Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-sidrops-signed-tal-15
Job Snijders <job@fastly.com> Mon, 29 April 2024 22:38 UTC
Return-Path: <job@fastly.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE870C151071 for <secdir@ietfa.amsl.com>; Mon, 29 Apr 2024 15:38:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnSZp5REqbBm for <secdir@ietfa.amsl.com>; Mon, 29 Apr 2024 15:38:04 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 911C5C151087 for <secdir@ietf.org>; Mon, 29 Apr 2024 15:38:04 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2db13ca0363so80552941fa.3 for <secdir@ietf.org>; Mon, 29 Apr 2024 15:38:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1714430282; x=1715035082; darn=ietf.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=dcE3wWS9X72KOHAX+BFHlCrq12GM16ud6zGYLzah3NA=; b=Js8QievIC7R8NaMQofItTWztQq/MbwC5aFjRzRabQYh8ZGLZWQ9iOVec+W5Y5MzceQ MWI0RX1Oar4FbtK0JXpSMW3vf1aRi+X0lEyfoU86rzjjaNYfb6BzsKHevUHvFWlO8el/ firWCKOveKGRoMzTVsWMm+AnfFeR2apaLNK2I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714430282; x=1715035082; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dcE3wWS9X72KOHAX+BFHlCrq12GM16ud6zGYLzah3NA=; b=XHo9Su0q+IXnllxoQwUWiCfUrr29EPwG4srcOHj52kEUg4duqUQNu3qZpY+etSBOYO VsOVO5htxzq72+XsPaToRydGgj4rCQqAVvuQrf8Snfz7LSb6Uz2dfHuNIreJfnAoT6WP 5QcZzZLdPHK63uKSftNIJP6OrQL0F20KnlfMf8fs6wkn9VjpaeVsx396QwEOx++E0WKX 5f89+LUEdC/a42bFOqnRCpEXft/IehKlri6Je/jpUsu2VnlKj7XeCSayw0KE5svJf2I4 MZ0xejxxJzMzm5Hd+kSamZ8Mw+20xudnI8xESHHTghxmg9PQYaqsNxNE+fFrwOr8KY+7 8H5g==
X-Gm-Message-State: AOJu0YxZvFqRWltppL4gCrpNMrhViy5tIo90U63XSEKXgI5KZowSCu05 +ppe6bVKDMj2RbH7PRNSXwXLLKDWT/+4s+6Ah/4fZ5VPWHAOXAODMNpgwkC07H0=
X-Google-Smtp-Source: AGHT+IEcl4hm9AV2Io2iC929r36OqRsksx2jWfvSuRvb6Kr5eDBPgdHOg0AS7uIpOwqRPheYGmn8vA==
X-Received: by 2002:a2e:9049:0:b0:2e0:da20:2502 with SMTP id n9-20020a2e9049000000b002e0da202502mr881733ljg.49.1714430282158; Mon, 29 Apr 2024 15:38:02 -0700 (PDT)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id a7-20020a170906670700b00a522bef9f06sm14309391ejp.181.2024.04.29.15.38.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 15:38:01 -0700 (PDT)
Date: Tue, 30 Apr 2024 00:38:00 +0200
From: Job Snijders <job@fastly.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: secdir@ietf.org, draft-ietf-sidrops-signed-tal.all@ietf.org, last-call@ietf.org, sidrops@ietf.org
Message-ID: <ZjAhSFBTH9sNpl4I@snel>
References: <171442952696.63549.6319326090085522331@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <171442952696.63549.6319326090085522331@ietfa.amsl.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YZ2p3vprfOUMDY-TregOplyDsPE>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-sidrops-signed-tal-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2024 22:38:09 -0000
Dear Linda, On Mon, Apr 29, 2024 at 03:25:26PM -0700, Linda Dunbar via Datatracker wrote: > Summary: This document introduces an in-band notification of Key > Updates for notifying RPs of the updates to a Trust Anchor Locator > (TAL) and distribution of TAL Data via TAK Objects. yes, that's a good summary. > While this in-band notification allows for more dynamic management of > keys and helps ensure RPs are aware of key rollovers, it introduces a > single point of failure. TAK objects don't introduce a single point of failure. In fact, the Signed TAL mechanism introduces *additional* means of communicating updates about new TALs to the RP community (in addition to email, websites, github pull requests, social media, etc) - with the primary advantage that TAK object are signed with signatures verifyable within the RPKI context itself. > Suggest to add some description in the Security Consideration on what > happens when the in-band mechanism is compromised. In the RPKI hierarchical context, a Trust Anchor is an authority for which trust is assumed and not derived. "Assuming trust" means that violation of that trust is out-of-scope for the threat model. The relationship from the RP to the Trust Anchor and from there to the Trust Anchor Key is one of such "assumed trust" arcs. The signed-tal draft does nothing to improve or worsen the situation related to in-band mechanisms being compromised. TAK objects cannot be used to repair compromised in-band mechanisms, nor prevent compromise. Perhaps it is helpful to imagine the use-cases for TAK objects being more in the mundane: facilitating a change of URLs, or a keyrollover to a new cipher algorithm. Hope this clarifies a bit! Kind regards, Job
- Re: [secdir] [Last-Call] Secdir last call review … Job Snijders
- [secdir] Secdir last call review of draft-ietf-si… Linda Dunbar via Datatracker
- Re: [secdir] [Last-Call] Secdir last call review … Linda Dunbar
- Re: [secdir] [Sidrops] [Last-Call] Secdir last ca… Tom Harrison
- [secdir] Re: [Sidrops] [Last-Call] Secdir last ca… Linda Dunbar