Re: [RTG-DIR] [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
"Grossman, Ethan A." <eagros@dolby.com> Fri, 14 August 2020 16:36 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AF253A0E00; Fri, 14 Aug 2020 09:36:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwuaITXnKNts; Fri, 14 Aug 2020 09:36:04 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2094.outbound.protection.outlook.com [40.107.92.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2983A0D96; Fri, 14 Aug 2020 09:36:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cp+RfNVguiP1niA/DlswNHORrbvojYHbvGJMq/VrpytjUlR0EjtdFkrScLC6/J9evPnMogt030dKAVEGaXvxEbpk7xWh966c4BmGYXfBkFcQDJkgdv63h5CpLV3nz5WViPCyPM+LKE/KqOZnFLEgpi5NFKEtJx7OsultoZsO3cQ1kye80fNFIs6FSFPG1HaMgHaaTEh5zBokgjG8tNzsIUh6PCRhqSPkVyO5mDFeCVFBlze9JuppLEyOuKdoZYY3UtWl7qVSfFn3Kjg8Dh+PAdaKz4Nlx4+67p78y0p5O/DSwtAfQexfCnwrlNLn0hqEcbhUuNfElSj6YjwKEw9FaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11ZPBIY6yuCADYtW34tlcqyML0u7yzeloiMJX+iG91o=; b=B9zKimlzsTClBmWouERhPBLSNDLixfFmtcbPG1grs3L1i7As6t3NyiocVW4DXhTpnkhN/lpSpnqj/DVGwOzhOihLOr2MeJEA9DUvedE2kvUI5iSjHwGPu4oseic3BmvYaRNIw8bzXguv7M25GUZTaUB/4NIYuY6F28ORfhTsqlQeVlxbgoX5TLU61/D/vk76XoKtIVr8XP1Ev10MNw8W7lyk7qI95KFb4H181qXHEDUVURhArMifCWh7DzdNfPELxeZG3AjGokEQyeFLLFqUKYpugXT7oqIPoy2/KMjIG+q+8TKNKpOt65XuO0e+/107K47lF/ls4spvE55PwHNAsw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dolby.com; dmarc=pass action=none header.from=dolby.com; dkim=pass header.d=dolby.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11ZPBIY6yuCADYtW34tlcqyML0u7yzeloiMJX+iG91o=; b=ilGkqxeOORI4HEi4OeS/VWG/n5tn/7WHCTzfxdxp5+FCd/ytBZ+W0Cq4qqRicWbgfYM+6e5vsWg8WPUlbBZFZDXWLUdP0s9Fhnn/aWGo7TUvfJDmbYygfMAv25biUG7iDlBOBLm/rSoduoljLmPWvsWl0bkWc6265AXwCVlFiLQ=
Received: from BY5PR06MB6611.namprd06.prod.outlook.com (2603:10b6:a03:23d::20) by BYAPR06MB4245.namprd06.prod.outlook.com (2603:10b6:a03:5c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.22; Fri, 14 Aug 2020 16:36:01 +0000
Received: from BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84]) by BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84%4]) with mapi id 15.20.3283.018; Fri, 14 Aug 2020 16:36:01 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "BRUNGARD, DEBORAH A" <db3546@att.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'Stewart Bryant' <stewart.bryant@gmail.com>
CC: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-detnet-security.all@ietf.org" <draft-ietf-detnet-security.all@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
Thread-Index: AdZxxNsDm7IRxEpwSOWs8NSmXXLbSgAkisIA
Date: Fri, 14 Aug 2020 16:36:01 +0000
Message-ID: <BY5PR06MB661158C6BFF774D5F92738AEC4400@BY5PR06MB6611.namprd06.prod.outlook.com>
References: <aa5807fe6bba486f92f6afbcd3efb2d2@att.com>
In-Reply-To: <aa5807fe6bba486f92f6afbcd3efb2d2@att.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=none action=none header.from=dolby.com;
x-originating-ip: [104.129.202.56]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f3196fb1-b539-4454-be69-08d84070214f
x-ms-traffictypediagnostic: BYAPR06MB4245:
x-microsoft-antispam-prvs: <BYAPR06MB424551F57674786A279112C1C4400@BYAPR06MB4245.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /uOF7Kl+Ac+SCj3s/WpULJpNw/doiyeT/UiEvl/oBQQ1eRVKNlGBTc8btvtXLCvj0ALogsTmNustfBw1f+LEYJ5mo322YEkDj8URK6M91hPpWxiDkSUD8TQ2q8iMvHgOk0D6NFbPLAdZrW75gZv8E804weG5JCiieNgC1I3rK1Gq83n7copY+ii8KncRygGer7A9RvO6TFc98mM75yWexk3gP2KmZ3FVMnaryhZ0sr+bDmb2dJlbgnMZXifMDkI5evoDM2oT5VOic8jCZdoi/WbIAiV+LbFVduJ2SecNLdOPNOKPrYUXJkpcluETClNwy5QPsbgaCaDZRlmZWdjuZw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6611.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(396003)(39850400004)(366004)(136003)(376002)(54906003)(110136005)(71200400001)(5660300002)(478600001)(53546011)(316002)(52536014)(2906002)(7696005)(55236004)(9686003)(66446008)(66476007)(76116006)(66556008)(6506007)(4326008)(33656002)(26005)(64756008)(8676002)(86362001)(55016002)(83380400001)(186003)(15650500001)(8936002)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: AOxdDkkeBxy5Bq13u0Uzc7p9AKZO4gmtmkg2QGFEwBfqBxUMg68pkIElQhX3TYiM+KeRtdEFkYDoczFKfktf1Ld61qjriO7rmC0CR+WbvaAYKqel06q6UKRv1T0lnqhcBWqvt6GgTWyqxlLomJbq3GBHjLGc1XMqyxbOURb157nmUseO8Uftx/fT3wjJ8nmVOwrprlbMPA+ihH6Q26Jh76P+oBzmZhvKMm2NccoKGXNrdoEHJOeIKO3WWFb9ZrwO0SBn1w5ne5UUpDfG224WYajt4Z4uamDj3BXVzAvixOpeG1fyLGewKBNjH3lvrVpcQ0Xihq+wryacBGFQ+AnxB/SYQFpOJaNckjvjtvzt6J/rZxPbQyJ6OjMGwYVSSrCR/X94TSGwHnd3nyZUHlRgkSud/0Uq8ippchHOXCejkzHUtOXLCYmdTGhO7G8n9SefO3b2Es2CLQe8illoXdF7qVHNJORWoEKDqnYzejNOGs3E/srNESuWv9zBvqi5Oj7Qzwdgqzpoy8csGGPteLJDKxwCyolaPmGVEihnFq0fSEpJnXU2ejVI15phqtg0Hsv5T3/8DgMr4kV+GxyCUMMffeHnID/gKNijC17WhKlW1xAQbc7TFJ5yrQmjDGOiDJZZtHXOwBIHmrxciW5TQggknQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR06MB6611.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f3196fb1-b539-4454-be69-08d84070214f
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2020 16:36:01.1298 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: klSE116a40K3Ck7JYPvEqcu2vkBsTHBypfs6wmoVrcM2AyOhmgdp0o7Gs/DXrD13fP2pUYaAz7euvk7ad6aEuw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB4245
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/oZrzCw2sI7cAkNm63gkctOa0IRs>
Subject: Re: [RTG-DIR] [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 16:36:07 -0000
Hi Adrian, Deborah, WG, Today (as editor of the Security draft) I am attempting to address Adrian's review comments. Reading through them, several of them are basically out of my depth, and I'm not sure how I would fill in the requested details, for example questions along the line of "you can't just say "the appropriate [measures]" you have to tell them what to do". Is there any chance anyone on this thread who has more domain knowledge than I do could spend a little time with me to give me some concrete clues as to what could be said to address some of these items? I can do the wordsmithing, and even some background reading, but it would be extremely helpful to get a well-informed shove in the right direction. My strategy today is to first address the nits and other straightforward items, and then as I attempt the others I will send out emails to the WG proposing as much text as I can conjure up, and it would be great if I got any responses. But if anyone has time for an impromptu webconf session to review the items en masse that would be appreciated; I can set that up on the spot. Thanks, Your faithful servant, Ethan. -----Original Message----- From: BRUNGARD, DEBORAH A <db3546@att.com> Sent: Thursday, August 13, 2020 4:21 PM To: adrian@olddog.co.uk; 'Stewart Bryant' <stewart.bryant@gmail.com> Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Hi, Much thanks Adrian for your review! Without getting into the debate on the term itself, I don't think MITM is concise enough. In RFC3552, MITM is just one of multiple active attack possibilities. Same for Injector, it also is an active attack. It's not simply MITM vs. injector. Stewart is correct - on-path can be an observer (passive). I think we need to define per RFC3552, not the Network Time Protocol threat model. It would be better to align with the security terms and use on-path /off-path vs. internal/external. I think this is part of the confusion as the definition of internal in the document is mixing with the definition of MITM in RFC3552. The checked items in Figure 1 are not MITM (they could be done by a MITM), they are basically message modification (RFC3552). So I'm actually not sure the value of this breakdown of MITM vs. Injector? These terms are only used in 5.1 and Figure 1, they are not used in the rest of the document. Suggest it would be more accurate to simply say "active" (document already has the term in 5.1) and remove these terms/breakdown in Figure 1. Same for internal/external, they are not used in the rest of the document. Section 5.1 has the terms "active" and "passive" but doesn't define them. Need to define. The document is very comprehensive - congrats to the authors and the working group! With the couple of fixes to sort out the definitions in Section 5, it will be ready for the super scrutiny during Last Call/Sec ADs😊 Thanks, Deborah (recovering after a week without power) -----Original Message----- From: Adrian Farrel <adrian@olddog.co.uk> Sent: Friday, August 7, 2020 1:10 PM To: 'Stewart Bryant' <stewart.bryant@gmail.com> Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 I can't decide whether to get into this or not 😊 My review said, "It would be nice to avoid," not, "You must avoid." The review is principally for the AD, and they will tell you whether you need to action this. I made a constructive suggestion of an alternative phrase, but you are allowed to choose others. The thing about the term "man-in-the-middle" is not that it is directly making a specific man appear evil, it is that it associates the word "man" with the concept "evil" and therefore subtly changes the long-term perception of "man". There is, in fact, nothing about this type of attack that is specific to a man, and not all attackers are men, nor are all men attackers. This is a minor issue for me, and (to some extent) I wanted to experiment with draft-knodel-terminology to see what reaction it would get if the changes it suggests were made as a request rather than as an order. Cheers, Adrian -----Original Message----- From: Stewart Bryant <stewart.bryant@gmail.com> Sent: 06 August 2020 13:52 To: Adrian Farrel <adrian@olddog.co.uk> Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: Re: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 > --- > > It would be nice to avoid the term "man-in-the-middle" (and coresponding > "MITM") in favour of the term "on-path attacker". It is less problematic > as a term, and no less accurate. > > Although "man-in-the-middle" is well established, I think you could > easily avoid it and if you feel necessary you could use "An on-path > attacker (formerly known as a man-in-the-middle) ..." I sort of understand why you want to change MITM, although given that the man you have in mind is evil I am not sure whether it is that objectionable in this context. However I am not sure on-path is the right term. MITM normally implies an entity that can modify traffic in flight, whereas an on path attacker may simply be an observer. Maybe AITM (attacker ....) would be a better gender neutral term. Stewart
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… BRUNGARD, DEBORAH A
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Grossman, Ethan A.
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Stewart Bryant
- Re: [RTG-DIR] [Detnet] Rtgdir last call review of… Grossman, Ethan A.