Re: [RTG-DIR] [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
"BRUNGARD, DEBORAH A" <db3546@att.com> Thu, 13 August 2020 23:20 UTC
Return-Path: <db3546@att.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9B13A0A94; Thu, 13 Aug 2020 16:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQRAuegMIjny; Thu, 13 Aug 2020 16:20:54 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AABC23A0A79; Thu, 13 Aug 2020 16:20:54 -0700 (PDT)
Received: from pps.filterd (m0083689.ppops.net [127.0.0.1]) by m0083689.ppops.net-00191d01. (8.16.0.42/8.16.0.42) with SMTP id 07DNBn1O001638; Thu, 13 Aug 2020 19:20:53 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0083689.ppops.net-00191d01. with ESMTP id 32we4212x8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 Aug 2020 19:20:53 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 07DNKqHd021560; Thu, 13 Aug 2020 19:20:52 -0400
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [135.47.91.179]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 07DNKi91021412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 13 Aug 2020 19:20:44 -0400
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [127.0.0.1]) by zlp30484.vci.att.com (Service) with ESMTP id E1CD640006FD; Thu, 13 Aug 2020 23:20:44 +0000 (GMT)
Received: from GAALPA1MSGEX1DD.ITServices.sbc.com (unknown [135.50.89.117]) by zlp30484.vci.att.com (Service) with ESMTPS id C79954009E62; Thu, 13 Aug 2020 23:20:44 +0000 (GMT)
Received: from GAALPA1MSGEX1DE.ITServices.sbc.com (135.50.89.118) by GAALPA1MSGEX1DD.ITServices.sbc.com (135.50.89.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Thu, 13 Aug 2020 19:20:37 -0400
Received: from GAALPA1MSGEX1DE.ITServices.sbc.com ([135.50.89.118]) by GAALPA1MSGEX1DE.ITServices.sbc.com ([135.50.89.118]) with mapi id 15.01.2044.004; Thu, 13 Aug 2020 19:20:37 -0400
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'Stewart Bryant' <stewart.bryant@gmail.com>
CC: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-detnet-security.all@ietf.org" <draft-ietf-detnet-security.all@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
Thread-Index: AdZxxNsDm7IRxEpwSOWs8NSmXXLbSg==
Date: Thu, 13 Aug 2020 23:20:37 +0000
Message-ID: <aa5807fe6bba486f92f6afbcd3efb2d2@att.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.166.121]
x-tm-snts-smtp: 4774092C5330186F82CE1275720169F795F5BA475AB4EC3905EC7E9CC0C0C3C62
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-13_17:2020-08-13, 2020-08-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 bulkscore=0 mlxlogscore=999 spamscore=0 priorityscore=1501 phishscore=0 mlxscore=0 clxscore=1011 malwarescore=0 lowpriorityscore=0 impostorscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008130161
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/4p777G_b5lBwuN34rSXiqiHWPkQ>
Subject: Re: [RTG-DIR] [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 23:20:57 -0000
Hi, Much thanks Adrian for your review! Without getting into the debate on the term itself, I don't think MITM is concise enough. In RFC3552, MITM is just one of multiple active attack possibilities. Same for Injector, it also is an active attack. It's not simply MITM vs. injector. Stewart is correct - on-path can be an observer (passive). I think we need to define per RFC3552, not the Network Time Protocol threat model. It would be better to align with the security terms and use on-path /off-path vs. internal/external. I think this is part of the confusion as the definition of internal in the document is mixing with the definition of MITM in RFC3552. The checked items in Figure 1 are not MITM (they could be done by a MITM), they are basically message modification (RFC3552). So I'm actually not sure the value of this breakdown of MITM vs. Injector? These terms are only used in 5.1 and Figure 1, they are not used in the rest of the document. Suggest it would be more accurate to simply say "active" (document already has the term in 5.1) and remove these terms/breakdown in Figure 1. Same for internal/external, they are not used in the rest of the document. Section 5.1 has the terms "active" and "passive" but doesn't define them. Need to define. The document is very comprehensive - congrats to the authors and the working group! With the couple of fixes to sort out the definitions in Section 5, it will be ready for the super scrutiny during Last Call/Sec ADs😊 Thanks, Deborah (recovering after a week without power) -----Original Message----- From: Adrian Farrel <adrian@olddog.co.uk> Sent: Friday, August 7, 2020 1:10 PM To: 'Stewart Bryant' <stewart.bryant@gmail.com> Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 I can't decide whether to get into this or not 😊 My review said, "It would be nice to avoid," not, "You must avoid." The review is principally for the AD, and they will tell you whether you need to action this. I made a constructive suggestion of an alternative phrase, but you are allowed to choose others. The thing about the term "man-in-the-middle" is not that it is directly making a specific man appear evil, it is that it associates the word "man" with the concept "evil" and therefore subtly changes the long-term perception of "man". There is, in fact, nothing about this type of attack that is specific to a man, and not all attackers are men, nor are all men attackers. This is a minor issue for me, and (to some extent) I wanted to experiment with draft-knodel-terminology to see what reaction it would get if the changes it suggests were made as a request rather than as an order. Cheers, Adrian -----Original Message----- From: Stewart Bryant <stewart.bryant@gmail.com> Sent: 06 August 2020 13:52 To: Adrian Farrel <adrian@olddog.co.uk> Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: Re: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 > --- > > It would be nice to avoid the term "man-in-the-middle" (and coresponding > "MITM") in favour of the term "on-path attacker". It is less problematic > as a term, and no less accurate. > > Although "man-in-the-middle" is well established, I think you could > easily avoid it and if you feel necessary you could use "An on-path > attacker (formerly known as a man-in-the-middle) ..." I sort of understand why you want to change MITM, although given that the man you have in mind is evil I am not sure whether it is that objectionable in this context. However I am not sure on-path is the right term. MITM normally implies an entity that can modify traffic in flight, whereas an on path attacker may simply be an observer. Maybe AITM (attacker ....) would be a better gender neutral term. Stewart
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… BRUNGARD, DEBORAH A
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Grossman, Ethan A.
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Stewart Bryant
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Grossman, Ethan A.