IETF Logo Mail Archive

Re: [saag] draft-mm-wg-effect-encrypt-03

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 18 October 2016 01:50 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3585C129483 for <saag@ietfa.amsl.com>; Mon, 17 Oct 2016 18:50:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fI_4E3sKSNrd for <saag@ietfa.amsl.com>; Mon, 17 Oct 2016 18:50:22 -0700 (PDT)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3615129498 for <saag@ietf.org>; Mon, 17 Oct 2016 18:50:21 -0700 (PDT)
Received: by mail-vk0-x22f.google.com with SMTP id b186so199904674vkb.1 for <saag@ietf.org>; Mon, 17 Oct 2016 18:50:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+z7Fv8zl/SxwT8F0xxwWUFPTNcm+w3DHJk2DKFvgIX0=; b=Nl4Ny/1Szd2JGdTk53it/GHrRGymoFM+VGubyHSyInDm/iN19+PNe49+Dqp/MsEpex fHpVrk5rDU8kuY2AhAEN78h1TYPTzSzNJZQsWjOP+t8ERP3rvDeU27W4ixPF416HefEl bno2E+oFcx7roPtmOouCt4/toKI9+MM/Fb6ivClxyXRT+KdZQ2H6YZtDEH+wqelYnf40 q6scSfsXo0lV4PRTtnO/PQWW3/sjaChsXA2/DjENpw6e8IKf4ExW6fAbBdORoFwbo0jk rT7J783NWXejlP6pM59fOWQ98xNAJgc/gYYZPCumRA/4x5JHLEw48ec03Fv+tOIXfuUt Suow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+z7Fv8zl/SxwT8F0xxwWUFPTNcm+w3DHJk2DKFvgIX0=; b=HkXWk8Yd2irWLzP9sQoCfKcq+3wBlROZO7kv2PcVIet/TN0MWOPLxpklHXCzzhd19A 4cYrnBcbGF6L4lBtjf6eixoG7+reC8nMXTXLI+xnm3oFzVIlFBCIxugKZsitXNgcjGYe XO44X251N9WV0SHHvlF7K+NK4y32ZqMbvtaHjaR62PzRBqy2l8RRwGjFT7fCtDhHyU3r rdtJshyofRKkif0jmvyqPftZ1iyLdTNTXQ8rg29C0ntZ/T2NKR8A4WopWcVT+BHRoDwA U1tfDsqvSpVsRhiWoHGbfszzcmsxoBFk6Ks5oG5h0kOROUj+HHddNeipcZo45reWHHXt GQ2A==
X-Gm-Message-State: AA6/9RnFdEsMtJJYad14NFLFRDIKbqg12+Gh72MelI1USQBqfbkRfdJYbdqF2yyfyDQPPGceOVUe23UAONrVYg==
X-Received: by 10.31.87.133 with SMTP id l127mr443890vkb.152.1476755421003; Mon, 17 Oct 2016 18:50:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.82.68 with HTTP; Mon, 17 Oct 2016 18:50:20 -0700 (PDT)
In-Reply-To: <71f30bfd-ee8b-942a-4058-6f95b15a2b2e@cs.tcd.ie>
References: <1901933387.417923.1476328888389.ref@mail.yahoo.com> <1901933387.417923.1476328888389@mail.yahoo.com> <2122275166.97735.1476361683603@mail.yahoo.com> <4AF73AA205019A4C8A1DDD32C034631D45A1F2E5A4@NJFPSRVEXG0.research.att.com> <b1e82376-68b9-f2d5-d06e-225b84b5e9ba@cs.tcd.ie> <4AF73AA205019A4C8A1DDD32C034631D45A1F2E5A8@NJFPSRVEXG0.research.att.com> <71f30bfd-ee8b-942a-4058-6f95b15a2b2e@cs.tcd.ie>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 17 Oct 2016 21:50:20 -0400
Message-ID: <CAHbuEH7xgR4FB9Ctboo9CA0Gsy3YTWr0uzYnnELzFfV8Xt9m8w@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a114fa81c4a0593053f19ea14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ChYJrRYRLeN0y35idJ8DkZxmg2E>
Cc: "saag@ietf.org" <saag@ietf.org>, "MORTON, ALFRED C (AL)" <acmorton@att.com>
Subject: Re: [saag] draft-mm-wg-effect-encrypt-03
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 01:50:25 -0000

Hi,

I'll start with responding to this message and then will respond to ones
with text for possible edits to the suggestions.

On Sun, Oct 16, 2016 at 2:27 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hi Al,
>
> On 16/10/16 18:19, MORTON, ALFRED C (AL) wrote:
> >
> > Clearly, changes in current management practices will be needed,
> > and that process could be more efficient with constructive input
> > from all involved. Understanding the many gaps is the first step,
> > and IMO, what this memo is about.  No arguing for solutions,
> > MITM or otherwise.
>
> I agree. Figuring out what solutions are needed for n/w
> management given the fact of much more ciphertext is work for
> another day and for other documents and WGs.
>
> I think what makes this tricky is that people understandably
> tend to mix up current solutions and requirements, e.g. it is
> natural enough (but wrong) to think that because I do X today
> that that implies doing X is required (and hence language like
> "valuable" etc.).
>

Yes, agreed.  As the draft stands now, before these additions that point is
very clear.  The intent is to document the purpose of activities, what is
used now so that other methods might be identified to achieve the same
goal, possibly via an entirely different mechanism.


> We directly saw that in the recent TLS WG discussion of RSA key
> transport, which was kicked off by (I think) the same set of
> folks. In the end the TLS WG chairs saw a very clear consensus
> to stick with PFS and to not add back RSA key transport to
> TLS1.3, despite RSA key transport being a "feature" on which
> it appears some enterprise networks still seem to depend for
> some forms of "attacking"/deciphering traffic to/from their own
> TLS servers.
>

I agree entirely with the consensus, not to worry.  I'll comb through the
proposed text to make sure the intended approach for the draft is
maintained.


>
> I think another related thing we need to be careful about here
> are claims of utility for features where there is little or no
> (at least public) evidence but only assertion. For example, many
> of the claims I hear about the effectiveness of scanning outbound
> traffic seem dubious to me, so we'll want to try find evidence
> to backup claims along those lines too if we want this document
> to be of most use later on. (Or to qualify such things as being
> e.g. "current practices for which there isn't such good evidence"
> or something.)
>

Yes, agreed.  For attack detection, we can confirm with MILE, but from my
experience attackers use whatever they would like to hide their tracks, so
worrying about TLS and the ability to break it doesn't really help anyway
as they'll just use something else.  I don't think that seeing into TLS
traffic is necessary for attack detection (Note: I have led incident
response and security teams that are quite advanced and consulted with
other teams that are quite advanced more recently. )  We can confirm with
MILE and DOTS as well, this should give us feedback from multiple industry
sectors.


>
> Buy hey, that's why you get all those big bucks for being such
> good document editors/authors I guess:-)
>

Ha.

Thanks,
Kathleen


>
> Cheers,
> S.
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email