Re: [secdir] Secdir review of draft-ietf-ecrit-additional-data

Randall Gellens <randy@qti.qualcomm.com> Wed, 16 September 2015 18:25 UTC

Return-Path: <randy@qti.qualcomm.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8A21A8AF5 for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 11:25:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.711
X-Spam-Level:
X-Spam-Status: No, score=-6.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9M6wOAxPhrX for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 11:25:43 -0700 (PDT)
Received: from sabertooth02.qualcomm.com (sabertooth02.qualcomm.com [65.197.215.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C7AB1A8AB2 for <secdir@ietf.org>; Wed, 16 Sep 2015 11:25:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1442427943; x=1473963943; h=message-id:in-reply-to:references:date:to:from:subject: cc:mime-version:content-transfer-encoding; bh=TiouLSSqjy1DmCbzJTYZdGcpoWmnIIvzh9L0RIsTArw=; b=GaKFXPIHYdDSY5p1Kysg4Jfo1kkAEpHfG4tp9COriQCVIUGIupjCGi1e EwEr4B1a56BY1tzzXIH2HJ/bsARK3jNK32rWrPPxd1og9HBEwC4wR5GfX ZniUnOiAGBiAuiAP2ygAyW07VIbxfE0wWGUM01SJZdKB/9MMKzQTLbOUI 8=;
X-IronPort-AV: E=McAfee;i="5700,7163,7926"; a="97981420"
Received: from ironmsg02-lv.qualcomm.com ([10.47.202.183]) by sabertooth02.qualcomm.com with ESMTP; 16 Sep 2015 11:25:42 -0700
X-IronPort-AV: E=Sophos;i="5.17,540,1437462000"; d="scan'208";a="33681572"
Received: from nasanexm02f.na.qualcomm.com ([10.85.0.87]) by ironmsg02-lv.qualcomm.com with ESMTP/TLS/RC4-SHA; 16 Sep 2015 11:25:41 -0700
Received: from [99.111.97.136] (10.80.80.8) by nasanexm02f.na.qualcomm.com (10.85.0.87) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Wed, 16 Sep 2015 11:25:40 -0700
Message-ID: <p0624061ad21f64144d1f@[99.111.97.136]>
In-Reply-To: <CADajj4Yk5RAvour880Ekor60aSRWUU+k6hWOt5HkEo7CYrNnOg@mail.gmail.com>
References: <CADajj4bzDNqCzaJSjviVZm1nk8CrbUopzj0PrNNOUcK9SNG1ZA@mail.gmail.com> <p06240610d21e68de6c17@99.111.97.136> <CADajj4a+uJi3h1qjQ9xgGup_2teQc9hgfRyWDwwKvQS5aUJDOg@mail.gmail.com> <p06240612d21e7dc050f6@99.111.97.136> <CADajj4ZGx-8vFrZXd_CQcuG3GJWYDJoFTBQ+do-duicgadkEYw@mail.gmail.com> <2do7j0.nurejh.2vaeqo-qmf@mercury.scss.tcd.ie> <p06240616d21f443ed6d5@99.111.97.136> <CADajj4aL540rk5yaVea87f_DUCc-q4n1rPzuFPXGE2=ehXAMhw@mail.gmail.com> <p06240619d21f5df7de24@99.111.97.136> <CADajj4Yk5RAvour880Ekor60aSRWUU+k6hWOt5HkEo7CYrNnOg@mail.gmail.com>
X-Mailer: Eudora for Mac OS X
Date: Wed, 16 Sep 2015 11:25:37 -0700
To: Magnus =?iso-8859-1?Q?Nystr=F6m?= <magnusn@gmail.com>
From: Randall Gellens <randy@qti.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01E.na.qualcomm.com (10.85.0.31) To nasanexm02f.na.qualcomm.com (10.85.0.87)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/7IudQTsLAFsWLiYoU4y3Pv-yYlc>
Cc: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-ecrit-additional-data@tools.ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-ecrit-additional-data
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 18:25:44 -0000

How do we want to word this?

The original wording based on your suggestions was:

    TLS MUST be version 1.2 or later.  It is RECOMMENDED to use only
    cypher suites that offer Perfect Forward Secrecy (PFS) and avoid
    Cipher Block Chaining (CBC), for example,
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] [RFC5289].

The next revision was:

    TLS MUST be version 1.2 or later.  It is RECOMMENDED follow
    [BCP195].

So how to we want to work CBC in to this?  And if 
we do, does that mean we need to also mention the 
specific cypher suites?


At 11:19 AM -0700 9/16/15, Magnus Nyström wrote:

>  Sorry, yes, also mention no CBC
>
>  On Wed, Sep 16, 2015 at 10:57 AM, Randall 
> Gellens 
> <<mailto:randy@qti.qualcomm.com>randy@qti.qualcomm.com> 
> wrote:
>
>  At 10:31 AM -0700 9/16/15, Magnus Nyström wrote:
>
>>  Just a personal remark: BCP 195 still allows 
>> earlier versions of TLS, even TLS 1.0. I felt 
>> that for a new application like this, one 
>> could go stronger. Maybe  a combo - where you 
>> rely on BCP 195 but mandate TLS 1.2 (or later)?
>>
>
>
>  And not mention CBC?
>
>
>>
>  On Wed, Sep 16, 2015 at 9:14 AM, Randall 
> Gellens 
> <<mailto:randy@qti.qualcomm.com>randy@qti.qualcomm.com> 
> wrote:
>
>  At 7:38 AM +0000 9/16/15, 
> <mailto:stephen.farrell@cs.tcd.ie>stephen.farrell@cs.tcd.ie 
> wrote:
>
>   On Wed Sep 16 04:09:03 2015 GMT+0100, Magnus Nyström wrote:
>
>   Yes, at least mandating TLS 1.2 or higher and recommending as per above
>   seems reasonable.
>   The references for the GCM suites would be RFC 5288 and RFC 5289.
>
>
>   BCP195 has recent recommendations for most TLS 
> options. I'd say it'd be best to use those or 
> if not figure out why they're not correct for 
> this context.
>
>
>  Just to be clear: are you suggesting that we 
> replace text suggested by Magnus:
>
>     TLS MUST be version 1.2 or later.  It is RECOMMENDED to use only
>     cypher suites that offer Perfect Forward Secrecy (PFS) and avoid
>     Cipher Block Chaining (CBC), for example,
>     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
>     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
>     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
>     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] [RFC5289].
>
>  With this:
>
>     TLS MUST be version 1.2 or later.  It is RECOMMENDED follow
>     [BCP195].
>
>
>  Note that BCP 195 does not address CBC (but 
> does discuss PFS).  I just want to be clear 
> before making the change, so please confirm 
> that this works.
>
>  --
>  Randall Gellens
>  Opinions are personal;    facts are suspect;    I speak for myself only
>  -------------- Randomly selected tag: ---------------
>  If the odds are a million to one against something occurring, chances
>  are 50-50 it will.
>
>
>
>
>  --
>
>  -- Magnus
>
>
>
>
>  --
>
>  Randall Gellens
>  Opinions are personal;    facts are suspect;    I speak for myself only
>  -------------- Randomly selected tag: ---------------
>
>  Between two evils, I always pick the one I never tried before.
>                                                    --Mae West.
>
>
>
>
>  --
>
>  -- Magnus



-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Total deregulation would allow anybody to fly any route, a
situation that is unlikely ever to occur.
        --New York Times Magazine, 9 May 1976.