Re: [saag] Additions to RFC 3631?
Mouse <mouse@Rodents-Montreal.ORG> Sat, 19 May 2012 03:32 UTC
Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A5CE9E802A for <saag@ietfa.amsl.com>; Fri, 18 May 2012 20:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.388
X-Spam-Level:
X-Spam-Status: No, score=-7.388 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FO3M6cMCWUuY for <saag@ietfa.amsl.com>; Fri, 18 May 2012 20:32:00 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by ietfa.amsl.com (Postfix) with ESMTP id 3889B9E8025 for <saag@ietf.org>; Fri, 18 May 2012 20:32:00 -0700 (PDT)
Received: from localhost (localhost [[UNIX: localhost]]) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id XAA28531; Fri, 18 May 2012 23:31:58 -0400 (EDT)
Date: Fri, 18 May 2012 23:31:58 -0400
From: Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <201205190331.XAA28531@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
X-Composition-Start-Date: Fri, 18 May 2012 22:52:03 -0400 (EDT)
To: saag@ietf.org
In-Reply-To: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu>
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu>
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 May 2012 03:32:01 -0000
> Does anyone have any suggestions for additions or corrections to RFC > 3631? Yes. I, at least, do. > 2.2. A Word about Mandatory Mechanisms > We have evolved in the IETF the notion of "mandatory to implement" > mechanisms. [...blather about interoperability...] > It is important to understand that mandatory mechanisms are mandatory > to *implement*. [...] > Particularly with security > mechanisms, just because a mechanism is mandatory to implement does > not imply that it should be the default mechanism or that it may not > be disabled by configuration. If a mandatory to implement algorithm > is old and weak, it is better to disable it when a stronger algorithm > is available. If the point of a mandatory-to-implement mechanism is interoperability, allowing it to be disabled is a bad idea; it has pretty much the same effect on interoperability as not having it there in the first place: peers cannot count on its availability when speaking with peers they have no particular knowledge of. > 3.1. One-Time Passwords > One-time password schemes, such as that described in [RFC2289], are > very much stronger than conventional passwords. The host need not > store a copy of the user's password, This is true of only some OTP schemes (and those schemes are the weaker for it; any algorithmic relation between the passwords at all is a potential point of attack). Other OTP schemes require the host to store the user's password to exactly the same extent that reusable password schemes require the host to store their passwords. > nor is it ever transmitted over the network. Again, this depends on the OTP scheme; indeed, most OTP schemes I am aware of do indeed transmit the passwords used for authentication. If this discussion is really supposed to be restricted to RFC2289 designs, the punctuation in the introductory sentence is misleading; as quoted above, it says it's talking about OTP schemes in general, with RFC2289-style schemes cited as an illustrative example, not as a restrictive narrowing of the set of schemes being described. > 3.3. IPsec > The key management for IPsec can use either certificates or shared > secrets. For all the obvious reasons, certificates are preferred; > however, they may present more of a headache for the system manager. The statement that certificates "are preferred" is either false or incomplete, because certs are preferred only for certain classes of uses. For others, a shared secret is better - different uses, different tradeoffs. > 3.4. TLS > It's an unfortunate > reality that even server side authentication it not as secure in > practice as the cryptography would imply because most implementations > allow users to ignore authentication failures [...] If you want to cite "unfortunate realit[ies]", how about the one that it really is not all that difficult to get a cert for someone else's domain? I recall, for example, hearing about the number of certs for microsoft.com that had been issued to entities having nothing to do with Microsoft. > 3.8. Security/Multipart > Security/Multiparts [RFC1847] are the preferred mechanism for > protecting email. Again, asserting that a particular alternative is preferred is either false or incomplete. I, for example, have various reasons for preferring other tools for securing email in many cases. > The Digital Signature Standard [DSS] and RSA [RSA] are both good > choices; each has its advantages. [...] > [...]. DSS has much better performance than RSA for generating > new private keys, This runs counter to my experience with them within the context of ssh, for what little that may be worth. > 4.1. Plaintext Passwords > Plaintext passwords are the most common security mechanism in use > today. Unfortunately, they are also the weakest. When not protected > by an encryption layer, they are completely unacceptable. Again, this is either false or incomplete. There is a system I have been using since early 1992, and co-adminning since late 1992, that routinely uses reusable plaintext passwords over unsecured TCP connections over the open Internet (indeed, I don't think we have any other authentication mechanism available). For our purposes, that's entirely suitable, and I don't think it is for the IETF to tell us otherwise. Perhaps 3631 is writing strictly from the perspective of security mechanisms in new protocols being considered for IETF approval; my comments on 3.3, 3.8, and 4.1 do not apply then, but in that case I think the introductory text needs to be a good deal clearer. It's titled "Security Mechanisms for the Internet", not "Security Mechanisms for New IETF Protocols", after all. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Eliot Lear
- Re: [saag] Additions to RFC 3631? Mouse
- Re: [saag] Additions to RFC 3631? Simon Josefsson
- [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Mouse
- Re: [saag] Additions to RFC 3631? Simon Josefsson
- Re: [saag] Additions to RFC 3631? Stephen Farrell
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Eliot Lear
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Paul Hoffman
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Joe Touch
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Jeffrey Hutzelman
- Re: [saag] Additions to RFC 3631? Joe Touch
- Re: [saag] Additions to RFC 3631? Hannes Tschofenig
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] Additions to RFC 3631? Steve Crocker
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)