[saag] should we revise rfc 3365?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 23 May 2012 22:53 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E16411E80A4 for <saag@ietfa.amsl.com>; Wed, 23 May 2012 15:53:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.399
X-Spam-Level:
X-Spam-Status: No, score=-102.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nlK8E2RIsq5g for <saag@ietfa.amsl.com>; Wed, 23 May 2012 15:53:46 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 3B18721F84E1 for <saag@ietf.org>; Wed, 23 May 2012 15:53:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 7B989171F2D; Wed, 23 May 2012 23:53:45 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1337813625; bh=Nz0Zl8GbOw75oe630C2pURM+ BjnbbcG9ARM86OZoqFc=; b=6XcseFiir0dv3fUz5GmgParvA/IgmiQKJlNqnQrG UANBiKHfQ6zb9yocahtzhZ+1jE/TWKERj6x3KWLoGaXsp3p8iQuikzx6FH47l62o VubrcRl+iwOwfNixQVpbol+cACrbR1hD1myfDL8dn/L/qxXoYbvP/+AkDfIqAZ/b ugoulj6zgt2AMT/3R9kkvC/UtQ6wV4HKI+zjILEJPZTR9YIwwLy+cLap+SKj/6s5 4QeCUoiu6N2nJ2JdAlcpvcrOh1nfMLuep80NerZHQSn8MjNsMArCXWMlMfrYBfGf ykgSvvH9R/VBCcxY24eX8C8ItT3QEnucja+WRK7pZmtRFA==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 7dJ6y6ulxrpl; Wed, 23 May 2012 23:53:45 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.50.128]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id E19C6171C65; Wed, 23 May 2012 23:53:44 +0100 (IST)
Message-ID: <4FBD6A78.2070204@cs.tcd.ie>
Date: Wed, 23 May 2012 23:53:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "saag@ietf.org" <saag@ietf.org>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [saag] should we revise rfc 3365?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 22:53:47 -0000
Hi all, Short version: go read the RFC and say if you think it needs an update. Long version: We've been talking about RFC 3261 but Sean and I have independently been thinking about whether there's work to be done on RFC 3365 [1] from 2002 which is the one that basically says you "MUST implement strong security in all protocols" and for very good reasons. First, we are *not* proposing to back off from that general position. (We'll say that again in a minute in case you missed it:-) Since 2002 however, we've seen some cases where this might end up being a bit counter-productive or where its not clear if or how 3365 applies. DHCP AUTH [2] is frequently cited in DHCP security considerations. However, this is pure fiction, nobody uses it at all, and I'm not sure if anybody even implements it. SIP e2e security [3] is well defined and has been implemented, but is ubiquitously unused, even though other SIP specifications tend(ed) to refer to it as if it solves their problems. FLUTE [4] is a uni-directional protocol, that RECOMMENDS transport mode ESP, but where its not clear that you could sensibly do automated key management, if you really only have one-way connectivity. (Just including this one to show not all of 'em are as obvious as the above.) In the purely fictional cases, there is a cost for developers clearly, but also a potential security downside, if there's a bunch of relatively untested code being deployed, or if some but not all people know which things are fictional and which not. In these cases the trade-off seems to be between specifying MTI security vs. truth-in-advertising. Some of these are easy, (dhcp maybe), others are less easy (flute). Truth-in-advertising seems like its a good thing, but its hard to see how to get that without also creating a future where lots of drafts say "we don't do security because nobody would use it." I'm sure there are more existing cases along those lines. Separately, we're seeing a number of cases where something that is like, but is not, e2e security is being proposed. For example, for inserting adverts in IPTV [5], for supporting SSL accelerators [6] and perhaps in the near future, for so-called "tusted proxies" in HTTP/2.0 [7]. Again, there are probably more cases of this, but here the trade-off seems mainly to be between what are real use cases (sometimes already widely deployed) and e2e security. Our question to you: is it time that we revised RFC 3365 to say something about these issues, or more generally? If so, then how? (Bearing in mind that we are *not* open to a revision that neuters the position taken in 3365.) If you think RFC 3365 is still just fine and we should not try revise it, then saying that would also be good. If a substantive discussion emerges we'd hope to talk about that in Vancouver in July, so nothing precipitous will happen. If this is greeted by silence, then we'll take it that you all like RFC 3365 and don't want us to do anything (except keep on pushing back when people don't specify mandatory-to-implement security:-) but that will continue to be problematic in cases like those mentioned above, so we may not be getting the best outcomes at the moment in such cases. Thanks, Stephen and Sean. [1] http://tools.ietf.org/html/bcp61 [2] http://tools.ietf.org/html/rfc3118 [3] http://tools.ietf.org/html/rfc3261 [4] https://datatracker.ietf.org/doc/draft-ietf-rmt-flute-revised/ [5] https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-for-rtp/ [6] https://datatracker.ietf.org/doc/draft-ietf-appsawg-http-forwarded/ [7] http://lists.w3.org/Archives/Public/ietf-http-wg/2012AprJun/0085.html
- [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Steven Bellovin
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Nico Williams
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Stephen Farrell
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Mouse
- Re: [saag] should we revise rfc 3365? Joe Touch
- Re: [saag] should we revise rfc 3365? Nico Williams