IETF Logo Mail Archive

Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 02 September 2015 22:17 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9479C1B37C7 for <saag@ietfa.amsl.com>; Wed, 2 Sep 2015 15:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAurCQRl35i7 for <saag@ietfa.amsl.com>; Wed, 2 Sep 2015 15:17:07 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 664631B3485 for <saag@ietf.org>; Wed, 2 Sep 2015 15:17:07 -0700 (PDT)
Received: by wiclp12 with SMTP id lp12so33337382wic.1 for <saag@ietf.org>; Wed, 02 Sep 2015 15:17:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DFgXJfibdOTq+q5KeUkB6TmzUMcX20bgZiANjs0PKi4=; b=rNsjtXD/LrnwcH+wVc4BsjIF2fs1ed4k9B25iGmkINWAo/wurUJI8pcUOgJk6kMR5t FjtMKzo/cnUs+8IgmXiC5/giHvFKHEUz9nGf6y9uCvdVBAis3FAmPDzvXbEQB5pqbQsH si6szBfOMp2Xnl/Kg2aZcpj3xaSnRZzqSN9p1vByisciNI8DJtlKbu7GMFWffKtqEM7Y SIfJEHo8pKAyVdsgSCW+4TkoCBJcRV7SePfI84hREnGJssdJ7qqF6LW4a7xzXuNL8jcM K3hLOdojxFDgDBRqMfXCh1qbAghx/HlBwbVSeCg12Qnk3YxSUhxIP/KCGN8UxvAkhj8s SwZg==
MIME-Version: 1.0
X-Received: by 10.180.86.231 with SMTP id s7mr7569054wiz.90.1441232225940; Wed, 02 Sep 2015 15:17:05 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Wed, 2 Sep 2015 15:17:05 -0700 (PDT)
In-Reply-To: <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
Date: Wed, 02 Sep 2015 18:17:05 -0400
Message-ID: <CAHbuEH4SFdp1Mu51+Cn7oAuAfM6qp3PdCgykzgtvoBdAKXstZQ@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/_mT_JeLBRNZrL8-5KD0_AiTLeGo>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:17:09 -0000

On Wed, Sep 2, 2015 at 6:06 PM, Barry Leiba <barryleiba@computer.org> wrote:
> (Responding to the thread in general, not to VIktor's note in particular.)
>
> I honestly don't see why this issue is relevant to agility at all, and
> I would just strike the mention altogether, as I don't think it
> affects the point that we need to have the ability to change
> algorithms baked into the protocol and designed into the software.
>
> The point of OS is to negotiate the best security we can, and be
> willing to accept a certain minimal security level, where the
> definition of what's minimally acceptable will change from one
> situation to another.
>
> Algorithm agility can help us achieve that, and that might be worth
> saying.  But whether in a particular OS situation we care willing to
> negotiate something that we'd otherwise consider deprecated is a
> question unto itself, not one that guidance on algorithm agility needs
> to discuss.

In general, I would agree, but after doing much reading and following
this thread, I think this is important text.  There are specific
caveats to using deprecated crypto with OS and they are important to
understand so that we don't wind up with an overly general explanation
that says "it's okay to use deprecated crypto with OS".  It is, but
only in certain situations.  I don't think this has been clear enough,
so the updated text is helpful.

Thanks,
Kathleen

>
> Barry
>
> On Wed, Sep 2, 2015 at 12:01 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>> On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:
>>
>>> I think the proposed text is a lot better than what was there and I think
>>> there is consensus around it.  Once you get more specific, then you are
>>> moving away from what was agreed upon in the OS draft.  Doing that would
>>> require quite a bit more discussion.
>>>
>>> The proposed text reads well to me and keeps us more consistent - use of
>>> weaker crypto for OS is limited to legacy deployments and is not okay for
>>> authenticated and encrypted sessions for OS, just unauthenticated.  If
>>> you have a proposal for text that keeps within the space where I think we
>>> have consensus, then I'm okay with change otherwise I'm not.  It might
>>> take reading through this draft and the OS RFC, once that has been done,
>>> this text makes sense... Reading big through the discussion on this over
>>> the past week or so may help as well.
>>
>> I am not saying the proposed text is wrong on its substance, rather
>> I am a somewhat concerned about what seems to be misplaced emphasis.
>> I think Sam agrees along essentially the same lines.
>>
>> I've not suggested a specific remedy, just throwing ideas out there
>> and hoping they might be useful.
>>
>> In part I don't think I should be the only one doing all the
>> explaining of OS, it is best if others can make additional
>> contributions to the formulation of a refined consensus in this
>> area.
>>
>> It would I think be better to note that OS (when unauthenticated
>> and provies only passive protection) is not fundamentally about
>> use of weaker crypto.  Rather it is about doing as much better than
>> cleartext as one can, and agility is helpful, but more quickly on
>> the uptake of new algos than deprecation of legacy algos, because
>> interop considerations and avoiding cleartext trump the urgency of
>> deprecating weak crypto.
>>
>> That said, that's just how I see it, and I don't want force my
>> formulation on everyone else, so if there are other ways to improve
>> the text (change of emphasis) that's fine.
>>
>> --
>>         Viktor.
>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email