IETF Logo Mail Archive

Re: [secdir] SECDIR review of draft-ietf-ftpext2-hosts-02

Robert McMurray <robmcm@microsoft.com> Sat, 25 June 2011 01:48 UTC

Return-Path: <robmcm@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7009711E809C; Fri, 24 Jun 2011 18:48:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.105
X-Spam-Level:
X-Spam-Status: No, score=-6.105 tagged_above=-999 required=5 tests=[AWL=-0.638, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_RAND_6=2, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OO1qOObVM1m; Fri, 24 Jun 2011 18:48:03 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id 9482411E808E; Fri, 24 Jun 2011 18:48:03 -0700 (PDT)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (157.54.80.25) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 24 Jun 2011 18:48:03 -0700
Received: from DB3EHSOBE003.bigfish.com (157.54.51.112) by mail.microsoft.com (157.54.80.25) with Microsoft SMTP Server (TLS) id 14.1.289.8; Fri, 24 Jun 2011 18:48:02 -0700
Received: from mail39-db3-R.bigfish.com (10.3.81.250) by DB3EHSOBE003.bigfish.com (10.3.84.23) with Microsoft SMTP Server id 14.1.225.22; Sat, 25 Jun 2011 01:48:01 +0000
Received: from mail39-db3 (localhost.localdomain [127.0.0.1]) by mail39-db3-R.bigfish.com (Postfix) with ESMTP id C49101698072; Sat, 25 Jun 2011 01:48:00 +0000 (UTC)
X-SpamScore: -42
X-BigFish: PS-42(zz9371M111aL4015L103dK542M1dbaLzz1202h1082kzz1033IL8275bh8275dhz31h2a8h668h839h61h)
X-Spam-TCS-SCL: 0:0
X-Forefront-Antispam-Report: CIP:157.55.61.146; KIP:(null); UIP:(null); IPV:SKI; H:CH1PRD0302HT003.namprd03.prod.outlook.com; R:internal; EFV:INT
Received-SPF: softfail (mail39-db3: transitioning domain of microsoft.com does not designate 157.55.61.146 as permitted sender) client-ip=157.55.61.146; envelope-from=robmcm@microsoft.com; helo=CH1PRD0302HT003.namprd03.prod.outlook.com ; .outlook.com ;
Received: from mail39-db3 (localhost.localdomain [127.0.0.1]) by mail39-db3 (MessageSwitch) id 1308966480534982_3130; Sat, 25 Jun 2011 01:48:00 +0000 (UTC)
Received: from DB3EHSMHS003.bigfish.com (unknown [10.3.81.240]) by mail39-db3.bigfish.com (Postfix) with ESMTP id 7D63F110012; Sat, 25 Jun 2011 01:48:00 +0000 (UTC)
Received: from CH1PRD0302HT003.namprd03.prod.outlook.com (157.55.61.146) by DB3EHSMHS003.bigfish.com (10.3.87.103) with Microsoft SMTP Server (TLS) id 14.1.225.22; Sat, 25 Jun 2011 01:48:00 +0000
Received: from CH1PRD0302MB131.namprd03.prod.outlook.com ([169.254.11.234]) by CH1PRD0302HT003.namprd03.prod.outlook.com ([10.28.28.161]) with mapi id 14.01.0225.056; Sat, 25 Jun 2011 01:47:58 +0000
From: Robert McMurray <robmcm@microsoft.com>
To: "kathleen.moriarty@emc.com" <kathleen.moriarty@emc.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ftpext2-hosts.all@tools.ietf.org" <draft-ietf-ftpext2-hosts.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: SECDIR review of draft-ietf-ftpext2-hosts-02
Thread-Index: AcwyiBUFO2skqoQCSLqk+KSpXVMV4QADvEhgAAyN90AAAphKUA==
Date: Sat, 25 Jun 2011 01:47:58 +0000
Message-ID: <01AA9EC92749BF4894AC2B3039EA4A2C1949DC3F@CH1PRD0302MB131.namprd03.prod.outlook.com>
References: <AE31510960917D478171C79369B660FA0E0325300F@MX06A.corp.emc.com> <01AA9EC92749BF4894AC2B3039EA4A2C1949D137@CH1PRD0302MB131.namprd03.prod.outlook.com> <AE31510960917D478171C79369B660FA0E032531B8@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E032531B8@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.28.29.69]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: CH1PRD0302HT003.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%EMC.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%TOOLS.IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%HETHMON.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMAIL.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-OriginatorOrg: microsoft.com
X-CrossPremisesHeadersPromoted: TK5EX14HUBC104.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC104.redmond.corp.microsoft.com
Cc: "phethmon@hethmon.com" <phethmon@hethmon.com>, "anthonybryan@gmail.com" <anthonybryan@gmail.com>
Subject: Re: [secdir] SECDIR review of draft-ietf-ftpext2-hosts-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jun 2011 01:48:04 -0000

Thanks, Kathleen.

At the protocol level I am only concerned that the security environment is reset; how the environment is created and reset is implementation-specific. So my intention was to highlight as a security consideration that an implementer should be aware that they might have work to do in this scenario, but the details are up to them. With that in mind, what do you think of this rewording for that section?

"As discussed in section 3.3 of this document, a server implementation MAY treat a HOST command that was sent after a user has been authenticated as though a REIN command was sent. In this scenario, the server implementation SHOULD reset the authentication environment, as that would allow for segregation between the security environments for each virtual host on an FTP server. The implementation details for security environments may vary greatly based on the requirements of each server implementation and operating system, and those details are outside the scope of the protocol itself. For example, a virtual host "foo.example.com" on an FTP server might use a specific username and password list, while the virtual host "bar.example.com" on the same FTP server might use a different username and password list. In such a scenario, resetting the security environment is necessary for the virtual servers to appear to behave independently from a client perspective, while the actual server implementation details are irrelevant at the protocol level."

Thanks again!
Robert

-----Original Message-----
From: kathleen.moriarty@emc.com [mailto:kathleen.moriarty@emc.com] 
Sent: Friday, June 24, 2011 4:53 PM
To: Robert McMurray; secdir@ietf.org; draft-ietf-ftpext2-hosts.all@tools.ietf.org; iesg@ietf.org
Cc: phethmon@hethmon.com; anthonybryan@gmail.com
Subject: RE: SECDIR review of draft-ietf-ftpext2-hosts-02

Hi, Robert.

Thank you for making the updates.  I think the change for section 3.2 looks good, thanks!

As for the security considerations, the ADs may have an opinion here as well.  My thought process is that if you are concerned about the environment that the user authenticates into, wouldn't the environment itself be a concern as well?  The authentication consideration is to ensure the user gets authenticated into the right environment.  If there is no segregation available between environments, that would be a security consideration.  If that varies between OSes, that would be a consideration as well.  You might not have to detail it out, but it should be stated as a consideration as this may not be a solution possible in a number of use cases.

Thank you,
Kathleen

v2.23.0 | Report a Bug | By Email