IETF Logo Mail Archive

Re: [saag] Revised version of draft-knodel-e2ee-definition

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 12 May 2023 00:43 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57E2DC17B32A for <saag@ietfa.amsl.com>; Thu, 11 May 2023 17:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqqyCXJUXukk for <saag@ietfa.amsl.com>; Thu, 11 May 2023 17:43:18 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE1B7C13736F for <saag@ietf.org>; Thu, 11 May 2023 17:43:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 387EB3898E; Thu, 11 May 2023 21:02:09 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Qgtqpqni2HIt; Thu, 11 May 2023 21:02:08 -0400 (EDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:40a:34ff:fe10:f571]) by tuna.sandelman.ca (Postfix) with ESMTP id 51B8E3898C; Thu, 11 May 2023 21:02:08 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1683853328; bh=Yid8FahBYTbGeXJOjXKfUIAycq7WrDeqRQyyEysqHEU=; h=From:To:Subject:In-Reply-To:References:Date:From; b=rAO8fV6tpNvRhrs0YGTv+aGCTiRqSR2nwhEQFa5Kjl9vQoKnNZNE75EP1wEpEqffv qLA1iwHdV75Q1L27vXSGMG9tpNBlmOqkqzi2zEEfPCyD3P2WQJCFtXGeUoLXWak0Dc jc0alONFhf3eAdmjmGsTwUmQjA8qduyl7ciDpOXy0dxVsLNDwoajpFaU8QwHY62jWz RAToiQSny4hd4XdffgpH1uiswF5o4X5xFgw/ogHJZPzMDOQrM9ZfvDViMENa0iOkth EhRe9rnz65Qa3OOxruEPAT6LLi+nYUn+64KScVbxWWfYehNE+gN79n4POXnyuFSV0w SM/QpZNpl4vRw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5C93A182; Thu, 11 May 2023 20:43:16 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Mallory Knodel <mknodel@cdt.org>, IETF SAAG <saag@ietf.org>
In-Reply-To: <51ff9b6a-2822-c4ca-bd74-bdcf98a222e6@cdt.org>
References: <CAGL5yWb=5MomKHwNKiEDph3kjrcbvonaL2ZEytGpKeNk7A87sQ@mail.gmail.com> <CABcZeBOzzOU-HDb2hmzcCipgiVqB6gACQMfo9GJsTT7UNw+eOA@mail.gmail.com> <CAGL5yWZsFnV1eSrrT2-7yh=0VhwqyQJL-RaEU33M2P9S9_KF=g@mail.gmail.com> <CABcZeBMKx6pPwUaXy05dP9nOvNST0_zX46ChqvApKC__HL9ELA@mail.gmail.com> <17a053ac-2b91-7fa0-ef5a-01fde9d2599f@cdt.org> <5564.1683828197@localhost> <51ff9b6a-2822-c4ca-bd74-bdcf98a222e6@cdt.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 11 May 2023 20:43:16 -0400
Message-ID: <19598.1683852196@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/aJTNKstoz8IzLz_vxHj2kqy89vs>
Subject: Re: [saag] Revised version of draft-knodel-e2ee-definition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2023 00:43:23 -0000

Mallory Knodel <mknodel@cdt.org> wrote:
    > On 5/11/23 2:03 PM, Michael Richardson wrote:
    >> Mallory Knodel <mknodel=40cdt.org@dmarc.ietf.org> wrote: > would be
    >> happy to explain more about why. But I wanted to offer these > (only,
    >> as I see it) options as a way forward in the hope of gathering >
    >> feedback from folks about what would truly best reflect an >
    >> IETF-consensus document on the question "what is e2ee"?
    >>
    >> I think that this is best answered by asking the "customer": In this
    >> case, it's other IETF (primarily) protocol writers.  (sure, non-IETF
    >> protocol writers will probably reference)
    >>
    >> As a writer, I would like to be able to describe certain aspects of a
    >> protocol as being e2ee.  It might be some parts a protocol are not.
    >>
    >> To this end (pun intended) we might get better traction by coming up
    >> with a taxonomy of ways in which parts of protocol are *not* e2ee
    >> encrypted.

    > If there are things that e2ee are not that aren't covered in this draft
    > in the converse, that would be useful to know.

It's e2ee only when none of converse things are true :-)

When talking about some protocol, we need the terminology of the converse
more than we need a airtight definition of e2ee.  Because the air always gets out.
We need to be able to describe the different holes by which the air leaks.

If you define e2ee as being *human* to *human*, then nothing is e2ee, as
humans just can't do key agreements in our head.
(At least, not yet: and even if we get augmented, those are still agents..
    https://quoteinvestigator.com/2013/01/31/live-fast/
    Live Hard, Die Young, Leave an Augmented Corpse)

We all need a computational agent to work for us.
There are all sorts of agents that can be deployed, and it would e2e between
the agents.  But, then someone else would say, "oh, no, that's not e2e, it's
*converse* term"

    >> One can easily describe many hop-by-hop encryption schemes where they
    >> operate at layer-1, layer-2 [MACSEC, WEP], layer-3 [IPsec, Wireguard],
    >> layer-4 [TLS,DTLS], up to layer-5/6 [smtp, Tor, HTTPS, SIP], layer-7
    >> [SMIME,PGP,MLS].
    >>
    >> It seems that e2ee is a relative term, and it depends a whole bunch of
    >> negatives.  OTH, when describing the properties of a protocol, it
    >> would be easier to just explain where the ends are that can be
    >> attacked.

    > It is an explicit goal that we remove that relativity with this draft.

Then, I think even if you can hold on to that through the review process, it
will become irrelevant ten minutes after the RFC comes out.

    > I think I've understood that the protocols you're primarily involved in
    > are e2e and they use encryption but they are not e2ee messaging, video,
    > audio, email, etc. So in that sense, we are out of your scope and I
    > think that's the main reason why it's not that useful.

No, I totally and completely disagree.
Everything I (and the IETF) did in 1995, in 2000, in 2005, in 2010, they were
all *AT THE TIME* bleeding edge work, and were all considered e2ee *at the time*.
PGP and SMIME are 35 year old e2ee email systems... until they are deployed
differently with the keys stored in someone else's server.

IPsec is e2ee at layer-3.
TLS is e2ee at layer-4/5.

But, neither they, nor SMIME are going to get audio to my BT headset in an
e2e fashion: that hop will be seperately encrypted.
Nor video to my monitor, or my eyes: that will get encrypted across the HDMI cable.
  In fact, that HDMI cable has been secured *AGAINST* us by the movie industry.
  So it's a really treasonous hop!

So, "messaging/video/audio" can never, according to your definition, be
actually e2ee.

OTH, if you were able to define the various "failures" to get to the end:
     1) smartapplication2smartapplication encryption
     2) host2host encryption (with application2application integrity?)
     3) sipserver2sipserver encryption (with host2host encryption of media)

(1) for instance, can be attacked by Google or Apple (or LG or Samsung or
    Huawei or ...) by changing the video and audio drivers.
    Plus, BT attacks if you are using a headset.
    Maybe also attacks via the baseband CPU on the audio channels.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email