[secdir] Security review of draft-levine-herkula-oneclick-05

Ben Laurie <benl@google.com> Sun, 18 September 2016 16:07 UTC

Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9E97C12B125 for <secdir@ietfa.amsl.com>; Sun, 18 Sep 2016 09:07:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.317
X-Spam-Status: No, score=-4.317 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id KS74EqJsMYTn for <secdir@ietfa.amsl.com>; Sun, 18 Sep 2016 09:07:22 -0700 (PDT)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 300A612B124 for <secdir@ietf.org>; Sun, 18 Sep 2016 09:07:22 -0700 (PDT)
Received: by mail-yb0-x233.google.com with SMTP id d69so68776609ybf.2 for <secdir@ietf.org>; Sun, 18 Sep 2016 09:07:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=rJbNRffbDPpkUJwajpDO1oB+R2BJxt77OcdBnFDS5q8=; b=Y5PdNg/AI+Q13qx4oaqrJ/PHfbiste+ZE0DsxHIqkd7YaoHmwSuTNfiMPqHt7Pmh2o mfafUgZ6UrItJYm/uXEcSNxFjpPmCkT0IA/crEb3tZGKMl/R6k0GWgQleWb7wUoGPluv NLdKTFPL33yVtsiH9ZuoMgZwsRsZDNMpS1aJMKCVZfksU1NkTMIGhqufex9HrcW4NQIw 3gCkG8wRzzvl/Mw2GIBMPo8JLb55p2p2RJPBLda7EaBdJj+QSKX+aCtRivtQ0vF8yFiF IMG9mG0p3OhHrnq+aqUgfDnO3/Ax7uC3zLJtXbM92OEL5MZ3tdG/tgeAKdCQy+0ONlNO HGJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rJbNRffbDPpkUJwajpDO1oB+R2BJxt77OcdBnFDS5q8=; b=DW4Duq+tYqPEkHE2p+t7PzrFsrMZ1hvyhYC5e+ty3yjKtxjlski1ZsQhyQLglKSrW2 HUuI841ljXohXpBppXPaL0SkZMZ+A3iHJkNrliOdKF2CnyPqhfuA3+GDdr91ka8DDqSg qK+8sD3pUMiBW/nW7rk0zVS/GvBB0y1hq8vOIZkPqHFbQfswwTbNRrdM1HHE6d3xjIoh SKYbhwNAWgUHhhbLKE60u3froi1uYl8OQnUsJS2dqQn8iqlJF1gFLzd702jkWz5km5lG rvwZowCl5eihFJA2c6/VV58vC41NBr9ePChWnlVBG/n3KtDu+xzimTMMngyFSQ9HiS3t HB4g==
X-Gm-Message-State: AE9vXwPCD4pvxbc5zc6RIaGmG9r+WcoNUQcysUkmg+CwBHceTkGXuzpMM+egNiEDGVyakRHGnhoU7VVaP4vjDrc+
X-Received: by with SMTP id l204mr21914460ybc.124.1474214841203; Sun, 18 Sep 2016 09:07:21 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sun, 18 Sep 2016 09:07:20 -0700 (PDT)
From: Ben Laurie <benl@google.com>
Date: Sun, 18 Sep 2016 17:07:20 +0100
Message-ID: <CABrd9SQt9K+78WOm9aO_fObrvThKCVKyXAVF6WVmm=bN8c9bvw@mail.gmail.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-levine-herkula-oneclick.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/P1BBiMYa2PyxtJTppUsp9xpx9u8>
Subject: [secdir] Security review of draft-levine-herkula-oneclick-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2016 16:07:23 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Status: ready with issues.

Broadly speaking, all seems fine with this draft, except the advice
given for making the header non-forgeable is weak.

"The URI and POST arguments SHOULD include a hard to forge component
such as a hash in addition to or instead of the plain-text names of
the list and the subscriber."

Hashes are not inherently hard to forge, they need to be combined with
a secret of some kind. Also, using a plain hash is error-prone. So
better advice would be something along the lines of

"The URI and POST arguments SHOULD include a hard to forge component
such as an HMAC (RFC 2104) of the other components, using a secret
key, in addition to or instead of the plain-text names of the list and
the subscriber."

Although its kinda obvious, you should probably also say that the
server SHOULD verify this HMAC.

Finally, since the URI argument is the subject of an existing RFC
(2369) that RFC should probably be updated to include this advice.