IETF Logo Mail Archive

Re: [secdir] Writing Security Considerations

Yoav Nir <ynir.ietf@gmail.com> Thu, 27 June 2019 16:48 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 761EB120118 for <secdir@ietfa.amsl.com>; Thu, 27 Jun 2019 09:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_6OaV0erXXI for <secdir@ietfa.amsl.com>; Thu, 27 Jun 2019 09:48:46 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C41CC120112 for <secdir@ietf.org>; Thu, 27 Jun 2019 09:48:45 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id u8so6346257wmm.1 for <secdir@ietf.org>; Thu, 27 Jun 2019 09:48:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=xJdy54Y1zgYJu3OReBycJTk4q9w0OlP21aN65nY/6PQ=; b=EEu3xCbpj6YzfM3uWDsrUvwMEP8N8Qeto5LMVIutQRDRzZTqyvi04Owls7awH/Ga9l k6+RsaEXCXju5CfYtX4Vo85n18gungWdmEwaQpHGbZyDB6vhX5DqcbdLbTlet4TurA2M SsM2utRZvBOR4sighT75kmV15hO3qGwpL3gId0Yt1NGt8Nj1e8faw4oiAcjYEiZX5Qn7 qDXRWu618c9mDH1mdLaKg07Tua5kxvCgqSQCQp7KQa5mxijD1y3foVwVVcy/b8zpM9fE 86awHDWM1I7yRG+3ZHoJeycPfawyyjJ68F80fxRG9sXyA3AWdKVAevJ5VJi1UN+bVxPO 9RUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=xJdy54Y1zgYJu3OReBycJTk4q9w0OlP21aN65nY/6PQ=; b=OEjp31gL3jvQUhYchdtqMrf6OB7yHK1WbMPXM8qIjm0Vrp80EUIn1CGYYPyII2PcMC XrFHTSKfN8ZkkUixfOd8YDgTEOPp59jbU4acs1WhSjKHJUck2kIk3GZIukhgS0bpaoqy Vyxlo5ZtuEgiLrJeZ+RWqZCGvsJaL2wBqP35QGvJyteg0p5wtifCHfIbqP9/HkaVIYVQ pkZ/o41fgA9GRGApB/lWvFGgyG7QB+KYKq4JyAZ/ueZ9RjnO2bIfVVQNRgYcRm+ZGRVw zGWLaARNNoeDTkstLeZsALn/mrzVgbskJrXOXqCzSgYunT3XCuZNPeXz4GS7dz/AvVFt orbw==
X-Gm-Message-State: APjAAAVgMDp4oXVopqLzcreDQF/+BPnfabSaksB+wifY7DcIpvQL1ush 2tRY+uBubmfoQdXvhH9bPUI=
X-Google-Smtp-Source: APXvYqyCmf46exFVsVvog1Ipn23O7cl4erJD2tGymSExe7x24KIyzisuSAXOkanT2B2fxVGRJBYaHQ==
X-Received: by 2002:a1c:1fc2:: with SMTP id f185mr4041728wmf.154.1561654124228; Thu, 27 Jun 2019 09:48:44 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id z5sm3917188wrh.16.2019.06.27.09.48.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Jun 2019 09:48:43 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <D2879E85-0D8A-4F77-A8C9-6A351432B482@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A3F9E08E-EA65-4A74-9581-348F74FA1835"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 27 Jun 2019 19:48:41 +0300
In-Reply-To: <5C18F02D-BACE-4251-99D9-AA8D0AEA7F37@inria.fr>
Cc: Rich Salz <rsalz@akamai.com>, secdir <secdir@ietf.org>
To: Vincent Roca <vincent.roca@inria.fr>
References: <AB6D23B6-C4F2-466B-8DE2-75CF6FD6EF8A@gmail.com> <421EA63E-CD5F-4BCC-AA24-3BDBD7182B24@inria.fr> <558A448D-E5EE-4E3C-9B0A-F5B5490E793C@gmail.com> <7D1A00B2-3A6F-4B54-AE8F-9BB7771E6189@akamai.com> <5C18F02D-BACE-4251-99D9-AA8D0AEA7F37@inria.fr>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/93s9CESm9jKxX_A95ZmYOIndzLM>
Subject: Re: [secdir] Writing Security Considerations
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 16:48:50 -0000


> On 27 Jun 2019, at 15:50, Vincent Roca <vincent.roca@inria.fr> wrote:
> 
> Hello,
> 
> The two messages I would suggest:
> 	- You, authors, think everything is fine, that your proposal does not introduce any new threat. Think it twice (or more), 
> 	   there’s probably something that’s worth being said;

That just reads like “Be afraid. Be very afraid”. Yeah, we’re going to tell them to consider all security implications and implementation pitfalls. But without a concrete list of things to check, that’s just like Hill Street Blues’ “Let’s be careful out there"

> 	- And the Security Considerations section is also meant to help developers: in this specific case, it would have 
> 	  been nice to add a warning about this carbon copy in the reply packet, as we all discovered later.

Perhaps the broader lesson is to consider and call out whenever you are using a non-standard format. If a protocol is using JSON, CBOR, XML, YANG, or even ASN.1 you are going to be using some (hopefully) well-tested library that protects you from buffer overruns. When you roll your own format, like we do in things like TLS and IKE, the implementer is going to be writing a parser, and writing a parser is something that requires a level of care that should be called out.

> 
> I think it’s a good example of cool protocol feature that can turn into a security nightmare if wrongly implemented.
> It’s worth explaining IMHO.
> 
> But that’s just an idea, feel free to ignore my suggestion.

If you can suggest text for the slide/s, we’ll consider it.

> Cheers,
> 
>   Vincent
> 
> 
>> Le 27 juin 2019 à 14:15, Salz, Rich <rsalz@akamai.com <mailto:rsalz@akamai.com>> a écrit :
>> 
>> Well there’s also the fact that it was implemented in TLS but only intended for DTLS.
>>  
>> But yeah, I’m still not sure what the lesson learned is.
>>  
>> From: Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>>
>> Date: Thursday, June 27, 2019 at 12:33 AM
>> To: Vincent Roca <vincent.roca@inria.fr <mailto:vincent.roca@inria.fr>>
>> Cc: "secdir@ietf.org <mailto:secdir@ietf.org>" <secdir@ietf.org <mailto:secdir@ietf.org>>
>> Subject: Re: [secdir] Writing Security Considerations
>>  
>> Hi, Vincent. 
>>  
>> Thanks, but I don’t know what kind of lesson there is in this for the general RFC-writing audience.
>>  
>> Always call out when you have internal length fields because that can be done dangerously in C?
>>  
>> I think mis-handling length fields has been an issue with protocols as long as protocols have been implemented.
>>  
>> Yoav
>> 
>> 
>>> On 26 Jun 2019, at 9:57, Vincent Roca <vincent.roca@inria.fr <mailto:vincent.roca@inria.fr>> wrote:
>>>  
>>> Hello Yoav and Linda, 
>>>  
>>> Good initiative.
>>>  
>>> Since you’re looking for stories, here is a proposal, rooted in real life.
>>> RFC6520 (https://tools.ietf.org/html/rfc6520 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc6520&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=FbDzqETFX080s8nnVXHURz64o5cbrHAGdKknxxMVsBA&e=>) on TLS heartbeat extension has a pretty simple security considerations section: it says 
>>> it does not introduce any new security consideration and it refers to two existing RFCs.
>>>  
>>> We all know this TLS heartbeat extension has been the cause of the famous heartbleed OpenSSL vulnerability and associated attack.
>>> Of course the major problem comes from an erroneous implementation of the mechanism in OpenSSL:
>>> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 <https://urldefense.proofpoint.com/v2/url?u=https-3A__git.openssl.org_gitweb_-3Fp-3Dopenssl.git-3Ba-3Dcommitdiff-3Bh-3D96db9023b881d7cd9f379b0c154650d6c108e9a3&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=9FZTwoOauH47k_ngFMjQzuMPRb0jIWcs96Y0axdM9gY&e=>
>>>  
>>> The goal is not to blame anybody in person, especially as the RFC describes what should be done to prevent any problem.
>>> But I also think this is a document where we all (i.e., authors/secdir/IESG) should have highlighted the associated risk of badly
>>> implementing the response message in the Security Considerations section. As always in such a situation, it’s easier to say afterwards!
>>>  
>>> I think there is a way to say that in a positive way (lessons learned) and tell an interesting story many people heard about without knowing
>>> the details.
>>>  
>>> Cheers,
>>>  
>>>   Vincent
>>>  
>>>  
>>>> Le 25 juin 2019 à 20:57, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> a écrit :
>>>>  
>>>> Hi, all 
>>>>  
>>>> If you’ve had a look at the draft agenda (https://datatracker.ietf.org/meeting/105/agenda.html <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_meeting_105_agenda.html&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=3UI7WQmwfyz7h1buiVZOY8g7D6K8ARLSHXArn_PYUBc&e=>), we have a Writing Security Considerations tutorial on Sunday, which Linda Dunbar and I will be doing.
>>>>  
>>>> The idea is to get people writing drafts to know what they should do for a smooth interaction with us SecDir people.
>>>>  
>>>> The slides do not exist yet, but we have a rough outline on github: https://github.com/IETF-SAAG/SecurityConsiderationsTutorial <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_IETF-2DSAAG_SecurityConsiderationsTutorial&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=kMYyq9Tz5RZyqpaBjEPwSWYLw7P6jG9eqigfDeW1lNk&e=>
>>>>  
>>>> So if there’s missing or wrong stuff, we’d like to hear about it, preferably in the form of PRs.
>>>>  
>>>> But most of all, we’re looking for more examples in the examples page: https://github.com/IETF-SAAG/SecurityConsiderationsTutorial/blob/master/examples.md <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_IETF-2DSAAG_SecurityConsiderationsTutorial_blob_master_examples.md&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=f1H6brU-13lYu1_rTmpXv5fGU5dc258l1UXuaIrOX3Y&e=>
>>>>  
>>>> So any horror story, war story, stuff that’s terribly wrong, or even something that’s surprisingly right will be welcome.
>>>>  
>>>> Thanks in advance
>>>>  
>>>> Linda & Yoav
>>>>  
>>>> _______________________________________________
>>>> secdir mailing list
>>>> secdir@ietf.org <mailto:secdir@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/secdir <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_secdir&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=32H5KaerecFFfHL_RbK6_S3L5bwUE9K88_l69RYrvIQ&s=6b6SRPf-vkkPvj-FrX-q8rwRHE1RCF54pOHVFQAkkRQ&e=>
>>>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview <http://tools.ietf.org/area/sec/trac/wiki/SecDirReview>

v2.23.0 | Report a Bug | By Email