoA
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR08MB7672
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/hORMU5guMoeijqXvZAYh6H_Bu5w>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 10:32:26 -0000

Scenario 1) A device with a trusted certificate is compromised and starts probing other devices in the network in ways that make no sense given its role.

Scenario 2) A connection from a device is established using a valid certificate that was not assigned to that device.

Scenario 3) A device is misconfigured and attempts a valid write to a PLC at a time when the configuration of the PLC should not be changing.

Basically when a factory is operational the flows of valid data have known statistical distributions and it is useful to watch for and flag activity that is not expected. This is particularly important since hacks often come from otherwise legitimate devices that have been compromised (i.e. attacks do not come from the internet directly).

One of the features of OT devices which is not that common now but will be common in the future is h/w based key storage. This means it is physically impossible to provide copies of the private keys to any third party. This would prevent any mechanism that depends on having access to all parties private keys from working. In this scenario, the only viable option is to disable encryption.

From: Eliot Lear <lear@lear.ch>
Sent: Friday, September 30, 2022 6:49 PM
To: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>; quic@ietf.org
Subject: Re: Request for Authenticated but not Encrypted Traffic

Ok. So a bit more detail, please.  For example, people are suggesting that clients report keys to authorized parties. This is a no-code solution from a standards perspective. But does it meet your members’ needs in terms of monitoring, auditing, etc?  If not why not?  For instance, what happens if one end is hacked?  Could it report incorrect keys that would be spotted in a timely fashion?

Eliot


On 30 Sep 2022, at 11:37, Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org<mailto:randy.armstrong@opcfoundation.org>> wrote:

The requirement is that factory owners need to use tools to monitor network traffic to detect anomalies.

From: Eliot Lear <lear@lear.ch<mailto:lear@lear.ch>>
Sent: Friday, September 30, 2022 5:44 PM
To: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org<mailto:randy.armstrong@opcfoundation.org>>; Phillip Hallam-Baker <phill@hallambaker.com<mailto:phill@hallambaker.com>>
Cc: quic@ietf.org<mailto:quic@ietf.org>
Subject: Re: Request for Authenticated but not Encrypted Traffic


Randy,

I'm not discussing backdoors, but requirements.  State your requirements.

Eliot
On 30.09.22 10:38, Randy Armstrong (OPC) wrote:

  1.  I think the key point here is that sometimes observability is a feature and not a bug.  This is particularly important in industrial/critical infrastructure.  That observability can be achieved in many ways.  One question is whether the observability itself should itself be authorized.

Putting backdoors into protocols is not equivalent to letting applications decide to skip encryption.

A backdoor is like giving law enforcement codes to break into a cellphone and hoping that they will never abuse the power or the codes will never fall into the hands of criminals. Letting applications decide is equivalent to an owner of a cellphone choosing not to lock their screen because they decide there is nothing that needs protecting.

IOW, the fact that some users might be willing to live with the risk of a compromised system by allowing for backdoors is not a reason to refuse to allow other users to make a decision send data in clear text when and only when they decide it is safe.

v2.23.0 | Report a Bug | By Email