Re: [secdir] Recurring issues found during sec review

"Salz, Rich" <rsalz@akamai.com> Tue, 23 July 2019 15:15 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F7C120134 for <secdir@ietfa.amsl.com>; Tue, 23 Jul 2019 08:15:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duZgDq-_PFUO for <secdir@ietfa.amsl.com>; Tue, 23 Jul 2019 08:15:53 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A96912022B for <secdir@ietf.org>; Tue, 23 Jul 2019 08:15:53 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x6NF7Q98021461; Tue, 23 Jul 2019 16:15:45 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=BdpprmYr3sqUjfnIs0qItuTJofEf+GayumepIQ9GyLM=; b=U84fWvGVGccIWxg05aYjecSvhHJqNtHC/O8dnIP1llUWgWWIHATX4ndarAizvk0lhGMj XGIaHjs7hi5Yhh56R1+kx+smtF1rxTPHFpmdTBsTbDVUSepT/88C9lrmqe0B3vSh7+Mi A32rJuhRb5q/iioGylOHiWrYz6qBp2XdZzbFOh/Ahj/5CBio9w/5ieM9vcLqSUDbOABw BqBhvtdg8YKPRjblKrxBoqBT3++ouquSMyFVGG0y5Lcu7CfSVQg3A1E2OCgW9gfP/Nmw sFC0/hQh4TA6tQYkYYowuCKz9FxPQvjl/wORIdSVV74TKS+1yJux1Qz16x7xRI4zI082 Sg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2twkv9b6yp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Jul 2019 16:15:45 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x6NF21GB005043; Tue, 23 Jul 2019 11:15:44 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 2twkjh46ue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jul 2019 11:15:43 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 11:15:43 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Tue, 23 Jul 2019 11:15:43 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Alan DeKok <aland@deployingradius.com>, Paul Wouters <paul@nohats.ca>
CC: secdir <secdir@ietf.org>
Thread-Topic: [secdir] Recurring issues found during sec review
Thread-Index: AdVBXOvbIZa03j1BSj2dTFwg8FntWAAJKEuAAAA4B4AAAcnEgP//v9MA
Date: Tue, 23 Jul 2019 15:15:42 +0000
Message-ID: <14187E3B-4436-406E-A2D6-7A514CD95925@akamai.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B33E17EA@marchand> <BAB87450-CF8C-4AB2-89C6-1578C4E8C273@deployingradius.com> <alpine.LRH.2.21.1907231009140.16355@bofh.nohats.ca> <4210BF08-7564-4F9B-9E3D-2902B0351707@deployingradius.com>
In-Reply-To: <4210BF08-7564-4F9B-9E3D-2902B0351707@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.34.217]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C7E10BB57680C744B19C9B1BA4D04269@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-23_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=856 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907230150
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-07-23_06:2019-07-23,2019-07-23 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 mlxscore=0 priorityscore=1501 impostorscore=0 mlxlogscore=831 bulkscore=0 suspectscore=0 adultscore=0 clxscore=1011 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1904300001 definitions=main-1907230152
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/cEQQaT7h7258y5rQwtf3sfVwhcI>
Subject: Re: [secdir] Recurring issues found during sec review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 15:15:56 -0000

    > That is, every MUST should have an obvious action for when it is
    > violated.
    
      That's a good phrasing.

I strongly disagree.  It turns every MUST into something that only the recipient must act on.  The burden of the protocol should be on both sides to act correctly, and one side should not be constrained to behave a particular way if the counter-party misbehaves. Another reason against this is that it tends to result in naïve behavior such as oracles or "name not found" being distinguished from "wrong password"