Re: [saag] Would love some feedback on Opportunistic Wireless Encryption

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 26 August 2015 17:01 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C0BA1B2E08 for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 10:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wl3xMspxEQrk for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 10:01:39 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 883191B2DE6 for <saag@ietf.org>; Wed, 26 Aug 2015 10:01:39 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id A4643284D26; Wed, 26 Aug 2015 17:01:38 +0000 (UTC)
Date: Wed, 26 Aug 2015 17:01:38 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150826170138.GB9021@mournblade.imrryr.org>
References: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/kKjxo-_INBk4GDN_mgCUb_w3LDQ>
Subject: Re: [saag] Would love some feedback on Opportunistic Wireless Encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 17:01:41 -0000

On Wed, Aug 26, 2015 at 10:53:07AM -0400, Warren Kumari wrote:

> I'm not sure that SAAG is the right place for it, but I couldn't think
> of anywhere better.
> 
> https://tools.ietf.org/html/draft-wkumari-owe-01

I'm concerned that the proposal still leaves even purely passive
adversaries able to decrypt all traffic that begin during the
passive traffic collection interval.  This is considerably weaker
than many other opportunistic security protocols.  With no protection
against a passive adversary who started monitoring before the victim
joins the network, is this still worth doing?

-- 
	Viktor.