IETF Logo Mail Archive

Re: [saag] Additions to RFC 3631?

Steven Bellovin <smb@cs.columbia.edu> Wed, 23 May 2012 14:34 UTC

Return-Path: <smb@cs.columbia.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9B5721F86E5 for <saag@ietfa.amsl.com>; Wed, 23 May 2012 07:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Hi0ZjKB+Oal for <saag@ietfa.amsl.com>; Wed, 23 May 2012 07:34:17 -0700 (PDT)
Received: from paneer.cc.columbia.edu (paneer.cc.columbia.edu [128.59.29.4]) by ietfa.amsl.com (Postfix) with ESMTP id D3CA621F8736 for <saag@ietf.org>; Wed, 23 May 2012 07:34:16 -0700 (PDT)
Received: from [192.168.2.166] (74-92-112-54-Philadelphia.hfc.comcastbusiness.net [74.92.112.54]) (user=smb2132 mech=PLAIN bits=0) by paneer.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id q4NEY96A010977 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 23 May 2012 10:34:09 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Steven Bellovin <smb@cs.columbia.edu>
X-Priority: 3
In-Reply-To: <20120523124200.17700@gmx.net>
Date: Wed, 23 May 2012 10:34:08 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A61C9D8-1584-4A8C-95D8-A52963BB4A80@cs.columbia.edu>
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu> <20120523124200.17700@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1278)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.4
Cc: saag@ietf.org
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 14:34:18 -0000

Thanks for your comments.  I don't agree with all of them (more inline), but I should note that I have no plans to update 3631 myself.  I'm working on another project; it occurred to me that this laundry list of protocols -- it's a fine characterization -- was a good starting point for my recommendations.


On May 23, 2012, at 8:42 00AM, Hannes Tschofenig wrote:

> Hi Steve, 
> 
> to me it is not clear who the target audience of the document is and what purpose it serves. 
> 
> The early part of the document contains a threat model discussion. That's good but I believe that the writeup in BCP 72 is more useful. 
> 
> There is a laundry list of security mechanisms in Section 3. Do you expect that someone who does not know these mechanisms already to go through this list and pick one for their new protocol design?

Up to a point, yes.  It's not useful for people who know nothing of security, and it's redundant for folks who do security for a living.  It's useful, though, for people who know something of these mechanisms but are not sure which to use.
> 
> Then, Section 4 talks about things one shouldn't do. Those are great suggestions but we actively do them today in the IETF. For example, I have been complaining about the work in the INTAREA were folks are define new ways to do IP address-based authentication in light of the widespread NAT deployments (see my comments to the list last year http://permalink.gmane.org/gmane.ietf.int/3016).

The fact that folks are still doing them doesn't mean that we were wrong when we wrote 3631, merely that folks haven't paid enough attention to it.  In retrospect, I suspect we should have tried publishing it as BCP; were I still an AD or on the IAB, I'd suggest that for any updated version.
> 
> As you stated on the mailing list: 
>> 3631 says "if you want to put security into a protocol, 
>> here are the best choices we have today".
> 
> Is this really how we approach protocol design today? I don't think so.
> 
> There are two classes of protocol designs: 
> 
> 1) Extensions to existing protocols (DNS, email, routing protocols, etc.)
> There you have to work with what is available already and your choices are impacted by the deployment. The improvements tend to be minor and speed of deployment is slow. 

Retrofitting security to an existing system is one of the hardest tasks out there.  It's not even the deployment, it's the design choices already made that constrain things.  DNSSEC is a classic example.  No one loves it or even likes it, I suspect, but I don't know that it could have been better, given the basic structure and assumptions that date to the earl 1980s.
> 
> 2) For new protocol designs, many focus on using HTTP/HTTPS as a starting point. Almost all protocols I have seen have the need for offering the classical communication security features and TLS is the main building block. Everything beyond that is typically tough and quite difficult to describe in a generic fashion. 

That HTTP[S] is a basic building block is a separate problem; it's the new waist of the hourglass...
> 
> On top of that I am not even sure that the process we have for tackling security in the IETF is actually as successful as we would like it to be. We typically consider the security consideration section writeup as the crucial part but I am wondering whether others had looked at the broader picture on where things went well and where they didn't. In fact, I would be far more interested to hear where the problems really are rather than producing another hitchhiker's guide to IETF security protocols. 

Is it perfect?  Of course not.  I do think it's significantly better than it was 10-15 years ago.

3631 and BCP 72 (which my email archives show was initiated no later than 1999) were part of a process to improve the security of IETF protocols.  Another part was retargeting the security directorate to review all documents, and get at least some involvement early on in protocol design.  That part didn't work as well as I had hoped, at least back when I was AD, but it was far better than we'd had before.  That effort, though, was a fair number of years ago.  I've been rather disconnected from the IETF since 2005; I don't know what the current real issues are.  I'll leave it to the current IESG to figure out what to do next.  A more systematic study would indeed be a good idea.  (I know from private conversations that the Security ADs have at least some thoughts on the subject.)
> 
> In any case, I will not stop you from shipping an update (which I am not sure you can even do that given it is an IAB document) but I doubt that it will have the desired impact. 
> 
> Ciao
> Hannes
> 
> -------- Original-Nachricht --------
>> Datum: Fri, 18 May 2012 22:31:39 -0400
>> Von: Steven Bellovin <smb@cs.columbia.edu>
>> An: IETF Security Area Advisory Group <saag@ietf.org>
>> Betreff: [saag] Additions to RFC 3631?
> 
>> Does anyone have any suggestions for additions or corrections to RFC 3631?
>> It looks to me like it's held up pretty well, save for newer versions of
>> some of the protocols.
>> 
>> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> 


		--Steve Bellovin, https://www.cs.columbia.edu/~smb

v2.23.0 | Report a Bug | By Email