Re: [secdir] Secdir review of draft-ietf-quic-tls-48
Lucas Pardue <lucaspardue.24.7@gmail.com> Wed, 02 December 2020 15:56 UTC
Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23A393A1462; Wed, 2 Dec 2020 07:56:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rrer663euwzd; Wed, 2 Dec 2020 07:56:50 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A31713A134A; Wed, 2 Dec 2020 07:56:49 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id r5so4405346eda.12; Wed, 02 Dec 2020 07:56:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mCsKTvf91JR/3DQ1vsQU35kR2LCSQbuNOzH7J1F4VwY=; b=GucjbGH6La3xKt9Xxz/YQhNnjgnbTkwojFyN2p40AisnMcE/aWboi3Ask37hWm6u2Q njXGZfsqFeOO/YUfq5iZIKN9KdUMmA/uQAP/5EbPSdsQKV0ohK8O6yGjAOfbywg+6FwG 87yf/uN7pYVDPTc0No339H8Mn1EW76n+2w4Au40w38reZ/pf46FUX8PHnxg0CxJkNf/1 qAySdR+FZtQddFY6uy7cK8R5JxQFr7fpU6ZtMZhth268NteQH87B9w2XxnHZ4TCkM/JU 6NV+EBrIKmxvAVRYsE4BRIj96s+2FLQxeGUX2pZiST8aoYwxQfI3WqtQaetNkNVS9NsQ a0Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mCsKTvf91JR/3DQ1vsQU35kR2LCSQbuNOzH7J1F4VwY=; b=BUEIYJ/WJ30lznMRB4eLMUEOdDnou5JfUWVJQTjie4oe3d0TpwGXeNaJkcYeCXlHW1 P/m7c+9c8tYXRClRWvPabPCJo71Kmw2W3DnFuyLDRbES4IouNunRlJLQrxErfrcwmQQC FgWPBZsy/5DLfl+4Xhj4OLDZsVp0Y+ph2i+aES2Ua9SYolfrIlOxX5/DMZYG72yilQ8o HeXkosop4Is2VSQatZIi1G8wQd5Og3fEP+ma/ZQ3pZt8rEMM4QDqoJL3a/+qdves5Q/o QAhVE+Y2k/AjXJ+XtCAJbQ6EKZoFF+a1QdqxzqVjjFjXhcBm0ODgeAJtX67Fmz3m2Gt5 wsEg==
X-Gm-Message-State: AOAM5323rsgH6/iRlwKagwFuyAYtExmBiUn4hx6LQJSZe/HhLSapDYpW lcD68/wbtGhq2dVBMLxkIloy4b7fJ7Epj0gOos4=
X-Google-Smtp-Source: ABdhPJzluVR/dvyJ9dvnuQnvSVsImbaSPAA1l/cnPtjm3+SvT0pR+kBMm96+5QYN+Gv1odqPIt5/MqXC68+CPIGBm+s=
X-Received: by 2002:a50:ccc8:: with SMTP id b8mr561984edj.152.1606924607972; Wed, 02 Dec 2020 07:56:47 -0800 (PST)
MIME-Version: 1.0
References: <CAFOuuo4hcHoDjzCJzyxfU8Oq1cZzBXz9TAmUXuKPUE-PVNzQUQ@mail.gmail.com> <91D914EE-0205-47E4-9A38-3978DD9E18F1@eggert.org>
In-Reply-To: <91D914EE-0205-47E4-9A38-3978DD9E18F1@eggert.org>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Wed, 02 Dec 2020 15:56:36 +0000
Message-ID: <CALGR9obyZ2KEDSUEQqd_j78-DFobQkgYfKzUeJM+Bo_uOBHq_A@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: Radia Perlman <radiaperlman@gmail.com>, secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-quic-tls.all@ietf.org, IETF QUIC WG <quic@ietf.org>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000706ad505b57d4a18"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6-hmwtWyjkahnV8HtraTQQhis1k>
Subject: Re: [secdir] Secdir review of draft-ietf-quic-tls-48
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 15:56:52 -0000
Hello, As mentioned previously, review comments raised during the secdir tls review were captured as issues on the QUIC WG GitHub repository. These issues have been assessed by the document editor(s) and shepherd, please see each individual issue for more-specific discussion. As a summary, the following resolutions for issues are: Close with no action ==================== https://github.com/quicwg/base-drafts/issues/4323 Kinds regards Lars and Lucas QUIC WG Co-chairs On Mon, Nov 2, 2020 at 7:42 AM Lars Eggert <lars@eggert.org> wrote: > Hi Radia, > > thank you for the review. I've opened a GitHub issue for any discussion > related to this review: https://github.com/quicwg/base-drafts/issues/4323 > > There is also a milestone at > https://github.com/quicwg/base-drafts/milestone/7. > > Thanks, > Lars > > > On 2020-11-1, at 4:40, Radia Perlman <radiaperlman@gmail.com> wrote: > > > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > > > This document specifies the cryptographic exchanges and formats > associated with the QUIC protocol, which in turn is an ambitious protocol > that could over time replace TCP. quic-transport, quic-tls, and > quic-recovery represent a triple of I-Ds that are always used together and > could be combined into a single spec, though the length of the existing > specs is already daunting. In many cases, it is impossible to evaluate them > independently. > > > > As an interested outsider, I see these protocols as exceptionally well > designed and the specs exceptionally well written. I could not find even > any nits in a very long spec. > > > > It is misleading to regard this as a specification of running QUIC over > TLS. It is related to TLS in the same way that DTLS is related to TLS: it > imports much of the syntax, but there are many differences and its security > must be evaluated largely independently. My initial reaction to this spec > was to wonder why it did not simply run QUIC over DTLS . I believe the > answer is that careful integration improves the performance and is > necessary for some of the address agility/transition design. > > > > Given its potential importance, this deserves a thorough review by our > best security people. Fortunately, from the acknowledgements list, it > appears it has gotten that. > > > > There are a few aspects of the design that might raise eyebrows. For > example: > > > > 1) TLS exchanges start out in cleartext until a key can be negotiated. > QUIC data is always encrypted. The initial packets are encrypted with fixed > keys whose derivation is specified in the I-D until fresh keys are > negotiated. This isn't a security problem...it will just surprise people. > > > > 2) Applications using TLS can usually be configured to run over TCP in > contexts where cryptographic protection is not needed. (e.g., use HTTP > instead of HTTPS). Applications using QUIC cannot. That is likely to mean > in practice that it will more frequently be the case that applications > using QUIC will need to connect to servers without certificates signed by a > CA trusted by the client (because that's the substitute when connecting to > a server without a certificate). It's not clear what the spec should say > about that, but perhaps the problem should be acknowledged. > > > > Radia > > > >
- [secdir] Secdir review of draft-ietf-quic-tls-48 Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-quic-tls… Lars Eggert
- Re: [secdir] Secdir review of draft-ietf-quic-tls… Lucas Pardue