Re: [secdir] Secdir review of draft-murchison-nntp-compress-05
Barry Leiba <barryleiba@computer.org> Wed, 21 September 2016 16:11 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC6C012B569; Wed, 21 Sep 2016 09:11:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7Trvy1paJoV; Wed, 21 Sep 2016 09:11:36 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E53512B566; Wed, 21 Sep 2016 09:11:36 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id z190so50285310qkc.3; Wed, 21 Sep 2016 09:11:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=AqUlFsDumT8/0fSM+tUIwg0CbwxTB0RiJ++3PzJa9f8=; b=yZNji6BeiQeuwYsAf+EINnrRyXCEYTmRgbrjER0Uox9XXvf/J2BWa/1c77w2Gd5KAt EpdtHzqWXduQ2M6N5jN2mjSt+QICxHmkIJuKDmkS7i56tOOYCxWEWejSJ79/HzyjEwEZ opkOZHjrdDFfjWu08VxTicncijubsHJ68OS5b8crV9VCzsnX9aV17zyi5RJ7312a/Tj5 PorWIWVaJknKzs8LlcYk/Mn2tb4f9LjeQtzHHL6+fIZUtJtMSupwMze5pHS/NTzusdfW gRZXodBOJmKkO5OtVbnAYrp8SHHMxcI89PxmYnch7Efrajc6zV/fXWSNHLcFByog6J22 TU6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=AqUlFsDumT8/0fSM+tUIwg0CbwxTB0RiJ++3PzJa9f8=; b=dSfk6ybI2qtWcEr0HPDnc+1FYaZyhqQrBTqoLNL1n6qsx0Dn57+ZR3sX7BXIIBJB7x yg2fAnGH2nSBv8zuDyUT0pSOxUworwJSA59eDhLxHHlFOdNgeS7vC68k9FxL2o+5+JlR gQ+eqLbj/hr5mE81gSeo0F4kNdAy2OWcknXOQ96U4SZLhFbfxLSl9WYnHDs5fn3RT7bO A+rgGhebn+XsM1kzUQjJWd+TZL7A4MqOcq1ZYgSn28XEtAXLAjMKU4PphFwLgb4g9exs E/AN/mtmQfA9FjSuF6EmM1jCFP8JVxybezposMEZReaS+QryNau4ZJgdHumRlTCkv8oR EfWQ==
X-Gm-Message-State: AE9vXwMam+PJbSEn6PzFx1iheWrbJHln8JTrtBiDaR2rNMNndFotPoAF4mJzoZqHbBzN/aeTQBxWZOyQydmKig==
X-Received: by 10.55.101.16 with SMTP id z16mr40121189qkb.276.1474474295176; Wed, 21 Sep 2016 09:11:35 -0700 (PDT)
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 10.140.39.52 with HTTP; Wed, 21 Sep 2016 09:11:34 -0700 (PDT)
In-Reply-To: <20981db3190142193043f1445abadaa3@trigofacile.com>
References: <CALaySJ+mJdorTkygsZ==Bja+0ZmavTkq2kC33QJ67LeM34K=Ng@mail.gmail.com> <20981db3190142193043f1445abadaa3@trigofacile.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 21 Sep 2016 17:11:34 +0100
X-Google-Sender-Auth: Wvp2k4HEnHClUlaif8uSJPZU5QA
Message-ID: <CALaySJKP3AEgb7=rRz=T0R4vKWOHE6AAHeg-k-h28KrtjXP64A@mail.gmail.com>
To: Julien ÉLIE <julien@trigofacile.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3cpMQ02jS-DPGGkAgN-yBIUrmxc>
Cc: draft-murchison-nntp-compress.all@ietf.org, IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-murchison-nntp-compress-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2016 16:11:43 -0000
Hi, Julien, and thanks for the thorough response. Further response only on the items where response is needed: > Maybe you would prefer for our document: > > Consequently, a server MAY list the AUTHINFO capability with > no arguments, or not advertise it at all, in response to a CAPABILITIES > command received from an unauthenticated client after a compression > layer is active > > This way, we would no longer use SHOULD, but MUST and one MAY. It's a small point, but I don't like "MAY" to introduce two alternatives, because it's not clear whether there might be other alternatives as well... or not. How does it work for you to make it "MUST" instead of "MAY", saying, therefore, that the server MUST either list AUTHINFO with no arguments or not advertise it at all? Then it's clear that there are two alternatives, and either is OK. No? >> When compression is active and either the client or the server >> receives invalid or corrupted compressed data, the receiving end >> SHOULD immediately close the connection. (Then the sending end will >> in turn do the same.) >> >> Same question. > > We used SHOULD because RFC 4642 uses SHOULD in a in Section 2.2.2: OK. > I therefore also suggest to keep SHOULD here. > Do you believe we should switch to MUST anyway? (Wouldn't it be a > too strong constraint?) Well (and we're now down to nit level, so do as you think best here), as I see it, it's not a question of level of constraint -- if it were, you could say it without 2119 key words, as "the receiving end immediately closes the connection, in response to which the sending end will do the same." (Now that I think about it more, I think that's the best answer, but if you disagree that's fine.) The (very, very small) problem I have with "SHOULD" here is that "SHOULD" means that you really need to do it unless you have a good reason not to and have considered the consequences of not doing it. Along that line, what does it really mean for me *not* to close the connection when I've received bogus compressed data? > Wording suggested for our document: > > This document defines the following new response code. It is not > multi-line and has no arguments. > > Response code 206 > Generated by: COMPRESS > Meaning: compression layer activated Parfait; merci. > Je ne suis effectivement ni Shakespeare ni Molière :) He-he... >> In case confidential articles are accessed in private >> newsgroups, special care is needed: implementations SHOULD NOT >> compress confidential data together with public data when a security >> layer is active, for the same reasons as mentioned above in this >> Section. >> >> Sorry: it is not clear to me what reasons those are; can you be >> specific here? And why SHOULD, and not MUST? > > ... because the reasons above do not strictly apply to that case. > > Suggestion: > > In case confidential articles are accessed in private > newsgroups, special care is needed: implementations SHOULD NOT > compress confidential data together with public data when a security > layer is active. As a matter of fact, adversaries that observe > the length of the compressed data might be able to derive > information about it, when public data (that adversaries know is > read) and confidential data are compressed in the same compress session. That sounds great; thanks. > I suggested SHOULD because I thought MUST was too strong. > It would imply that clients and servers have a way to specify > the confidentialness of newsgroups. It currently does not exist, > and I doubt a user would maintain it in its news client. Yes, that makes sense. >> Additionally, implementations MAY ensure that the contents of two >> distinct confidential articles are not compressed together. >> >> Of course they MAY, but what's the point of saying that. I think >> you'd be much better off skipping the 2119 key word here, and instead >> say something about why it might be good to do this: what's the >> advantage? Something like, "Additionally, implementations would do >> well to ensure that the contents of two distinct confidential articles >> are not compressed together, because [of this advantage]." > > We had in mind the following scenario: > > "[...], because adversaries might be able to derive information about > confidential articles as they may have identical header fields (like > Subject, Newsgroups or From) or header fields whose contents may be > predictable (like Xref or Injection-Info)." > > Maybe "predictable" is not the right word. > "have a structured pattern"? "are formatted in a known syntax?" > > Examples: > Injection-Info: news.trigofacile.com; posting-account="eliej"; > posting-host="news.trigofacile.com:2001:41d0:1:6d44::1"; > logging-data="29828"; mail-complaints-to="abuse@trigofacile.com" > Xref: news.trigofacile.com trigofacile.test:566 > > Do you have a preferred wording for that paragraph? > (Should a reference to RFC 5536 be also mentioned? Like "These header > fields are described in [RFC5536].") As I say, maybe just drop the key word and say it without capitals. If it's not easy to explain or determine, maybe just say that it's good to do it if you can: NEW Additionally, it is preferable not to compress the contents of two distinct confidential articles together if it can be avoided. END But, again, it's a small point that probably doesn't need further discussion. > In the registry, it is indeed best to use upper case. I can mention it. > > Just to be certain of the meaning of your remark: the algorithm name > in the NNTP command is not required to be upper case. > > algorithm = "DEFLATE" / 1*20alg-char > alg-char = UPPER / DIGIT / "-" / "_" > > ABNF syntax is not case-sensitive, so "COmprESs dEFlaTe" is a valid > NNTP command, that has the same effect as "COMPRESS DEFLATE". Actually, that's an ABNF error that I missed: "DEFLATE" doesn't have to be in upper case, but any *other* algorithm does (because "alg-char" can only contain UPPER, not ALPHA or LOWER). To fix that, I suggest using this: algorithm = %s"DEFLATE" / 1*20alg-char ...and adding a normative reference to RFC 7405... that forces DEFLATE to be upper case. Unless, of course, you really want to allow case-insensitivity here. If that's so, you'll need to change the definition of alg-char to use ALPHA, and you'll need to tell IANA that all values should be converted to upper case when they're registered (so that we won't wind up with "FLOOB" and "floob" both being registered). >> Oy. This really sounds convoluted to me, and the "MAY, but SHOULD >> NOT" is a direct contradiction. > > Just saying that an implementation has the possibility to do that (MAY) > but is not encouraged to (SHOULD NOT). But that's not what it says: "MAY" doesn't mean it's possible; it means that the choice is entirely an option. So what that's really saying is that it's perfectly OK to do either, at your option... and then making a fairly strong restriction against one of the options. I think that's poorly specified and can be confusing. Considering what you say in your response after that, let me suggest an alternative: NEW If the server advertises a registered NNTP compression algorithm, it MUST implement the compression algorithm so as to fully conform with its related specification. If it does not implement the compression algorithm as specified, the implementation is considered a private algorithm and MUST NOT be listed with the registered name in the arguments list of the COMPRESS capability label. Private algorithms with unregistered names are allowed, but SHOULD NOT be used because it is difficult to achieve interoperability with them. END How's that? >> A server MUST NOT send different response codes to COMPRESS in >> response to the availability or use of a private compression >> algorithm. >> >> I don't understand what this is saying at all. Different from what? >> Can you clarify this? > > Suggestion: > > The 206, 403, and 502 response codes a news server answers > to COMPRESS using a private compression algorithm MUST have the > same meaning as the one documented in Section 2.2 of this document. Ah, yes, very clear now. Thanks. > Thanks again for your valuable comments to help improve the quality > of the document. You're welcome; I'm glad they've been helpful. Barry
- [secdir] Secdir review of draft-murchison-nntp-co… Barry Leiba
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Barry Leiba
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Barry Leiba
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE
- Re: [secdir] Secdir review of draft-murchison-nnt… Ken Murchison
- Re: [secdir] Secdir review of draft-murchison-nnt… Michael Bäuerle
- Re: [secdir] Secdir review of draft-murchison-nnt… Alexey Melnikov
- Re: [secdir] Secdir review of draft-murchison-nnt… Julien ÉLIE