IETF Logo Mail Archive

Re: [secdir] SecDir review of draft-ietf-calsify-2446bis-09

Eliot Lear <lear@cisco.com> Mon, 21 September 2009 10:52 UTC

Return-Path: <lear@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A36693A6849; Mon, 21 Sep 2009 03:52:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.2
X-Spam-Level:
X-Spam-Status: No, score=-10.2 tagged_above=-999 required=5 tests=[AWL=0.398, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1sKz4KLZFO2; Mon, 21 Sep 2009 03:52:26 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id BE90C3A67F8; Mon, 21 Sep 2009 03:52:25 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoAAALD3tkqQ/uCKe2dsb2JhbACBU1YtmCIBARYkBp1qiFABjg4FhBs
X-IronPort-AV: E=Sophos; i="4.44,424,1249257600"; d="scan'208,217"; a="49847209"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 21 Sep 2009 10:53:25 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n8LArPA4008148; Mon, 21 Sep 2009 12:53:25 +0200
Received: from adsl-247-3-fixip.tiscali.ch (ams3-vpn-dhcp7872.cisco.com [10.61.94.191]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n8LArOS7009554; Mon, 21 Sep 2009 10:53:24 GMT
Message-ID: <4AB75B23.60409@cisco.com>
Date: Mon, 21 Sep 2009 12:53:23 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.1) Gecko/20090715 Thunderbird/3.0b3
MIME-Version: 1.0
To: Yaron Sheffer <yaronf@checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC80190AD328370@il-ex01.ad.checkpoint.com>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC80190AD328370@il-ex01.ad.checkpoint.com>
X-Enigmail-Version: 0.97a
Content-Type: multipart/alternative; boundary="------------010108020004050506040101"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=9398; t=1253530405; x=1254394405; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20SecDir=20review=20of=20draft-ietf-calsi fy-2446bis-09 |Sender:=20; bh=PSYaLKAD0XPalX5Rj4BP9DvA7xOOVn71fTl/GNkd990=; b=cP2c2rPCXmXhVGMFvLVCH+efu4/eysTGwVt+XX404XPcR6DL7EXSezHzXq LbWZHHLBgitNVcRWHF4N/Cg1DHuoeN85RfoUcgVWpu8M9DgfaMXNkSRmhY3e VtMA+3qMrA;
Authentication-Results: ams-dkim-1; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
X-Mailman-Approved-At: Mon, 21 Sep 2009 03:57:49 -0700
Cc: "draft-ietf-calsify-2446bis.all@tools.ietf.org" <draft-ietf-calsify-2446bis.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-calsify-2446bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 10:52:27 -0000

Yaron,

Thank you for taking the time to review draft-ietf-calsify-2446bis-09. 
Cyrus should respond in due course to these comments.  I will note two
things:

1.  iTIP is meant to be implemented on top of a transport, such as mail
or some other means (perhaps carrier pigeon or swallow, or other more
sophisticated DTN).  We cannot assume at this layer that there is an
interactive bidirectional negotiating path.  As such the solution space
here is quite limited.  We would value your additional thoughts on this
subject.

2.  We should separate – even in rfc2447bis – encryption and
authentication.  Since RFC-2447 was released the world HAS changed, and
we should consider new approaches and mitigations to email
authenticaiton, such as DKIM.

Warmest regards,

Eliot

On 9/21/09 8:02 AM, Yaron Sheffer wrote:
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
>  
>
> This document is a refresh of the 1998 iTip, an abstract transport
> protocol for iCalendar objects. This protocol is then instantiated for
> specific transports, e.g. RFC 2447, iMip (mail transport).
>
>  
>
> General
>
>  
>
> The original RFC 2446 security considerations seem extensive enough,
> and the proposed mitigations are reasonable. I believe the changes in
> -bis do not require additional work in this area (but see below).
>
>  
>
> Reality Check
>
>  
>
> If basing the entire security of the protocol on S/MIME may have been
> reasonable in 1998, today this is almost meaningless. S/MIME is too
> rarely used to protect mail in transit, and I would imagine its use to
> protect calendaring is even less prevalent.
>
>  
>
> Security
>
>  
>
> - In Sec. 6.2, replace “encrypted” by “encrypted and authenticated”.
>
> - An attack that is never mentioned is unauthorized creation of
> events. In many enterprise situations not everyone is authorized to
> invite the CEO, for example. Similarly, there may be tight control
> over who is allowed to delegate to whom. This obviously calls for an
> access control mechanism, something that is never mentioned in the
> document.
>
>  
>
> Nits
>
>  
>
> - 1.4: in table, objecy -> object
>
> - 3.2.5 and 3.4.5: is MUST -> MUST
>
>
>
> Email secured by Check Point
>
>
>
> Email secured by Check Point
>

v2.23.0 | Report a Bug | By Email