Re: [secdir] [Sidrops] [Last-Call] Secdir last call review of draft-ietf-sidrops-signed-tal-15
Tom Harrison <tomh@apnic.net> Mon, 06 May 2024 11:10 UTC
Return-Path: <tomh@apnic.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35E5C14F61A; Mon, 6 May 2024 04:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_HTML_ATTACH=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2T7AORJe-KIu; Mon, 6 May 2024 04:10:02 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on2110.outbound.protection.outlook.com [40.107.108.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26950C14F616; Mon, 6 May 2024 04:10:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nn8i3d6aa7subO6w02SCG7FnsKwJVNa9ad9JA3sZtXcEbg+WncEPEfY7Y/32NHhyP35J0OSYI0f2wRVSOCS+jPKAFSjOd5iKJXlVLz94Rr7A5dmmg4+vRaWP4dE2w0AGJRcijCkynFhW2L58Gj8P2lMBNpXBcEKy/YpB7YQMoI3pzE1sqFyeV64XgqSNwgnwaGZ6uFk+Mz5E6THxlK5Sz3QEGo5EDbt2ugCAqWTrOat46grsZp4dkK3Ohw5IRVWOEVhDsfbFmAaQr8flsrOJisGqkAEijWE6zU4n1IPKgR0tsxCcvMxTlQyBqkssCg0znUEVJEMG7HzIdtmQ5bSO2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qqMQdbjoK4SCZM/ScEsf0fm3qIjk5bSaqZ8FGT7zdDE=; b=nMZeSGinMg5T77SYilpt3UCGpandUAySeP8dsFSrOmsYrjcVoRnnBJaxrEq8lKpFscH6taYm87Clp9fpagSLFwUr0I8tfevtbz70sArY6e1VwbR5snGn9MPQFZ8pMtCZswB6kwRhobOrMjUEi/VUdKVdy4Fb2FXuzhRQhe9mWo8CvXj9m3jr3Sgar9Kzco+oMe/mXJBzapUYbfFCMtHTTMKmqle1yPgNDgMmSP3Huc8+dO3YSIiwoQX092mMjNPQSUQkRxCN1sKjAcJh0W7gY8daqoGQzQ2KrLMAaT0lsz1kTJu7/HxXhY9Q6X0fnf/FduufiuBi/UHkB+a1f4A3RA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qqMQdbjoK4SCZM/ScEsf0fm3qIjk5bSaqZ8FGT7zdDE=; b=LqmagHTISGPAlj3tYrJrXiJWcE+TRMyuqDR8mTjO1xkClj2T8lIzh0F3PFxz/dz22cb44/otiL+anZZvMscijYI6WbYM40RX9zARg4i9y1nxE9pP4/igFLUkFQokXyzDPsJns/WVKXG3yUbUvin2CA4Vdahf/PC9oW5+2xCIwGs=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
Received: from SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:273::5) by ME3P282MB0706.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:86::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.42; Mon, 6 May 2024 11:09:56 +0000
Received: from SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM ([fe80::9551:44e2:c0cb:9c49]) by SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM ([fe80::9551:44e2:c0cb:9c49%7]) with mapi id 15.20.7386.017; Mon, 6 May 2024 11:09:56 +0000
Date: Mon, 06 May 2024 21:09:54 +1000
From: Tom Harrison <tomh@apnic.net>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: Job Snijders <job@fastly.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sidrops-signed-tal.all@ietf.org" <draft-ietf-sidrops-signed-tal.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <Zji6gmzOKHZ7FiSp@TomH-498551.lan>
Mail-Followup-To: Linda Dunbar <linda.dunbar@futurewei.com>, Job Snijders <job@fastly.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sidrops-signed-tal.all@ietf.org" <draft-ietf-sidrops-signed-tal.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
References: <171442952696.63549.6319326090085522331@ietfa.amsl.com> <ZjAhSFBTH9sNpl4I@snel> <CO1PR13MB492041CF3F54A4658AF94298851A2@CO1PR13MB4920.namprd13.prod.outlook.com>
Content-Type: multipart/mixed; boundary="k0bXIZtHuXtFDMjH"
Content-Disposition: inline
In-Reply-To: <CO1PR13MB492041CF3F54A4658AF94298851A2@CO1PR13MB4920.namprd13.prod.outlook.com>
X-ClientProxiedBy: SYCP282CA0008.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:80::20) To SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:273::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SY7P282MB4761:EE_|ME3P282MB0706:EE_
X-MS-Office365-Filtering-Correlation-Id: 48775009-389b-4438-bc7b-08dc6dbd0fa4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|366007|1800799015;
X-Microsoft-Antispam-Message-Info: 0ls0lMP02LwuKLHSJsXarkyTQdWRTD70Cqm8s+Bb9N0nDiOf+d/ieVa7Y72VSohVJ9pSIsZcQVqbwPfJoh7at9cPYS43EXhkqtU4kZXcaqKOs2PAsGpCh07G0MH65Br9cFfyTqz6y83zXXC1xJc+dso/+PHVdrCangeSGGgcX2cQAlyD34G3R+h5dnR4LxAg+jSEpjM1l6vhj9FF7GQWT0iel8SQj8qOXhQ/v+93iqlTVWgnhB4TV9DjU5ZSiizSPfPanU+WOHpWujtu4WgIdr+vvLBaVDAFKMjm5s2LclDE35hpnMd0000JxFLZE7rFbsE27Mv6U3m+Kfm5qZ5e964cEV6F7C4yri0CUUzmuO+cHGwfYPUNy692krJbLRvBAmJT4rqIomlr6yht9PYS2dHsyJ2KMBSi0/3HuN3iUdoLoK1ozpMWD1qFTL+NPhuQpZEI52lcKOXvd8tdxqprGBOBXei6A3iqCN7/LIqupiDI3U6W5irIXMUi0Z50a78Y9Bsn2b0iy28E8GmTV5PbPMvn6X4O8Gv9cYS05VTPWQRiv8mgaScBy8fcBvD/XpcsvTCX/lvN8m6MCJueGYo0SESiY83DnbTJKK2m1Sh56e/GbQU7A5hB5quWKGUnCQGI32PDT9fMEvCMQ4Wmkt8UpdzKTT46RRMDFqwV2lsbHf4TiQutLa31M5kVOCJ1aMHYoqCBFU1ytaCHmYH/dpeh+Bfr+nc0q11CXK5fbaf7+EbrKOkDrznMAX83/lCizEWfEJ7/tBMg9KQWc+bxPlWhZ3p6tqfY8t8S+oJVSTLNGAeaHy5g0hkiAz1/nSIVUKONXJP0/EJhHs4wAMxgDIysMkVQ+rAFa17358JuM+EgSsjmwgkNzT1SRHjwaY+1vCN7AB3EsC9eoYGd7pFJ/VklVimJJgBMu0EuTHCfdTxV4eIVfkmaPu3xmRfx6+p4Mf9O1zSdCIL6DHjUm7uOHmT/bgGAKtmyX11zOBCGkBnx/6guwuTRkGOM0vBqCU8jJ5iIGpKZg/nAUDKA5Br4NnxRFLw/43nDFLn7PQuwJ5NrId7mQRT608P6WK/KnSzHLEymS7xuv1Kw/JN8rt/hiAfrGWQTIsA8spew3ui2+nGPd8PO63SCQQo921NaBRkUWW7CSbufXCGnO2UrPLSGbRSDNhC6ujxYirdXTirSP4F7bgs=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: D92jRjI21j8S3blzQu7cA/OdU8SCBmdTHybZVMX1CpUz3gqlDIYCRBM+RV3uZjr5Z14oOlYyivLvpMJZ6NyfOPVQ2KBRZ9EyZtJJZ2xqYrNxavD+NOAaElgPALqr+9j1UkOdeAOapCMWGBig50MICMn5VcnS2LZOrZm+3JH7Rr3phGSCwvDofk3FrEcUr8uJPl/raT2ZVnZElCPQQnQuHGc8VC3fi1aVDAMP1wglhdEbwwlnFAGsoOT41wkfpSCngj/KA4C9zzYHLiowsTUkSYmoH+qJkbEfmEjYFKjwwGpGHTZ09pmKSd6R32iXK44VZIGqy2gbM2NKhwanzjCSe/46BM/ZJjZscBMcAkzIOT1SU0tr2ayEO5l0mGJOy2fbiS0mVGJatw/GBNgoSZRMU48QiJODk8gcCYSAbwJ2uqmbYyYWjGc5DRnfaMJXJZTFiw67ZHc0L7ilE/uIIfJkhpHHEeu0zIFPGrjPFa2jEoQiFYUjpUYqe81Mdb750WlD70IwzEQh5SE4ouF81TF5K8icn6+3PWkGMF2QQ2X57RPW3A8A+W2stNDSe78su12nbV2D1l4u9NSpK+FfBjH1AtiFfSGf7RIXI8DNpVEzn4R1sPMaqhfdzgHV5nrAA2ugzt8X087U6PQBgjuN71o/PSKBx0098beBsYtJT0nwH6ixiztbINIAVwbTl45NIjOOXqFdHfBCJV4FjrLw+dvqGmfqVTVWQMAFW9PN2auNHV8Hd+h1OuIA1cCKXyqld0tmh1boj3mXo8EHL+Fhk8i6vk4lu8FlrJ3H8zLgXYPZh8mywzazGhPG8v3Ut5KhNjlaaq57AsMt2cfYZqygWFmNYH5fMGKZK8K/s8gdSW4ndxCShoTXwOtwf6sw+R5mRaOXC3Dyny8LSdQ1nRriPgpC99vZrjt7sy0vyHpsqey0zw7jnwq5aODDQFFHM0Z2ugxspP11lBpVry4hG8Sc1riZ/npNob/x8i3vR4kH77CZvudSYFY3iII7Gt53FHA85RtzWeovY9FoOHWv9jUNYNtCDV08CBR48eUxClr9wywp7VP6sjEn5xpR3WfR0nXYcT7Fpu2B83L0zv7b+kGvRZsFZwIO8tQXTzgVraRIdq6SNBAi0nKrdJFw8fEs4JGVWe/3KbxhuZhMdOA/fvMO3oOwgklF6zgltWxWYDzZaYmIppIZOMuMKs53Kh0Okxm1PDARdtwfM9hKccfetq9R/esouIor3cZa3eQHpAHv9aLq89eJxoZMFYiHQLCZtaUKU/auraqroPSjhKODRn4tj8TCNuY82C2fF8xa1l15MfEEMQYqoTY1Bp4MMCnYtR4rz67WlnE85UVlxlRGXbruJgcfAipLL+9R0c4bPRXCyiUiUVol4hANcW5WYU6aMKrQDoU6rSs2rLH8qoSO9UZ2xfeG98qAMHpRbjLGuomEQVtUnTGmAqEIYE4txGj0ul3AtlzKF7CjHh7XPCj/I/WD8kjd63cSp3hWkLQqxHxyfBM+k3dWU1T379g7cE3kuLO+nBLwLmNpy9jGwgh1pQ04Xc0Rd+RxqKyQII9j+Db9GlWGWM7G0kHjVygty/dk46EVH85644a2LPjZcHvy4f3UjWruBqs9qGNL4iWZi0Vp5AobQEi5ALUDf8UuoKwdLfcZXmgQ
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 48775009-389b-4438-bc7b-08dc6dbd0fa4
X-MS-Exchange-CrossTenant-AuthSource: SY7P282MB4761.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 May 2024 11:09:56.2338 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: pDSCiK97la/PAXw5b6v6vG2drHykZlrBU9iCKeBjL+kW+Hg7fK/uLjpFaELfpWUZ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB0706
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/PxD4o8O86EtTv56qRDwtcbfQhLE>
Subject: Re: [secdir] [Sidrops] [Last-Call] Secdir last call review of draft-ietf-sidrops-signed-tal-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2024 11:10:07 -0000
Hi Linda, Thanks for this review. On Tue, Apr 30, 2024 at 06:46:47AM +0000, Linda Dunbar wrote: > Thanks for the explanation. It is nice to know that TAK is in > addition to the conventional methods (emails/website, etc.) > > See more comments below: > -----Original Message----- > From: Job Snijders <job@fastly.com> > Sent: Monday, April 29, 2024 3:38 PM > To: Linda Dunbar <linda.dunbar@futurewei.com> > Cc: secdir@ietf.org; draft-ietf-sidrops-signed-tal.all@ietf.org; last-call@ietf.org; sidrops@ietf.org > Subject: Re: [Last-Call] Secdir last call review of draft-ietf-sidrops-signed-tal-15 > > On Mon, Apr 29, 2024 at 03:25:26PM -0700, Linda Dunbar via Datatracker wrote: >> While this in-band notification allows for more dynamic management of >> keys and helps ensure RPs are aware of key rollovers, it introduces a >> single point of failure. > > TAK objects don't introduce a single point of failure. In fact, the > Signed TAL mechanism introduces *additional* means of communicating > updates about new TALs to the RP community (in addition to email, > websites, github pull requests, social media, etc) - with the > primary advantage that TAK object are signed with signatures > verifyable within the RPKI context itself. > > [Linda] It would be nice to add this sentence to the Security > Consideration. This content has been added to the security considerations. > Another question: What if those multiple methods are not consistent? If the TA is going through a transition, then so long as the RP gets either the current key or the new key through one of the available methods, then the RP will end up at the new key eventually, if it takes account of TAK objects in some way. Some text about this has been added to the security considerations. >> Suggest to add some description in the Security Consideration on what >> happens when the in-band mechanism is compromised. > > In the RPKI hierarchical context, a Trust Anchor is an authority for > which trust is assumed and not derived. "Assuming trust" means that > violation of that trust is out-of-scope for the threat model. The > relationship from the RP to the Trust Anchor and from there to the > Trust Anchor Key is one of such "assumed trust" arcs. > > The signed-tal draft does nothing to improve or worsen the situation > related to in-band mechanisms being compromised. TAK objects cannot > be used to repair compromised in-band mechanisms, nor prevent > compromise. > > Perhaps it is helpful to imagine the use-cases for TAK objects being > more in the mundane: facilitating a change of URLs, or a keyrollover > to a new cipher algorithm. > > [Linda] Yes, your explanation helps a lot. It would be nice to add > your explanation to the Security Consideration, This content has been added to the security considerations. Please see attached for an updated document and a HTML diff for the new changes. -Tom
- Re: [secdir] [Last-Call] Secdir last call review … Job Snijders
- [secdir] Secdir last call review of draft-ietf-si… Linda Dunbar via Datatracker
- Re: [secdir] [Last-Call] Secdir last call review … Linda Dunbar
- Re: [secdir] [Sidrops] [Last-Call] Secdir last ca… Tom Harrison
- [secdir] Re: [Sidrops] [Last-Call] Secdir last ca… Linda Dunbar