IETF Logo Mail Archive

Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 02 September 2015 03:09 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6741B41C8 for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 20:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TXXbn9vbxOB for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 20:09:28 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66BFB1B3D7B for <saag@ietf.org>; Tue, 1 Sep 2015 20:09:27 -0700 (PDT)
Received: by qkdv1 with SMTP id v1so62522039qkd.0 for <saag@ietf.org>; Tue, 01 Sep 2015 20:09:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+j8s4cbSu3AMwJf2UGfOdPgF1uV3GF10H0Kpmn/WGKw=; b=LowVNgVhX3g9V8bp9XNFxQgU37GbNNUxQksBWDdO8qCf8cfaKxAEhX43gFsqVEaZru zLYuy1PENA87+eEv6F3BKixe2QnIeK8usPwbO+djxiLpgYT+dup4cZwdD5tsAMDcHd1y RMdFC/HfeMLQdE4hG1M1Bn4y10xA/NWNAfhGcAE3TTN4hbJmU3FuAvXGpNXlup4GwP51 iXof96gsa8zDCTbfYNC9zEPRypL/NQj+1wfK2r6CcgbfpeJbBCyd8fw0CmTLSXkfRQf/ +yoAgsSg/UKXF0iZq8YnpJQWmE50jIpvwMN7jtmIYAQvb8seRljChibTdcmJHvGGklXj NcRg==
X-Received: by 10.55.24.193 with SMTP id 62mr25386737qky.63.1441163366665; Tue, 01 Sep 2015 20:09:26 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by smtp.gmail.com with ESMTPSA id 70sm11982968qhd.40.2015.09.01.20.09.24 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Sep 2015 20:09:24 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <tsl8u8pmzta.fsf@mit.edu>
Date: Tue, 01 Sep 2015 23:09:23 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/zWgyjeOMobps71EpnTVxGioO6Gg>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 03:09:30 -0000


Sent from my iPhone

On Sep 1, 2015, at 8:26 PM, Sam Hartman <hartmans-ietf@mit.edu> wrote:

>>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:
> 
>>> I still think that the focus on just the weak(er) algorithms in
>>> OS is unfortunate.  Rather agility and OS work hand-in-hand to
>>> improve communications to the extent possible.  As new algorithms
>>> are deployed, opportunistic peers will autmatically start to use
>>> stronger cryptography.
>>> 
>>> Once new algorithms have largely displaced legacy algorithms, one
>>> can begin considering retirement of algorithms that used to be
>>> required for interoperability.  This process is likely to take
>>> longer for OS protocols/applications because interoperability
>>> carries greater weight when security is not a hard requirement
>>> and the alternative is cleartext.
>>> 
>>> So I'd like to see text that first emphasises the good news (over
>>> time agility improves the security of OS protocols).  Then the
>>> bad news (retirement of legacy crypto takes longer).  And finally
>>> notes that OS is not carte-blanche for weak crypto, new OS
>>> applications need to start with non-deprecated crypto, and legacy
>>> crypto needs to still be retired once no longer needed.
> 
>    Russ> The whole point of the document is to make it easy to migrate
>    Russ> from one algorithm suite to another more desirable one.
>    Russ> However, sometimes we want to keep an algorithm around that
>    Russ> would otherwise have been discarded to achieve opportunistic
>    Russ> security.  You seem to be trying to pull the points from the
>    Russ> rest of the document into this paragraph.
> 
> Russ, like Viktor, when I read the proposed text for section 2.9 I hear
> emphasis on supporting weak crypto for OS.  The text doesn't quite come
> out and say any of the following, but I find myself trying to come up
> with justifications for why I'd prefer weak crypto for OS.  Is it
> faster?  Is it more exportable?  By the time I get to the sentence that
> says stronger is still preferable, I'm so lost that it hardly registers.
> 
> I find the quoted paragraph sounds like it's trying to be more divergent
> with the rest of the document rather than complimentary.
> So, while perhaps literally doing what Viktor proposes and including all
> those points in 2.9 would be redundant, perhaps we can strive for
> something more consistent with his approach.
> 
> What the proposed text says is all consistent, it just reads wrong and
> at least to me and apparently Viktor implies things that I don't think
> we really mean.

I think the proposed text is a lot better than what was there and I think there is consensus around it.  Once you get more specific, then you are moving away from what was agreed upon in the OS draft.  Doing that would require quite a bit more discussion.

The proposed text reads well to me and keeps us more consistent - use of weaker crypto for OS is limited to legacy deployments and is not okay for authenticated and encrypted sessions for OS, just unauthenticated.  If you have a proposal for text that keeps within the space where I think we have consensus, then I'm okay with change otherwise I'm not.  It might take reading through this draft and the OS RFC, once that has been done, this text makes sense... Reading big through the discussion on this over the past week or so may help as well.

Thanks,
Kathleen 

> 
> I'm sorry I can't be more helpful.  I'm not trying to raise anything
> blocking, just hoping to help you better understand the explanation.
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email