IETF Logo Mail Archive

Re: [secdir] SECDIR Review of draft-ietf-qresync-rfc5162bis-10

Jeffrey Hutzelman <jhutz@cmu.edu> Fri, 14 February 2014 02:30 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B86721A0040 for <secdir@ietfa.amsl.com>; Thu, 13 Feb 2014 18:30:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gC374qIywTa7 for <secdir@ietfa.amsl.com>; Thu, 13 Feb 2014 18:30:53 -0800 (PST)
Received: from smtp03.srv.cs.cmu.edu (smtp03.srv.cs.cmu.edu [128.2.217.202]) by ietfa.amsl.com (Postfix) with ESMTP id F2B311A0016 for <secdir@ietf.org>; Thu, 13 Feb 2014 18:30:52 -0800 (PST)
Received: from [128.237.246.30] ([128.237.246.30]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id s1E2UnR8009326 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 13 Feb 2014 21:30:49 -0500 (EST)
Message-ID: <1392345049.4569.20.camel@destiny.pc.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Thu, 13 Feb 2014 21:30:49 -0500
In-Reply-To: <CAMm+LwjdmJ_c3dVApnuCzsB6VfY_qut2NN-Y=2OWPdLve=TN-w@mail.gmail.com>
References: <CAMm+LwhWJ2Csb0V3ymvULscfRuxDkuF11FRBbFv4Bt_2LqZFbQ@mail.gmail.com> <1392341826.4569.14.camel@destiny.pc.cs.cmu.edu> <CAMm+LwjdmJ_c3dVApnuCzsB6VfY_qut2NN-Y=2OWPdLve=TN-w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.4-0ubuntu1
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.202
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/ZbXNHahW3GzxkVP74RZlfqSzDh8
Cc: "secdir@ietf.org" <secdir@ietf.org>, jhutz@cmu.edu
Subject: Re: [secdir] SECDIR Review of draft-ietf-qresync-rfc5162bis-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 02:30:55 -0000

On Thu, 2014-02-13 at 21:20 -0500, Phillip Hallam-Baker wrote:

> There is a problem in that it does not state what the attack model is. It
> seems as if the attack model is limited to a passive attack.

Not at all.  It's just a 10+ year old document that doesn't spell things
out very well.

> If there is an active MITM attack, SSL will only provide protection if the
> server certificate is authenticated. Otherwise, passing the username and
> password enclair is problematic.

Indeed.  Section 11.1 goes into a fair amount of detail about verifying
the server hostname found in the certificate, but says nothing about
validation of the certificate itself.  This is an omission which I like
to think the IETF has been more careful about in more recent documents.

At the time, I think it was somehow assumed that if you used TLS then
_of course_ you would do certificate validation, and in fact probably
your TLS library would do it for you.  Again, these days I like to think
we know better.

In any case, if you think it's worth spending time on a better treatment
of security considerations for IMAP, feel free.  I have no time for
that, and Tero is breathing down my neck about old reviews I still
haven't done. :-(


-- Jeff

v2.23.0 | Report a Bug | By Email