Re: [secdir] Recurring issues found during sec review
Paul Wouters <paul@nohats.ca> Tue, 23 July 2019 15:33 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9E5120423 for <secdir@ietfa.amsl.com>; Tue, 23 Jul 2019 08:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3O_Syzgc4RmD for <secdir@ietfa.amsl.com>; Tue, 23 Jul 2019 08:33:25 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D6D5120383 for <secdir@ietf.org>; Tue, 23 Jul 2019 08:33:25 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45tMv64jdTz5B7 for <secdir@ietf.org>; Tue, 23 Jul 2019 17:33:22 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1563896002; bh=p/NBWZxQgZIOdosWYC9R3x7X+m/y5HZ/yq5CzXhpGRQ=; h=Date:From:To:Subject:In-Reply-To:References; b=kuymZWXsJaDTJGnISlL5K/5D3MxK7sFYXSJ7xfxFvgPyd6O1Fz1+nbpDmExU8xQlZ fY3JQNzsg08aHyldPpHyDJLpYWLDZcAuZHWTxqHfPFt/7Ul0TX9UbSvxqFPsWAIV7A 0P+3HwFDKI9f3k9VWvVTUAdEDmhf1o6vZ8bb0JaA=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id RY0pfW2uB_P1 for <secdir@ietf.org>; Tue, 23 Jul 2019 17:33:20 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <secdir@ietf.org>; Tue, 23 Jul 2019 17:33:19 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 9D4943159D2; Tue, 23 Jul 2019 11:33:18 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 9D4943159D2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 96A4B406FE60 for <secdir@ietf.org>; Tue, 23 Jul 2019 11:33:18 -0400 (EDT)
Date: Tue, 23 Jul 2019 11:33:18 -0400
From: Paul Wouters <paul@nohats.ca>
To: secdir <secdir@ietf.org>
In-Reply-To: <14187E3B-4436-406E-A2D6-7A514CD95925@akamai.com>
Message-ID: <alpine.LRH.2.21.1907231120530.16355@bofh.nohats.ca>
References: <359EC4B99E040048A7131E0F4E113AFC01B33E17EA@marchand> <BAB87450-CF8C-4AB2-89C6-1578C4E8C273@deployingradius.com> <alpine.LRH.2.21.1907231009140.16355@bofh.nohats.ca> <4210BF08-7564-4F9B-9E3D-2902B0351707@deployingradius.com> <14187E3B-4436-406E-A2D6-7A514CD95925@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dV8od-7qDRldHiqQJ4kTHNOXVU8>
Subject: Re: [secdir] Recurring issues found during sec review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 15:33:37 -0000
On Tue, 23 Jul 2019, Salz, Rich wrote: > > That is, every MUST should have an obvious action for when it is > > violated. > > That's a good phrasing. > > I strongly disagree. It turns every MUST into something that only the recipient must act on. Unless it is MUST ignore ? > The burden of the protocol should be on both sides to act correctly Indeed, the document would already state not to send malformed data. But the responder/server will be the endpoint dealing with those violations. > , and one side should not be constrained to behave a particular way if the counter-party misbehaves. Another reason against this is that it tends to result in naïve behavior such as oracles or "name not found" being distinguished from "wrong password" I think we are not saying different things. If the action of a MUST is not obvious (eg drop packet), and there are security issues into giving too specific error codes as the example you bring up, it is precisely why the document should tell you what to do. I'm not saying every MUST must have a specific and immediate sentence following saying what to do. For example, IKEv2 has a very limited set of error codes specifically to cover your concern here. INVALID_SYNTAX, AUTHENTICATION_FAILED and NO_PROPOSAL_CHOSEN. With the latter one being the kitchen sink of errors. Paul
- [secdir] Recurring issues found during sec review Roman Danyliw
- Re: [secdir] Recurring issues found during sec re… Alan DeKok
- Re: [secdir] Recurring issues found during sec re… Paul Wouters
- Re: [secdir] Recurring issues found during sec re… Russ Housley
- Re: [secdir] Recurring issues found during sec re… Alan DeKok
- Re: [secdir] Recurring issues found during sec re… Salz, Rich
- Re: [secdir] Recurring issues found during sec re… Paul Wouters
- Re: [secdir] Recurring issues found during sec re… Salz, Rich
- Re: [secdir] Recurring issues found during sec re… Alan DeKok