IETF Logo Mail Archive

Re: [secdir] Writing Security Considerations

Yoav Nir <ynir.ietf@gmail.com> Thu, 27 June 2019 04:33 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83710120137 for <secdir@ietfa.amsl.com>; Wed, 26 Jun 2019 21:33:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNhKdliSPZpE for <secdir@ietfa.amsl.com>; Wed, 26 Jun 2019 21:33:13 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0690A120124 for <secdir@ietf.org>; Wed, 26 Jun 2019 21:33:13 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id n9so819319wru.0 for <secdir@ietf.org>; Wed, 26 Jun 2019 21:33:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=51UdQdPrDtJ6sT4XNqFRvs2IWMfAazYtlzE/2fArwhg=; b=PnngcTrczy1vbFhLYAikWLt4SZonZMoFTdpSrh0Gb9r2vd9cAPl3I3xaBY8kwtbRsH kfX6Vb38qEtKVzaH5blVDiqodo9Sumb7V3TJJkEoNax+Je3/k97l+yp+FbWPKlbBengQ ttNLW4Qe5F4xVv+JBeMfO2lWZ014s+WlF2RD4iXBw8gne9YriyizoytUBErSK/kUgELq nQP9HyflzN3AskjQwzJEJXr9Tnr7SZgKOPCkAZjPH5EuEAXnsKS8DHBxXoF5M0IDUVM2 ELK3+V/i8iQP0OTddowY9bRxFjtYNFUr5HsrtzMztJ7CwzuDXGM840pIPr+27jEqmwWo rVCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=51UdQdPrDtJ6sT4XNqFRvs2IWMfAazYtlzE/2fArwhg=; b=WudNiUvhKgrU26nQVf3zAnkXNmrzF91kS2F+87FcQe7Sg63yQMAA1hYBRQPUNpsgtP 2JV7wuHWJRqvoZ+TmB6MgLj+iLaE88bGn8T51RxQSyjnuK4h4MMq74i0WTeAgXB92suJ IvbvPgFQibX7SePTM0AH2jLWeWjtu8JkISWvUr3N6L3i6ibeTNRppx4E/+VpNpRXMk5t qLV2VaJo38HfVDiXekHYkyUADjPYWmSyEHzqNpqgJPyXiQxfyAk7pzw62+aMmTayfHHF HFW6WZzzV/5E5TEXafN3Cg2FnJqq8PJ6oIRuk7+qmPmGQptHUYwt43qo2Ocdiajmd4zw 5e3A==
X-Gm-Message-State: APjAAAVu89VE41g+DeV55V/wNQI73ike2dFwnBUpPTMYYw5BOODjvvxD HJnALymsXiQVDvG4/4KC1jo=
X-Google-Smtp-Source: APXvYqx4Q2FhZ4y2XaP9oYEAfkSDNZKzOVZ31C5ViymLgwh1IhsyUmyPVTEJghQxqdQCM74c69cUrg==
X-Received: by 2002:a5d:46ce:: with SMTP id g14mr1122963wrs.203.1561609991475; Wed, 26 Jun 2019 21:33:11 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id y133sm6375310wmg.5.2019.06.26.21.33.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Jun 2019 21:33:10 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <558A448D-E5EE-4E3C-9B0A-F5B5490E793C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6199880D-63AD-4E63-85A2-12A1FB935BE5"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 27 Jun 2019 07:33:07 +0300
In-Reply-To: <421EA63E-CD5F-4BCC-AA24-3BDBD7182B24@inria.fr>
Cc: secdir <secdir@ietf.org>
To: Vincent Roca <vincent.roca@inria.fr>
References: <AB6D23B6-C4F2-466B-8DE2-75CF6FD6EF8A@gmail.com> <421EA63E-CD5F-4BCC-AA24-3BDBD7182B24@inria.fr>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dpfKjZ9hbq_rQRTgpFr0YSFr3L8>
Subject: Re: [secdir] Writing Security Considerations
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 04:33:16 -0000

Hi, Vincent.

Thanks, but I don’t know what kind of lesson there is in this for the general RFC-writing audience.

Always call out when you have internal length fields because that can be done dangerously in C?

I think mis-handling length fields has been an issue with protocols as long as protocols have been implemented.

Yoav

> On 26 Jun 2019, at 9:57, Vincent Roca <vincent.roca@inria.fr> wrote:
> 
> Hello Yoav and Linda,
> 
> Good initiative.
> 
> Since you’re looking for stories, here is a proposal, rooted in real life.
> RFC6520 (https://tools.ietf.org/html/rfc6520 <https://tools.ietf.org/html/rfc6520>) on TLS heartbeat extension has a pretty simple security considerations section: it says 
> it does not introduce any new security consideration and it refers to two existing RFCs.
> 
> We all know this TLS heartbeat extension has been the cause of the famous heartbleed OpenSSL vulnerability and associated attack.
> Of course the major problem comes from an erroneous implementation of the mechanism in OpenSSL:
> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 <https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3>
> 
> The goal is not to blame anybody in person, especially as the RFC describes what should be done to prevent any problem.
> But I also think this is a document where we all (i.e., authors/secdir/IESG) should have highlighted the associated risk of badly
> implementing the response message in the Security Considerations section. As always in such a situation, it’s easier to say afterwards!
> 
> I think there is a way to say that in a positive way (lessons learned) and tell an interesting story many people heard about without knowing
> the details.
> 
> Cheers,
> 
>   Vincent
> 
> 
>> Le 25 juin 2019 à 20:57, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> a écrit :
>> 
>> Hi, all
>> 
>> If you’ve had a look at the draft agenda (https://datatracker.ietf.org/meeting/105/agenda.html <https://datatracker.ietf.org/meeting/105/agenda.html>), we have a Writing Security Considerations tutorial on Sunday, which Linda Dunbar and I will be doing.
>> 
>> The idea is to get people writing drafts to know what they should do for a smooth interaction with us SecDir people.
>> 
>> The slides do not exist yet, but we have a rough outline on github: https://github.com/IETF-SAAG/SecurityConsiderationsTutorial <https://github.com/IETF-SAAG/SecurityConsiderationsTutorial>
>> 
>> So if there’s missing or wrong stuff, we’d like to hear about it, preferably in the form of PRs.
>> 
>> But most of all, we’re looking for more examples in the examples page: https://github.com/IETF-SAAG/SecurityConsiderationsTutorial/blob/master/examples.md <https://github.com/IETF-SAAG/SecurityConsiderationsTutorial/blob/master/examples.md>
>> 
>> So any horror story, war story, stuff that’s terribly wrong, or even something that’s surprisingly right will be welcome.
>> 
>> Thanks in advance
>> 
>> Linda & Yoav
>> 
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org <mailto:secdir@ietf.org>
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>

v2.23.0 | Report a Bug | By Email