Re: [savi] Status of draft-ietf-savi-threat-scope
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 15 June 2011 15:35 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5824911E8158 for <savi@ietfa.amsl.com>; Wed, 15 Jun 2011 08:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MZQeAka432R for <savi@ietfa.amsl.com>; Wed, 15 Jun 2011 08:35:27 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4FF4611E814F for <savi@ietf.org>; Wed, 15 Jun 2011 08:35:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 8D021171C20; Wed, 15 Jun 2011 16:34:56 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1308152096; bh=lLxD/YVBPoaCq6 fSsH8jC2Pb+VDEDt1e0/WfLmKfzrQ=; b=iLS5oJcnZYk3vHsWZfEOl7D13HRAaC zOHxKKG7+N2Y5NCh3huJM7YZx9o+6z8bfOzOh5fUARmn+f65O599OEu0Qg/KbyXR PxBUlpD2HQcRXtyGUTjCBuZAMxnDil2vJunj0Qu08l6uYi4w69fRe/HedvSWgXHG TCbqCo/JuZl0tEZOPaiWzdrN9ptVEwLqw1xvHlFX+FBTptGWRaiQg5qhf+OBFaFe rINcaFQI4ZsG711dUIqDuBbZwiZ+cnckO7hUa/BoQYzQUvtXfdZWbFnyuW3RIL/n WGn2zNBfo7PkrEURdB4snwQ/Yz58TAnCisC8X/X341fDZBC6V1x5ZbJw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id gnMtlecZkAuQ; Wed, 15 Jun 2011 16:34:56 +0100 (IST)
Received: from [134.226.36.137] (stephen-samy.dsg.cs.tcd.ie [134.226.36.137]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id E6E14171BFE; Wed, 15 Jun 2011 16:34:53 +0100 (IST)
Message-ID: <4DF8D11D.8000102@cs.tcd.ie>
Date: Wed, 15 Jun 2011 16:34:53 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>
References: <20110526184749.21820.68101.idtracker@ietfa.amsl.com> <4DE34147.8070103@piuha.net> <4DE3A604.8080807@joelhalpern.com> <4DE3BDE4.2040909@piuha.net> <BANLkTinwfLDNdovh+_fYm3sX_QiZfE0Qzw@mail.gmail.com> <4DF8A45F.8020702@cs.tcd.ie> <BANLkTinPAyZVyZLs3tV0Z4mC8fomDAG8og@mail.gmail.com> <4DF8C0EE.1050404@cs.tcd.ie> <BANLkTin8=LpMcx22Az7OoQ4MuLi26J53ew@mail.gmail.com>
In-Reply-To: <BANLkTin8=LpMcx22Az7OoQ4MuLi26J53ew@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: SAVI Mailing List <savi@ietf.org>, draft-ietf-savi-threat-scope@tools.ietf.org
Subject: Re: [savi] Status of draft-ietf-savi-threat-scope
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 15:35:28 -0000
On 15/06/11 15:46, Jean-Michel Combes wrote: > Hi again, > > 2011/6/15 Stephen Farrell <stephen.farrell@cs.tcd.ie>: >> >> Hi Jean-Michel, >> >> On 15/06/11 15:11, Jean-Michel Combes wrote: >>> Hi Stephen, >>> >>> I totally agree with you about the fact that deploying different SAVI >>> solutions on a same architecture may have as consequences extra >>> residual threats. >>> That's why, from my point of view, the right place for such an >>> analysis was the MIX SAVI document >>> (http://tools.ietf.org/html/draft-ietf-savi-mix-00). >> >> So if you're saying that that document will eventually contain >> the residual threat analysis for all the others then I'm fine >> with that. Sorry for not spotting it, but I guess I can use >> the missing security considerations section in the -00 as my >> lame excuse:-) > > :) > >> >> If that's the plan I'm happy to clear that part of the discuss. >> > > Yes that's the plan and this is clearly identified in my TODO list for > the review of this document. Grand. I've cleared the two relevant discuss points (2 & 17). I copied that text down to the end of the comments to help keep track as we kill off the other discuss and comment points. Thanks, S. > > Cheers. > > JMC. > >> Cheers, >> S. >> >> >>> >>> Cheers. >>> >>> JMC. >>> >>> 2011/6/15 Stephen Farrell <stephen.farrell@cs.tcd.ie>: >>>> >>>> Hi Jean-Michel, >>>> >>>> On 08/06/11 18:28, Jean-Michel Combes wrote: >>>>> Hi, >>>>> >>>>> At first sorry for the delayed reply. >>>>> >>>>> Please, see my comments inline. >>>>> >>>>> 2011/5/30 Jari Arkko <jari.arkko@piuha.net>: >>>>>> Joel, >>>>>> >>>>>>> As I have said, i am happy to make most of the changes. >>>>>>> However, there are two changes requested by Ralph that change the scope in >>>>>>> a way that I do not feel I (or you) can call for. >>>>>>> I have been awaiting the Chair's review on these two substantive issues: >>>>>>> >>>>>>> 1) The issue of analysis of the effect of SAVI, and what threats remain >>>>>>> after SAVI was requested by Stephen. I pointed out that this is not in >>>>>>> scope for the document, and he said that he wanted it anyway. I punted to >>>>>>> you and the chairs. I believe it would take WG agreement, AD agreement on >>>>>>> scope change, and chair direction, before I can make that change. >>>>>> >>>>>> My opinion is that this document should NOT do that analysis or attempt to >>>>>> find out precisely what residual threats are after some set of SAVI tools >>>>>> have been implemented in a network. I think we touched upon it in the call, >>>>>> but I can talk to Stephen about it. >>>>> >>>>> >>>>> I agree with Jari: >>>>> (1) IMHO, this would be like to put the cart before the horse :) >>>>> (2) to doing such an analysis you need a clear specification of a SAVI >>>>> mechanism which is outside the scope of this document. BTW, during my >>>>> review of FCFS SAVI for the ID Write-Up document, text about residual >>>>> threats was added inside the Security Considerations section. I will >>>>> carefully check that the DHCP SAVI, SEND SAVI and the Mix Scenario >>>>> documents take into account this issue before requesting AD/IESG >>>>> review. >>>> >>>> So my question then is where will I go to find a description of >>>> the residual threat for SAVI generally? Right now, it looks like >>>> there's going to be no place for that. >>>> >>>> The problem I see with that not being available is the following. >>>> >>>> Each SAVI mechanism (FCFS etc.) is going to catch certain forms >>>> of spoofing but inevitably leave others available and as you >>>> say those mechanism-specific residual threats will need to be >>>> documented in each SAVI spec. >>>> >>>> But I think there are dangers inherent in deploying a network >>>> with multiple SAVI mechanisms because of this - the issue being >>>> that an innocent party might be blamed for some action on the >>>> basis that a combination of SAVI mechanisms makes it "impossible" >>>> that the action actually involved spoofing. >>>> >>>> That kind of thing has happened in DRM-related cases so I >>>> think its important that the residual threat when all the various >>>> SAVI mechanisms are defined be properly documented somewhere. >>>> >>>> In addition I would assume that vendors are likely to implement >>>> more than one SAVI mechanism in some of their products, so >>>> customers for those products should also be interested in the >>>> residual threat for combinations of SAVI mechanisms. >>>> >>>> And I think that only the SAVI WG will have the expertise >>>> required to do that. >>>> >>>> Would it make sense to try get someone to write a document >>>> just on that towards the end of the process? (Assuming you >>>> could get a volunteer? I can try see if some security area >>>> type person would be willing to help as well if you like.) >>>> >>>> Cheers, >>>> Stephen. >>>> >>> _______________________________________________ >>> savi mailing list >>> savi@ietf.org >>> https://www.ietf.org/mailman/listinfo/savi >>> >> > _______________________________________________ > savi mailing list > savi@ietf.org > https://www.ietf.org/mailman/listinfo/savi >
- [savi] Status of draft-ietf-savi-threat-scope Jari Arkko
- Re: [savi] Status of draft-ietf-savi-threat-scope Joel M. Halpern
- Re: [savi] Status of draft-ietf-savi-threat-scope Jari Arkko
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell
- Re: [savi] Status of draft-ietf-savi-threat-scope Jean-Michel Combes
- Re: [savi] Status of draft-ietf-savi-threat-scope Stephen Farrell