IETF Logo Mail Archive

Re: [saag] Additions to RFC 3631?

"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Wed, 23 May 2012 12:42 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E5B21F86E5 for <saag@ietfa.amsl.com>; Wed, 23 May 2012 05:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nu29qyYCrbpZ for <saag@ietfa.amsl.com>; Wed, 23 May 2012 05:42:03 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 645EF21F86EA for <saag@ietf.org>; Wed, 23 May 2012 05:42:02 -0700 (PDT)
Received: (qmail 23548 invoked by uid 0); 23 May 2012 12:42:01 -0000
Received: from 62.159.77.165 by www051.gmx.net with HTTP; Wed, 23 May 2012 14:42:00 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Wed, 23 May 2012 14:42:00 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu>
Message-ID: <20120523124200.17700@gmx.net>
MIME-Version: 1.0
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu>
To: Steven Bellovin <smb@cs.columbia.edu>, saag@ietf.org
X-Authenticated: #29516787
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX18oO6Ur168os8gxh+jvowAFGzd39LSJ6S7bHuk3D3 Gma178jb0eKqQWaYk4m1Qc+3mMTvPEcwMcoQ==
Content-Transfer-Encoding: 8bit
X-GMX-UID: T77Ob45neSEqNpIAqXUhnVV+IGRvb8AJ
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 12:42:05 -0000

Hi Steve, 

to me it is not clear who the target audience of the document is and what purpose it serves. 

The early part of the document contains a threat model discussion. That's good but I believe that the writeup in BCP 72 is more useful. 

There is a laundry list of security mechanisms in Section 3. Do you expect that someone who does not know these mechanisms already to go through this list and pick one for their new protocol design?

Then, Section 4 talks about things one shouldn't do. Those are great suggestions but we actively do them today in the IETF. For example, I have been complaining about the work in the INTAREA were folks are define new ways to do IP address-based authentication in light of the widespread NAT deployments (see my comments to the list last year http://permalink.gmane.org/gmane.ietf.int/3016). 

As you stated on the mailing list: 
> 3631 says "if you want to put security into a protocol, 
> here are the best choices we have today".

Is this really how we approach protocol design today? I don't think so.

There are two classes of protocol designs: 

1) Extensions to existing protocols (DNS, email, routing protocols, etc.)
There you have to work with what is available already and your choices are impacted by the deployment. The improvements tend to be minor and speed of deployment is slow. 

2) For new protocol designs, many focus on using HTTP/HTTPS as a starting point. Almost all protocols I have seen have the need for offering the classical communication security features and TLS is the main building block. Everything beyond that is typically tough and quite difficult to describe in a generic fashion. 

On top of that I am not even sure that the process we have for tackling security in the IETF is actually as successful as we would like it to be. We typically consider the security consideration section writeup as the crucial part but I am wondering whether others had looked at the broader picture on where things went well and where they didn't. In fact, I would be far more interested to hear where the problems really are rather than producing another hitchhiker's guide to IETF security protocols. 

In any case, I will not stop you from shipping an update (which I am not sure you can even do that given it is an IAB document) but I doubt that it will have the desired impact. 

Ciao
Hannes

-------- Original-Nachricht --------
> Datum: Fri, 18 May 2012 22:31:39 -0400
> Von: Steven Bellovin <smb@cs.columbia.edu>
> An: IETF Security Area Advisory Group <saag@ietf.org>
> Betreff: [saag] Additions to RFC 3631?

> Does anyone have any suggestions for additions or corrections to RFC 3631?
> It looks to me like it's held up pretty well, save for newer versions of
> some of the protocols.
> 
> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb
> 
> 
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email