Re: [saag] OS features/requirements analysis
Stephen Kent <kent@bbn.com> Tue, 15 April 2014 14:12 UTC
Return-Path: <kent@bbn.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCCD1A01D4 for <saag@ietfa.amsl.com>; Tue, 15 Apr 2014 07:12:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.173
X-Spam-Level:
X-Spam-Status: No, score=-1.173 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_44=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFWSHt7bQ1eB for <saag@ietfa.amsl.com>; Tue, 15 Apr 2014 07:12:46 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id F23651A01F4 for <saag@ietf.org>; Tue, 15 Apr 2014 07:12:45 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:58488 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Wa46M-0000Aw-Pw for saag@ietf.org; Tue, 15 Apr 2014 10:12:42 -0400
Message-ID: <534D3E5A.4090608@bbn.com>
Date: Tue, 15 Apr 2014 10:12:42 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: saag@ietf.org
References: <534C34DB.8020604@bbn.com> <20140414193648.GK18879@mournblade.imrryr.org>
In-Reply-To: <20140414193648.GK18879@mournblade.imrryr.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/s6_ksTp9YMRaTXi4TAPL1T8XD4Q
Subject: Re: [saag] OS features/requirements analysis
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 14:12:48 -0000
Viktor, On 4/14/14 3:36 PM, Viktor Dukhovni wrote: > ... > My take is that we need a more precise definition of "mandatory". > > - Mandatory to implement? > - Mandatory to prefer? > - Mandatory to use (negotiate)? Good question in the current environment. I'm old school IETF, so mandatory means mandatory to implement. Preferences and decisions to use are local matters. > At least with PFS, one might reasonably argue for the first two, > but requiring PFS use seems rather contrary to the "opportunistic" > mind-set of doing the best you can. If the peer only offers RSA > key transport, then that's what you go with. The peer's configuration > is then not marketable as fully "OS" enabled. > >> 3. Opportunistic security SHOULD (?) make use of key agreement (vs. key >> transport) and employ perfect forward secrecy (PFS). > Here, I would strongly suggest that being "opportunistic" the SHOULD > only covers "implementation" and "preference" for PFS, but does > not imply any mandate to use PFS (or else refuse to encrypt? Really???). Again, implementation. >> 5.Detection of a man-in-the-middle (MiTM) attacks is a desired, but not >> mandatory, feature. >> >> Rationale: If crypto-based authentication is successful, it provides >> detection of a MiTM attack (subject to the veracity of the credentials >> employed.) However, even if such authentication cannot be achieved, it may >> still be possible to detect a MiTM.MiTM detection is considered a lower >> priority than authentication, and is to be pursued only if the former >> security service is not available (or fails). Again, if a MiTM is detected, >> this event is NOT signaled to the user/application. > The above is a bit too restrictive for "opportunistic DANE TLS", > where one strives for downgrade resistance when possible, and may > well signal authentication failure to the user/application. Of > course the application needs to elect this mode of operation > (opportunistic with DANE). I think this needs to be discussed in a general context, not just for the cited example. A lot of folks seemed to feel strongly that the success or failure of opportunistic security ought bot be made visible to users/apps. Maybe they were thinking more about users than apps, and thus this feature should be tempered with that in mind. There was also a brief discussion of whether a server should be notified when a failure (authentication or MiTM detection) occurs, vs. silent acceptance on behalf of a client. Steve
- Re: [saag] OS features/requirements analysis Viktor Dukhovni
- [saag] OS features/requirements analysis Stephen Kent
- Re: [saag] OS features/requirements analysis Viktor Dukhovni
- Re: [saag] OS features/requirements analysis Stephen Kent
- Re: [saag] OS features/requirements analysis Viktor Dukhovni
- Re: [saag] OS features/requirements analysis Stephen Farrell
- Re: [saag] OS features/requirements analysis Stephen Kent
- Re: [saag] OS features/requirements analysis Viktor Dukhovni
- Re: [saag] OS features/requirements analysis Stephen Kent
- Re: [saag] OS features/requirements analysis Viktor Dukhovni
- Re: [saag] OS features/requirements analysis Stephen Farrell
- Re: [saag] OS features/requirements analysis Stephen Farrell