Re: [secdir] Secdir review of draft-herzog-static-ecdh-05

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 17 March 2011 02:36 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D0403A6A0D; Wed, 16 Mar 2011 19:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKYGk58UyZG0; Wed, 16 Mar 2011 19:36:19 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:21b:21ff:fe3a:3d50]) by core3.amsl.com (Postfix) with ESMTP id B45103A69F0; Wed, 16 Mar 2011 19:36:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 3FEFF3E4085; Thu, 17 Mar 2011 02:37:43 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1300329463; bh=nhqpg6XIODfi7K 2MedAMjZ7hSyFhFLFUbkmwhHlq+uo=; b=3+NJdUnUR7+UBRSY/fLmccaWwoTSnu Pd3UKypI/b9RE8u3BCKuOfAHgUTax3iteDHq7hP0VKznSwdaxgDpO8k56+LrL4Po rl2GO8dG1Rcvz/DEjUgjkDPWjHXjWrlTGB5HXTVb9CdEq6MjXq9vRX6WBU0gIegF PmCXhiLl5TxcfZaNDzdeTB/clvEgFzcw1WETU9EvYTPUfqRPgg/X/ldkLxjQZy2K p/j3ALd6IoyA9Lj7y0f/fbYGMrZZX2LQEEJvqwE5yvgDmXzuStJZvgAGVZfjmO7h Itpx3XU6Wuv7mUk+ELbCC0M5cJmSX6CtgtMsPW6EtNzOX9cUxNQPzPmw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id Nx2hwllNglg2; Thu, 17 Mar 2011 02:37:43 +0000 (GMT)
Received: from [10.87.48.6] (unknown [86.41.7.122]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id D13E63E4084; Thu, 17 Mar 2011 02:37:41 +0000 (GMT)
Message-ID: <4D8173F5.4000704@cs.tcd.ie>
Date: Thu, 17 Mar 2011 02:37:41 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8
MIME-Version: 1.0
To: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
References: <D858A225-D1D1-497D-BA40-A66D3F55AD57@cisco.com> <552BBAA9-712F-49B4-8A5F-C671C3817C05@ll.mit.edu> <AA323705-436C-4B71-8B51-D2CA9E4E140C@cisco.com> <47CF9528-81A1-49D7-8D4B-B1DCC136581E@ll.mit.edu> <3E69AF7B-D325-4FC5-A003-FEBA1997D67E@cisco.com> <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu> <BA430CB6-FA7D-4A56-82CF-B72F0857C586@cisco.com> <4D77E3AE.5060903@cs.tcd.ie> <E803BE14-36B6-40F1-9F66-D04E710C7C6A@ll.mit.edu> <4D780411.9060108@cs.tcd.ie> <7896C06F-C680-4794-9DB3-CDC84CA5579D@ll.mit.edu> <4D814E8B.5000809@ieca.com> <4D815774.6050301@cs.tcd.ie> <D0D0D483-E96E-41E6-B57B-7B6D3F482A00@ll.mit.edu>
In-Reply-To: <D0D0D483-E96E-41E6-B57B-7B6D3F482A00@ll.mit.edu>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "draft-herzog-static-ecdh@tools.ietf.org" <draft-herzog-static-ecdh@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2011 02:36:20 -0000

On 17/03/11 01:23, Herzog, Jonathan - 0668 - MITLL wrote:
> 
> I apologize-- when you mentioned this before, I thought you were merely curious about our motivations. I didn't realize that you were suggesting/requesting additional discussion of the topic in the Draft. But your point about this feature of static-static ECDH is well-taken. If you think that it would serve the reader for the document to discuss this, then it should clearly be discussed. I'm not exactly sure what the protocol is for making changes this close to the scheduled discussion, but we would be happy to add a paragraph to the Security Considerations along the lines of:
> 
> 
> "When two parties are communicating using static-static ECDH as described in this document, and either party's asymmetric keys have been centrally generated, it is possible for that party's central infrastructure to decrypt the communication (for application-layer network monitoring or filtering, for example). By way of contrast: were ephemeral-static ECDH to be used instead, such decryption would not be possible by the sender's infrastructure (though it would remain possible for the infrastructure of any recipient.)"
> 
> 
> Thoughts?

Looks fine to me. With an addition like that I'd have no
problem with this.

Formally, I guess just wait and see what the IESG say about
the doc and then update as appropriate. Adding a paragraph
like the above shouldn't be an issue in any event I'd say.

Thanks,
S.

> 
> On Mar 16, 2011, at 8:36 PM, Stephen Farrell wrote:
> 
>>
>> I had a quick look at the -06 version.
>>
>> It still doesn't call out what I think is the real functional
>> difference between static-static (s-s) and ephemeral-static (e-s)
>> which is that with centrally generated private values s-s allows
>> an outbound application layer gateway to decrypt and filter
>> traffic before it leaves the "key generating" domain. With e-s
>> and signing keys, which are the alternative, that is not possible.
>>
>> Some people would like exactly that as a feature. Others would
>> consider it anathema. I think this ought be explicitly called out
>> in the text so that someone who cares doesn't pick the scheme
>> the don't like by accident.
>>
>> S.
>>
>> On 16/03/11 23:58, Sean Turner wrote:
>>> On 3/10/11 4:02 PM, Herzog, Jonathan - 0668 - MITLL wrote:
>>>>
>>>> On Mar 9, 2011, at 5:49 PM, Stephen Farrell wrote:
>>>
>>> ..snip
>>>
>>>> Sean Turner has graciously agreed to step in and handle the IPR issues
>>>> of this draft, so I'll let him address this.
>>>
>>> I submitted a 3rd party IPR statement at 6pm.  I should have done it but
>>> forgot.  It's the same ol' Certicom IPR.  I submitted the same 3rd party
>>> earlier on another draft that mentioned EC algs.
>>>
>>> spt
>>>
> 
>