IETF Logo Mail Archive

Re: [secdir] review of draft-hollenbeck-rfc4933bis-02

"Polk, William T." <william.polk@nist.gov> Wed, 15 July 2009 18:36 UTC

Return-Path: <william.polk@nist.gov>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18CF53A6C0C; Wed, 15 Jul 2009 11:36:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.055
X-Spam-Level:
X-Spam-Status: No, score=-6.055 tagged_above=-999 required=5 tests=[AWL=0.543, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jZJ-dP2KUbH; Wed, 15 Jul 2009 11:36:09 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id EACD23A6AA4; Wed, 15 Jul 2009 11:36:07 -0700 (PDT)
Received: from WSXGHUB2.xchange.nist.gov (wsxghub2.nist.gov [129.6.18.19]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n6FHx7LA001209; Wed, 15 Jul 2009 13:59:07 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([2002:8106:1213::8106:1213]) with mapi; Wed, 15 Jul 2009 13:59:07 -0400
From: "Polk, William T." <william.polk@nist.gov>
To: Sandra Murphy <sandy@sparta.com>, "Hollenbeck, Scott" <shollenbeck@verisign.com>
Date: Wed, 15 Jul 2009 13:59:05 -0400
Thread-Topic: [secdir] review of draft-hollenbeck-rfc4933bis-02
Thread-Index: AcoFZXnEUGL5r6YURci2FQADJAXtMgAEHd0k
Message-ID: <C6839129.119DC%william.polk@nist.gov>
In-Reply-To: <Pine.WNT.4.64.0907151047510.4872@SANDYM-LT.columbia.ads.sparta.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C6839129119DCwilliampolknistgov_"
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: william.polk@nist.gov
X-Mailman-Approved-At: Wed, 15 Jul 2009 11:38:26 -0700
Cc: "iesg@ietf.org" <iesg@ietf.org>, Nicolas Williams <Nicolas.Williams@sun.com>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] review of draft-hollenbeck-rfc4933bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 18:36:14 -0000

I'm a little late to the party, but I have been quietly mulling over this problem as well.  Now that Sandy has explicitly asked for an AD to step in, I figured I should participate more actively.  I have also added Nico Williams to the CC list (my apologies, Nico) since channel bindings is really his area of expertise.

I think there is a real need for channel bindings with some applications of EPP, but may not always be strictly necessary in other cases.  For example, the e-Automation project for the administration of DNS root zone uses EPP but if I recall correctly most of the objects that are transferred are digitally signed objects.  In this case, channel bindings are perhaps less important since we aren't relying solely on the EPP authentication mechanism.  So, in my opinion we should encourage their use but should not require channel bindings.

However, if the application is relying on EPP in combination with transport for security, channel bindings would provide significantly enhanced security.  That says channel bindings deserves to be mentioned and a little guidance on (1) implementing channel bindings and (2) determining when channel bindings is required.  That begs a new question of course - where does this information go?

I am starting to believe that the security considerations section of 4930bis should note that enhanced security SHOULD be achieved through channel bindings unless the application involves digitally signed objects, and that the TLS usage section of 4934bis (section 9) should include a pointer to techniques for implementing channel bindings with TLS.  I am still mulling this over, and will probably not enter any discuss until tomorrow, but this seems the best approach.  (Hopefully Nico will weigh in before then and keep me straight on this one...)

Tim Polk


On 7/15/09 10:51 AM, "Sandra Murphy" <sandy@sparta.com> wrote:

(Note to all.  I sent multiple secdir related messages yesterday
afternoon, and they all were mangled or ultimately not delivered.  So this
is a repeat that some og the recipients may already have seen.
Apologies for the technology failure.)



On Tue, 7 Jul 2009, Scott Hollenbeck said:


>There was no follow-up, so I remain a little unsure of how to address
>the comment.  Similarly, I need a clarification to know if the text
>change suggested below is best made in 4933bis.

Yes, I am guilty of not following up.  I was unsure of my understanding
of channel binding issues, none of the other reviewers of the rfc493*
suite made any notice of the issue, and, as you note here, the
issue is really in the base spec, not 4933.  I just had no idea
what the right process would be, if any.

Subsequent discussion and review of material make me more confident
that there is, indeed, a channel binding issue here.

The question is what to do about it.  This is an established protocol.
Would a security considerations section in 4930bis that pointed out
that there's a MITM attack possible here, because of the lack of
channel binding, be sufficient?  Or would pointing to the sasl-gs2
work as a protection be mentioned?  suggested?  mandated?

I sure would love to see AD or subject matter experts weigh in here
on the technical and process aspects of this.

--Sandy

v2.23.0 | Report a Bug | By Email