Re: [secdir] Secdir review of draft-herzog-static-ecdh-05

"Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu> Thu, 17 March 2011 01:22 UTC

Return-Path: <prvs=2057df9d48=jherzog@ll.mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E9AB03A69D8; Wed, 16 Mar 2011 18:22:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.847
X-Spam-Level:
X-Spam-Status: No, score=-5.847 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7mjaZAgKdRC; Wed, 16 Mar 2011 18:22:24 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by core3.amsl.com (Postfix) with ESMTP id A9C073A67EE; Wed, 16 Mar 2011 18:22:23 -0700 (PDT)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id p2H1NlXf007339; Wed, 16 Mar 2011 21:23:47 -0400
From: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 16 Mar 2011 21:23:47 -0400
Thread-Topic: [secdir] Secdir review of draft-herzog-static-ecdh-05
Thread-Index: AcvkQfavi+/BdygjQYWi3zsqrD4YyQ==
Message-ID: <D0D0D483-E96E-41E6-B57B-7B6D3F482A00@ll.mit.edu>
References: <D858A225-D1D1-497D-BA40-A66D3F55AD57@cisco.com> <552BBAA9-712F-49B4-8A5F-C671C3817C05@ll.mit.edu> <AA323705-436C-4B71-8B51-D2CA9E4E140C@cisco.com> <47CF9528-81A1-49D7-8D4B-B1DCC136581E@ll.mit.edu> <3E69AF7B-D325-4FC5-A003-FEBA1997D67E@cisco.com> <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu> <BA430CB6-FA7D-4A56-82CF-B72F0857C586@cisco.com> <4D77E3AE.5060903@cs.tcd.ie> <E803BE14-36B6-40F1-9F66-D04E710C7C6A@ll.mit.edu> <4D780411.9060108@cs.tcd.ie> <7896C06F-C680-4794-9DB3-CDC84CA5579D@ll.mit.edu> <4D814E8B.5000809@ieca.com> <4D815774.6050301@cs.tcd.ie>
In-Reply-To: <4D815774.6050301@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; boundary="Apple-Mail-125--104719926"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148, 0.0.0000 definitions=2011-03-17_01:2011-03-16, 2011-03-17, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-1012030000 definitions=main-1103160174
X-Mailman-Approved-At: Mon, 21 Mar 2011 08:27:18 -0700
Cc: "draft-herzog-static-ecdh@tools.ietf.org" <draft-herzog-static-ecdh@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2011 01:22:26 -0000

I apologize-- when you mentioned this before, I thought you were merely curious about our motivations. I didn't realize that you were suggesting/requesting additional discussion of the topic in the Draft. But your point about this feature of static-static ECDH is well-taken. If you think that it would serve the reader for the document to discuss this, then it should clearly be discussed. I'm not exactly sure what the protocol is for making changes this close to the scheduled discussion, but we would be happy to add a paragraph to the Security Considerations along the lines of:


"When two parties are communicating using static-static ECDH as described in this document, and either party's asymmetric keys have been centrally generated, it is possible for that party's central infrastructure to decrypt the communication (for application-layer network monitoring or filtering, for example). By way of contrast: were ephemeral-static ECDH to be used instead, such decryption would not be possible by the sender's infrastructure (though it would remain possible for the infrastructure of any recipient.)"


Thoughts?

On Mar 16, 2011, at 8:36 PM, Stephen Farrell wrote:

> 
> I had a quick look at the -06 version.
> 
> It still doesn't call out what I think is the real functional
> difference between static-static (s-s) and ephemeral-static (e-s)
> which is that with centrally generated private values s-s allows
> an outbound application layer gateway to decrypt and filter
> traffic before it leaves the "key generating" domain. With e-s
> and signing keys, which are the alternative, that is not possible.
> 
> Some people would like exactly that as a feature. Others would
> consider it anathema. I think this ought be explicitly called out
> in the text so that someone who cares doesn't pick the scheme
> the don't like by accident.
> 
> S.
> 
> On 16/03/11 23:58, Sean Turner wrote:
>> On 3/10/11 4:02 PM, Herzog, Jonathan - 0668 - MITLL wrote:
>>> 
>>> On Mar 9, 2011, at 5:49 PM, Stephen Farrell wrote:
>> 
>> ..snip
>> 
>>> Sean Turner has graciously agreed to step in and handle the IPR issues
>>> of this draft, so I'll let him address this.
>> 
>> I submitted a 3rd party IPR statement at 6pm.  I should have done it but
>> forgot.  It's the same ol' Certicom IPR.  I submitted the same 3rd party
>> earlier on another draft that mentioned EC algs.
>> 
>> spt
>> 


-- 
Jonathan Herzog							voice:  (781) 981-2356
Technical Staff							fax:    (781) 981-7687
Cyber Systems and Technology Group		email:  jherzog@ll.mit.edu
MIT Lincoln Laboratory               			www:    http://www.ll.mit.edu/CST/
244 Wood Street    
Lexington, MA 02420-9185