Re: [saag] should we revise rfc 3365?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 29 May 2012 15:50 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B11D21F86DD for <saag@ietfa.amsl.com>; Tue, 29 May 2012 08:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.93
X-Spam-Level:
X-Spam-Status: No, score=-101.93 tagged_above=-999 required=5 tests=[AWL=0.669, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HywdWFhaB6U for <saag@ietfa.amsl.com>; Tue, 29 May 2012 08:50:56 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id C791321F86D8 for <saag@ietf.org>; Tue, 29 May 2012 08:50:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id B962C15396B; Tue, 29 May 2012 16:50:53 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1338306652; bh=byqSDoBbuGO011 OCRuWhUx1m6KSMFc5Jw1oyFtg+VU8=; b=yrjBKXpy781qbHE3GUNp+FCAvzVB+L GtPA6iw1ZAcCzvSedZdMD/U8NZu8OlxvDIZAAOqEWuAxSuMrb8lNXYGQ/82YhNFF ZW9dKrkx+kH/BmKTzUQu5OCfDcf6ZAo6cEfZW+m+UIhBtm7U8n16oyv68qbOWMhv +8WAP3o1v71rff84NQvZetaZc5cxiv5yx45yxfsmSMQLEsUh+IxzzP5P11BKFV52 25y9bTYMrD42hTIhncvO8gh+/XZ0U7u8E78YmxPDktLDcq4WvPy4gIHpSFVFx1in Gd6q5WdwgV9zV4qzuM9aqZ5DyDYAx1YFl8ar8p6GgwKC4GpogMIk7XHg==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id iCDKU9RE--em; Tue, 29 May 2012 16:50:52 +0100 (IST)
Received: from [IPv6:2001:770:10:203:746a:67db:b7ac:1c60] (unknown [IPv6:2001:770:10:203:746a:67db:b7ac:1c60]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 0CA40153947; Tue, 29 May 2012 16:50:51 +0100 (IST)
Message-ID: <4FC4F05B.2090907@cs.tcd.ie>
Date: Tue, 29 May 2012 16:50:51 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
References: <4FBD6A78.2070204@cs.tcd.ie> <999913AB42CC9341B05A99BBF358718D017BA225@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D017BA225@FIESEXC035.nsn-intra.net>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: saag@ietf.org
Subject: Re: [saag] should we revise rfc 3365?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 15:50:57 -0000
On 05/24/2012 08:47 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > Hi Stephen, > > This is a good discussion question. But isn't lighting up the list. That's ok. If folks don't find this pressing, then I guess we continue as usual. > On the MTI issue: As someone who had been arguing with you in OAuth > about the MTI topic I am obviously interested to get a resolution on > this one. > For others who had skipped the discussions in OAuth here is a pointer to > my summary: > http://www.ietf.org/mail-archive/web/oauth/current/msg08019.html Right. I ended up in the rough there but of course still think I was right and the WG were wrong:-) > I also noticed that some protocols do not necessarily have a realistic > security solution. The reasons are, however, often complex. > > SIP, for example, has taken quite a different deployment route than many > of us had thought and consequently security had been impacted by this > development as well. I don't even know where to start when talking about > the challenges for SIP security. There is a huge mixture of business > models (e.g., SBCs, interconnection models), technical & user interface > challenges, the attempt to replicate the PSTN (with all it the features) > and the rise of the Web. > > It is difficult to say what the right time is to conclude that something > had gone wrong and needs to be fixed or whether the time for a specific > protocol just had not come yet. I have this discussions periodically > with the mobility guys (and there is plenty of exciting security work > had been done with essentially zero deployment). Mobile IP is a > particularly interesting case since the security components are the > heaviest part in the protocol and the question arises whether the choice > of security technology has actually lead to the lack of deployment. So are you arguing that we ought stage "compliance" with 3365 somehow? Even for standards track specs? I think I'd push back against that on the basis that it'd be hard to believe a load of WGs would properly consider security but not produce the goods until after their main work is done. It'd also be bolt-on security as well I guess, which often turns out badly. (Though fictional security is also maybe just as bad.) > > On DHCP security: I have myself used the pointer to the DHCP security > document knowing that it is not implemented nor deployed. The good thing > about many DHCP extensions is that they do not get deployed and so there > isn't a lot of harm after all. Nice! I may use that quote later, when you're not expecting it:-) S > > Ciao > Hannes > >> -----Original Message----- >> From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf > Of >> ext Stephen Farrell >> Sent: Thursday, May 24, 2012 1:54 AM >> To: saag@ietf.org >> Subject: [saag] should we revise rfc 3365? >> >> >> Hi all, >> >> Short version: go read the RFC and say if you think >> it needs an update. >> >> Long version: >> >> We've been talking about RFC 3261 but Sean and I >> have independently been thinking about whether >> there's work to be done on RFC 3365 [1] from >> 2002 which is the one that basically says you >> "MUST implement strong security in all protocols" >> and for very good reasons. >> >> First, we are *not* proposing to back off from that >> general position. (We'll say that again in a >> minute in case you missed it:-) >> >> Since 2002 however, we've seen some cases where >> this might end up being a bit counter-productive >> or where its not clear if or how 3365 applies. >> >> DHCP AUTH [2] is frequently cited in DHCP >> security considerations. However, this is pure >> fiction, nobody uses it at all, and I'm not >> sure if anybody even implements it. >> >> SIP e2e security [3] is well defined and has >> been implemented, but is ubiquitously unused, >> even though other SIP specifications tend(ed) >> to refer to it as if it solves their problems. >> >> FLUTE [4] is a uni-directional protocol, that >> RECOMMENDS transport mode ESP, but where its not >> clear that you could sensibly do automated key >> management, if you really only have one-way >> connectivity. (Just including this one to show >> not all of 'em are as obvious as the above.) >> >> In the purely fictional cases, there is a cost >> for developers clearly, but also a potential >> security downside, if there's a bunch of relatively >> untested code being deployed, or if some but not >> all people know which things are fictional and >> which not. >> >> In these cases the trade-off seems to be between >> specifying MTI security vs. truth-in-advertising. >> Some of these are easy, (dhcp maybe), others are >> less easy (flute). >> >> Truth-in-advertising seems like its a good thing, >> but its hard to see how to get that without also >> creating a future where lots of drafts say "we >> don't do security because nobody would use it." >> >> I'm sure there are more existing cases along >> those lines. >> >> >> Separately, we're seeing a number of cases where >> something that is like, but is not, e2e security is >> being proposed. For example, for inserting adverts >> in IPTV [5], for supporting SSL accelerators [6] >> and perhaps in the near future, for so-called >> "tusted proxies" in HTTP/2.0 [7]. >> >> Again, there are probably more cases of this, but >> here the trade-off seems mainly to be between what >> are real use cases (sometimes already widely >> deployed) and e2e security. >> >> >> Our question to you: is it time that we revised >> RFC 3365 to say something about these issues, or >> more generally? >> >> If so, then how? (Bearing in mind that we are *not* >> open to a revision that neuters the position taken >> in 3365.) >> >> If you think RFC 3365 is still just fine and we >> should not try revise it, then saying that would >> also be good. >> >> If a substantive discussion emerges we'd hope to >> talk about that in Vancouver in July, so nothing >> precipitous will happen. If this is greeted by >> silence, then we'll take it that you all like >> RFC 3365 and don't want us to do anything (except >> keep on pushing back when people don't specify >> mandatory-to-implement security:-) but that >> will continue to be problematic in cases like those >> mentioned above, so we may not be getting the >> best outcomes at the moment in such cases. >> >> Thanks, >> Stephen and Sean. >> >> [1] http://tools.ietf.org/html/bcp61 >> [2] http://tools.ietf.org/html/rfc3118 >> [3] http://tools.ietf.org/html/rfc3261 >> [4] https://datatracker.ietf.org/doc/draft-ietf-rmt-flute-revised/ >> [5] https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-for- >> rtp/ >> [6] > https://datatracker.ietf.org/doc/draft-ietf-appsawg-http-forwarded/ >> [7] http://lists.w3.org/Archives/Public/ietf-http- >> wg/2012AprJun/0085.html >> >> >> >> >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > >
- [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Steven Bellovin
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Nico Williams
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Nico Williams