Re: [Sat] WG Last Call for comments: draft-ietf-satp-architecture-02
Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt> Tue, 12 March 2024 18:56 UTC
Return-Path: <rafael.belchior@tecnico.ulisboa.pt>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E34C14F5EA for <sat@ietfa.amsl.com>; Tue, 12 Mar 2024 11:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.007
X-Spam-Level:
X-Spam-Status: No, score=-7.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tecnico.ulisboa.pt
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9e9DweR7YOI for <sat@ietfa.amsl.com>; Tue, 12 Mar 2024 11:56:50 -0700 (PDT)
Received: from smtp1.tecnico.ulisboa.pt (smtp1.tecnico.ulisboa.pt [IPv6:2001:690:2100:1::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D87E3C14F5E0 for <sat@ietf.org>; Tue, 12 Mar 2024 11:56:47 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.tecnico.ulisboa.pt (Postfix) with ESMTP id 0C1266003007; Tue, 12 Mar 2024 18:56:37 +0000 (WET)
X-Virus-Scanned: by amavis-2.13.0 (20230106) (Debian) at tecnico.ulisboa.pt
Received: from smtp1.tecnico.ulisboa.pt ([127.0.0.1]) by localhost (smtp1.tecnico.ulisboa.pt [127.0.0.1]) (amavis, port 10025) with LMTP id 1mZvfWRVBMeI; Tue, 12 Mar 2024 18:56:34 +0000 (WET)
Received: from mail1.tecnico.ulisboa.pt (mail1.ist.utl.pt [IPv6:2001:690:2100:1::b3dd:b9ac]) by smtp1.tecnico.ulisboa.pt (Postfix) with ESMTPS id 2ED0B6003003; Tue, 12 Mar 2024 18:56:34 +0000 (WET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tecnico.ulisboa.pt; s=mail; t=1710269794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XsB4WRjvj0svB3IqLjQ0huv/iESFD+rYj5Ng02t8g5g=; b=i8LmCR4muTFNY03FkkoqWmqp2UnLwJ/ur48FF8OSTUdUEsy8/Nwuvx57goqUF5fVDv4d7z pkxfuYBZiqXZqtK4CMlPp8Aq56ejMWgJ4MFeFBMjjG+LVkm+8hDgC4PX7o9KmAd456zpOO /W5Vx/oQpqbDHVX/zXJtBgO6SBVkv0Q=
Received: from webmail.tecnico.ulisboa.pt (webmail3.tecnico.ulisboa.pt [IPv6:2001:690:2100:1::912f:b135]) (Authenticated sender: ist180970) by mail1.tecnico.ulisboa.pt (Postfix) with ESMTPSA id CDE31360093; Tue, 12 Mar 2024 18:56:33 +0000 (WET)
Received: from 2a02:2f05:f000:f000:4c4a:bb32:7d73:33b4 via vs1.ist.utl.pt ([2001:690:2100:1::33]) by webmail.tecnico.ulisboa.pt with HTTP (HTTP/1.1 POST); Tue, 12 Mar 2024 18:56:33 +0000
MIME-Version: 1.0
Date: Tue, 12 Mar 2024 20:56:33 +0200
From: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt>
To: Thomas Hardjono <hardjono@mit.edu>
Cc: VENKATRAMAN RAMAKRISHNA <vramakr2@in.ibm.com>, ladler2@bellatlantic.net, sat@ietf.org
In-Reply-To: <DM6PR01MB439526AD9219E9F0D2806936CB2B2@DM6PR01MB4395.prod.exchangelabs.com>
References: <yblbk7nh517.fsf@wx.hardakers.net> <017d01da7498$6c7d8f70$4578ae50$@bellatlantic.net> <SJ0PR15MB513247E0DC4DBCC3EA3AB0DAB82B2@SJ0PR15MB5132.namprd15.prod.outlook.com> <DM6PR01MB439526AD9219E9F0D2806936CB2B2@DM6PR01MB4395.prod.exchangelabs.com>
User-Agent: Roundcube Webmail
Message-ID: <68d529a7309f69bc05969e8a4878f003@tecnico.ulisboa.pt>
X-Sender: rafael.belchior@tecnico.ulisboa.pt
Content-Type: multipart/alternative; boundary="=_13f1c53bcc24d57e967719097c7ea7ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/gbRnlNc1KVNFczCBW6AY9gyyXUM>
Subject: Re: [Sat] WG Last Call for comments: draft-ietf-satp-architecture-02
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 18:56:55 -0000
Hey folks, To add some context, we thought about quite a few of these considerations in our papers on SATP: -https://www.techrxiv.org/articles/preprint/CBDC_bridging_between_Hyperledger_Fabric_and_permissioned_EVM-based_blockchains/21809430 -https://www.sciencedirect.com/science/article/abs/pii/S0167739X21004337 We did not add those to the specification for the reasons that Thomas mentioned. That said, this discussion could be a good fit for the appendix. Perhaps the architecture document would be better suited since the security model extends to crash recovery. Rafael A 2024-03-12 20:42, Thomas Hardjono escreveu: > Thanks David and Rama, > > One useful analogy at the protocol level is to compare the > function/purpose of the SATP protocol with the function/purpose TLS1.2 > protocol (RFC5246). > > The TLS1.2 spec defines the behavior of the client/server to establish > keys amd secure session etc., but the RFC does not say __how__ to > implement a TLS Server. The server could be a standalone box, a > microservice in a private cloud, or on a public cloud. In each of > these cases, the actual implementation quality and attack-resistance > will vary. > > Similarly, the SATP-Architecture and SATP-Core defines the behavior of > gateways (which we call Client/Server in SATP-Core). It does not say > how to implement a Gateway in a relatively attack-resistant manner. > > A useful part of RFC5246 is its Appendix F (Security Analysis), which > discusses some of the possible attacks and some strategies to counter > them. Even there, the Appendix does not explain how to implement > against these attacks. > > Perhaps SATP-Architecture (or SATP-Core) could be improved by adding an > Appendix discussing the Security Threats. > > What do folks think? > > Best > > --thomas > > From: sat <sat-bounces@ietf.org> on behalf of VENKATRAMAN RAMAKRISHNA > <vramakr2@in.ibm.com> > Date: Tuesday, March 12, 2024 at 1:33 PM > To: ladler2@bellatlantic.net <ladler2@bellatlantic.net>, sat@ietf.org > <sat@ietf.org> > Subject: Re: [Sat] WG Last Call for comments: > draft-ietf-satp-architecture-02 > > David, > > In my opinion, SATP doesn't require "everybody" to be honest, but just > requires that each counterparty network be "collectively honest", i.e., > maintain internal consistency and have the capacity to thwart insider > Byzantine failures. > > Further, if a gateway acts dishonestly, "honest" counterparty networks > will be able to find out through an audit (which is not as satisfactory > as a prevention, but it may be the best we can get in a completely > decentralized setting.) > > Your point about SATP coming under intense threat (and scrutiny, if it > handles large-valued assets) is very well taken though. We do need to > make the security assumptions and caveats crystal clear. IMO the design > principle of network opacity as mentioned in Section 3.1 covers the > point about collective network honesty as it tells users that, from > SATP's perspective, the network is a unitary entity that has delegated > asset transfer privileges to a gateway. > > Rama > > -----Original Message----- > From: sat <sat-bounces@ietf.org> On Behalf Of ladler2@bellatlantic.net > Sent: Tuesday, March 12, 2024 9:45 PM > To: sat@ietf.org > Subject: [EXTERNAL] Re: [Sat] WG Last Call for comments: > draft-ietf-satp-architecture-02 > > Hi: > I have a problem with the architecture document because it contains > only small sections related to security. > The SAT process will come under intense threat from external theft and > internal fraud. > The architecture document focuses on a clean asset exchange where > everyone is honest and uses well tested software. > > I am not an expert on blockchain or related technologies so the experts > in the WG should add to the architecture document the features > necessary to deal with the threats. > > Question: Do we want to revisit the architecture document when the > threats to the SAT process are enumerated? > > David Millman > > -----Original Message----- > From: sat <sat-bounces@ietf.org> On Behalf Of Wes Hardaker > Sent: Saturday, March 9, 2024 9:08 AM > To: sat@ietf.org > Subject: [Sat] WG Last Call for comments: > draft-ietf-satp-architecture-02 > > Greetings all, > > The authors have requested that draft-ietf-satp-architecture-02 be > placed into WG last call and after a review by the chairs we agree it's > ready to progress forward. I have some personal comments that I'll > submit during last call, but nothing substantive or process-problematic > that should hold up it progressing. Thus, we have changed the > document's status to being in WG LC and have set a deadline of 4 weeks > from now. Thus, WG LC will end on April 6th, AOE (anywhere on earth). > > We encourage all participants of the WG to read the document, suggest > any changes you feel are needed from simple editorial suggestions to > calling out major issues you find with the document. WG participants > should also express their opinions about whether or not the document is > ready to progress and you support it's publication. > > All comments should be sent to the mailing list. > > -- > Wes Hardaker > USC/ISI > > -- > sat mailing list > sat@ietf.org > https://www.ietf.org/mailman/listinfo/sat > > -- > sat mailing list > sat@ietf.org > https://www.ietf.org/mailman/listinfo/sat > > -- > sat mailing list > sat@ietf.org > https://www.ietf.org/mailman/listinfo/sat -- -- Rafael Belchior Ph.D. student in Computer Science and Engineering, Blockchain - Técnico Lisboa https://rafaelapb.github.io/ https://www.linkedin.com/in/rafaelpbelchior/
- [Sat] WG Last Call for comments: draft-ietf-satp-… Wes Hardaker
- Re: [Sat] WG Last Call for comments: draft-ietf-s… ladler2
- Re: [Sat] WG Last Call for comments: draft-ietf-s… VENKATRAMAN RAMAKRISHNA
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Thomas Hardjono
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Rafael Belchior
- Re: [Sat] WG Last Call for comments: draft-ietf-s… VENKATRAMAN RAMAKRISHNA
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Thomas Hardjono
- Re: [Sat] WG Last Call for comments: draft-ietf-s… ladler2
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Thomas Hardjono
- Re: [Sat] WG Last Call for comments: draft-ietf-s… VENKATRAMAN RAMAKRISHNA
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Thomas Hardjono
- Re: [Sat] WG Last Call for comments: draft-ietf-s… Martin Gfeller