[saag] draft-richardson-saga-onpath-attacker-02.txt...
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 16 August 2021 19:29 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 709233A094B
for <saag@ietfa.amsl.com>; Mon, 16 Aug 2021 12:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id aqUp8e9V8tXo for <saag@ietfa.amsl.com>;
Mon, 16 Aug 2021 12:29:12 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca
[IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A06223A094A
for <saag@ietf.org>; Mon, 16 Aug 2021 12:29:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by tuna.sandelman.ca (Postfix) with ESMTP id A1C3738996
for <saag@ietf.org>; Mon, 16 Aug 2021 15:34:08 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 6eNHhuzzjDGj for <saag@ietf.org>;
Mon, 16 Aug 2021 15:34:03 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247])
by tuna.sandelman.ca (Postfix) with ESMTP id F3BCA38994
for <saag@ietf.org>; Mon, 16 Aug 2021 15:34:02 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1])
by sandelman.ca (Postfix) with ESMTP id 999938D5
for <saag@ietf.org>; Mon, 16 Aug 2021 15:29:02 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: saag@ietf.org
In-Reply-To: <162901088622.10936.6008123665000044575@ietfa.amsl.com>
References: <162901088622.10936.6008123665000044575@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;
<'$9xN5Ub#
z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Mon, 16 Aug 2021 15:29:02 -0400
Message-ID: <3197.1629142142@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/t5a6VD-D-CSAWb4nl6zw0OAg7O8>
Subject: [saag] draft-richardson-saga-onpath-attacker-02.txt...
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>,
<mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>,
<mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 19:29:19 -0000
IETF Secretariat <ietf-secretariat-reply@ietf.org> wrote: > Name: draft-richardson-saag-onpath-attacker Title: A taxonomy of > eavesdropping attacks State: I-D Exists Expires: 2021-08-26 (in 1 week, > 3 days) What I heard three weeks ago was: 1) trying to re-TLA MITM is not desired. 2) this is all bikeshed, but maybe it's worth having that discussion once here. 3) that there are many many more attacks than just the onpath/offpath/in-the-rough. ---- I will revise the document to tend towards active onpath, passive onpath, and offpath. I will retain the TLA MITM, and explain the historical meaning, but deprecating it. This is as much for "SEO" benefit as anything. I think the document should Update RFC4949 via "Extends" (that's in 02) (and I'll put in Updates Consideration section discussed elsewhere) To me, the attacks that involve correlating flows and the like are a kind of second order attack. I would be happy to include text about it, but I'm not sure what to say. My understanding of this part is that a protocol could have effective defence against an active onpath attacker for a single flow, but that there could be some other attack that involves correlating flows. Pull request to git@github.com:mcr/saag-onpath-attacker.git On the other hand, I have a lot of things to do, so I'd appreciate being told if you think this is a waste of time. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [saag] draft-richardson-saga-onpath-attacker-02.t… Michael Richardson