IETF Logo Mail Archive

Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12

"tom.petch" <cfinss@dial.pipex.com> Fri, 08 May 2009 17:57 UTC

Return-Path: <cfinss@dial.pipex.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F9123A6DB9; Fri, 8 May 2009 10:57:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[AWL=0.499, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kvk2KI+YgHvU; Fri, 8 May 2009 10:57:18 -0700 (PDT)
Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by core3.amsl.com (Postfix) with ESMTP id 41AE33A6C68; Fri, 8 May 2009 10:57:18 -0700 (PDT)
X-Trace: 101204951/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.19.61/None/cfinss@dial.pipex.com
X-SBRS: None
X-RemoteIP: 62.188.19.61
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-SMTP-AUTH:
X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtYEAP8PBEo+vBM9/2dsb2JhbACDKEyKYsJBB4N2BQ
X-IronPort-AV: E=Sophos;i="4.40,318,1238972400"; d="scan'208";a="101204951"
X-IP-Direction: IN
Received: from 1cust61.tnt2.lnd3.gbr.da.uu.net (HELO allison) ([62.188.19.61]) by smtp.pipex.tiscali.co.uk with SMTP; 08 May 2009 18:57:44 +0100
Message-ID: <007f01c9cffe$0aa68da0$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: Barry Leiba <barryleiba@computer.org>
References: <6c9fcc2a0905021333j3dd58821v4726af092e30c1c1@mail.gmail.com><200905051750.n45HorPw023985@mx02.srv.cs.cmu.edu><0FBA56D16F71437450BC2779@minbar.fac.cs.cmu.edu><06a701c9cdb7$aed00f30$0600a8c0@china.huawei.com> <9abf48a60905051303h1543f323u1a8e3679445384f6@mail.gmail.com>
Date: Fri, 08 May 2009 18:56:27 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailman-Approved-At: Mon, 11 May 2009 00:03:35 -0700
Cc: isms@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [Isms] secdir reviewofdraft-ietf-isms-transport-security-model-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2009 17:57:19 -0000

----- Original Message -----
From: "Barry Leiba" <barryleiba@computer.org>
To: "David B Harrington" <dbharrington@comcast.net>
Cc: <isms@ietf.org>; <iesg@ietf.org>; <isms-chairs@tools.ietf.org>;
<secdir@ietf.org>
Sent: Tuesday, May 05, 2009 10:03 PM

> > That is a deployment decision made by an administrator who has an
> > understanding of what is appropriate to the system in question.
> >
> > What is the correct non-RFC2119 phrase in which to couch our
> > deployment advice?
>
> Well, this would make me happy; would it work for you (and others)?:
>
> OLD:
>    by the RFC 3411 architecture.  However, the Transport Security Model
>    does not provide security mechanisms such as authentication and
>    encryption itself, so it SHOULD always be used with a Transport Model
>    that provides appropriate security.  Which threats are addressed and
>    how they are mitigated depends on the Transport Model.
>
> NEW:
>    by the RFC 3411 architecture.  However, the Transport Security Model
>    does not provide security mechanisms such as authentication and
>    encryption itself, so it MUST always be used with a Transport Model
>    that provides appropriate security.  What is "appropriate" for a particular
>    deployment is an administrative decision.  Which threats are addressed
>    and how they are mitigated depends on the Transport Model.

I have reservations about this, about the optimism that it may generate in
readers.

The idea of Models in SNMP is to be able to mix and match.  In practice, this
has not worked - USM with sshTM will not function, regardless of whether it is
secure or not.  Do not underestimate the labour it has taken to get TSM working
with sshTM.

If we have got TSM right, then it will work with eg TLSTM or DTLSTM, an idea
that is being mooted now.  But it may not.  In a similar vein, I am mindful that
ssh just hit problems with AES-GCM, that the architecture of ssh does not allow
for this new cryptography or that the discussions leading to TLS 1.2 of how to
introduce (or not) algorithm agility, just as SNMP has problems (and has given
up) trying to use USM with sshTM.

Thus TLS has session cache and resumption. Will that work with TSM? I do not
know - and as it has taken the last two years to come up with an agreed form of
words that allows just TSM to work with just sshTM, so I am not going
to try and work out the ramifications of TLSTM just yet:-(  We may find we got
TSM wrong and that it needs changing.

Or we may have another secure Transport Model that turns out to be insecure with
TSM and needs an xSM to make it secure.  The proposed amendment seems to me
rather optimistic.

Tom Petch

> Barry
> _______________________________________________
> Isms mailing list
> Isms@ietf.org
> https://www.ietf.org/mailman/listinfo/isms

v2.31.3 | Report a Bug | By Email | System Status