IETF Logo Mail Archive

Re: [saag] Additions to RFC 3631?

Steve Crocker <steve@shinkuro.com> Mon, 21 May 2012 14:11 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2919821F859A for <saag@ietfa.amsl.com>; Mon, 21 May 2012 07:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.47
X-Spam-Level:
X-Spam-Status: No, score=-1.47 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DSL=1.129]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RR+zs4qcDB97 for <saag@ietfa.amsl.com>; Mon, 21 May 2012 07:11:44 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id 5DD2B21F854B for <saag@ietf.org>; Mon, 21 May 2012 07:11:44 -0700 (PDT)
Received: from [64.61.115.26] (account steve@shinkuro.com HELO [172.17.159.186]) by execdsl.com (CommuniGate Pro SMTP 5.1.16) with ESMTPSA id 20547602; Mon, 21 May 2012 14:13:15 +0000
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <D54BB652-9B1D-4A19-8F8F-AF288E4ADE24@cs.columbia.edu>
Date: Mon, 21 May 2012 10:11:41 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <1FD05DC1-A041-40B3-96B0-8C5EE944A108@shinkuro.com>
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu> <877gw69h81.fsf@latte.josefsson.org> <4FB9ECA4.3010904@gmail.com> <D54BB652-9B1D-4A19-8F8F-AF288E4ADE24@cs.columbia.edu>
To: IETF Security Area Advisory Group <saag@ietf.org>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Tue, 29 May 2012 09:46:00 -0700
Cc: Steve Crocker <steve@shinkuro.com>
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 14:11:48 -0000

I've been lurking and only following loosely, so I apologize in advance if the following is off the mark.

I was pleased to see mention of RFC 4086 on proper implementation of random number generation -- I am proud to be one of the co-authors -- but I thought the issue at hand is transition of crypto algorithms when current algorithms become obsolete.  This is a problem that occurs in all protocols that use crypto algorithms, and in my opinion we have underplayed this in our designs.  Every protocol that uses crypto should be designed with transition mechanisms built in -- and tested! -- on the assumption the protocol will outlive the current set of crypto algorithms.

Whether we adopt a generic way of doing this across protocols or a specific way for each protocol is a matter of discussion.  If we can't come up with a way to do it in a uniform way, then it's ok with me to have a separate way for each protocol.  In any case, I think it's important -- no, that's not strong enough -- essential to have a way of transitioning from current algorithms to future algorithms without disrupting service.  These transitions will usually take a fairly long time, five to ten years I think, so the process can be somewhat relaxed.  Relaxed does not mean undefined or vacuous.

Steve

On May 21, 2012, at 10:01 AM, Steven Bellovin wrote:

> As noted by others, RFC 4086 covers that.  It may also need improving; I haven't reread it recently.  However, even a pointer to it is out of place in 3631bis.  3631 is about protocol mechanisms; 4086 is about implementations.  Mouse Mouse's suggestions are more in the domain of 3365, which is security design philosophy.  3631 says "if you want to put security into a protocol, here are the best choices we have today".  My question is whether or not that list should be changed.
> 
> On May 21, 2012, at 3:20 04AM, Yaron Sheffer wrote:
> 
>> And a short section on crypto-grade random number generation. I would be glad to contribute it.
>> 
>> 	Yaron
>> 
>> On 05/21/2012 09:32 AM, Simon Josefsson wrote:
>>> Steven Bellovin<smb@cs.columbia.edu>  writes:
>>> 
>>>> Does anyone have any suggestions for additions or corrections to RFC 3631?
>>>> It looks to me like it's held up pretty well, save for newer versions of
>>>> some of the protocols.
>>> 
>>> I think channel bindings ought to be discussed, as a simple way to bind
>>> different layers together to avoid certain attacks.  It could be
>>> discussed in the SASL or GSS-API section.  Further, I think EAP as a
>>> protocol should be included in the list of standard security mechanisms.
>>> 
>>> /Simon
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>> 
> 
> 
> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb
> 
> 
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email