Re: [secdir] Secdir early review of draft-ietf-taps-interface-13
Sean Turner <sean@sn3rd.com> Thu, 09 December 2021 05:14 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06D4B3A0E49 for <secdir@ietfa.amsl.com>; Wed, 8 Dec 2021 21:14:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1EteRsnUyr6 for <secdir@ietfa.amsl.com>; Wed, 8 Dec 2021 21:14:08 -0800 (PST)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09EBD3A0E4A for <secdir@ietf.org>; Wed, 8 Dec 2021 21:14:07 -0800 (PST)
Received: by mail-qt1-x836.google.com with SMTP id t11so4338028qtw.3 for <secdir@ietf.org>; Wed, 08 Dec 2021 21:14:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7d1Fr5OPGHl6B85vKafkJKyJRdDbNzrCgNoWlno9DOk=; b=KYzcLIcX5rCzct2qz0VJs9wNSZ0ZrPWKm83ay/FJWL7gK21TVmQoqOr1gxF3+EGIdy 4DaC929RROsq7nfRaO7o9N0QvCUxn5SfMzcEqWzVEyzCaY+m4+D0V67+frTNgkBYIivT f+xcG2dWzxq7T+BmEtnu8Ga/oqgks65vpHxsQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7d1Fr5OPGHl6B85vKafkJKyJRdDbNzrCgNoWlno9DOk=; b=6LeAvpSpja1bddCWT8kvOQsqL4vBxB79yn/1bPmuRQv9AgGyp2pT3mqalCxcNfMjSu R1Ao1VK4/tKJdxO937AI+dpFD8k53Vql2STpWbmeLdR3NC1UB+B2aw3lAjUmLx2d1Uxe RcSRH+y3wQNRd0JSFwkd3MOJXpcuWkIXre9GNw4y6rXFm6IHzzPcldJ8ibmX5K3+nC7/ nwArRiBa9BiAwXg9U/XVeQdqu0P6PYhw4zeS1KGA3Ksu/Ema+9E4yWQwgYltUSKrrIpF dYIT9crwdYuPLEkjg2vfxhGltCnW6Jo7sehOKTg3koTy6pKxyCsPtabHnzy7x1SLWzVm yIAw==
X-Gm-Message-State: AOAM533k6spx8HhV9RsDQ90I6C8whMZ6YbpZTmzpyuOWt26JVbG8WHaY 46083IEN1qYTPsVgZHkE8cYdEGUz3sBbdQ==
X-Google-Smtp-Source: ABdhPJyGYBCNi/3aXiSPCHhgsYFkbRyKzfZvmLUz7E+Z0LqrT6alwQatgqUspWsi7Gug2UxfBsbA2w==
X-Received: by 2002:a05:622a:11c9:: with SMTP id n9mr14289189qtk.385.1639026845635; Wed, 08 Dec 2021 21:14:05 -0800 (PST)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id i23sm2406372qkl.101.2021.12.08.21.14.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Dec 2021 21:14:04 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <163469775639.5436.17223656477070371812@ietfa.amsl.com>
Date: Thu, 09 Dec 2021 00:14:03 -0500
Cc: secdir@ietf.org, taps@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DAB0D80E-7388-475D-A72F-6CA5928D8547@sn3rd.com>
References: <163469775639.5436.17223656477070371812@ietfa.amsl.com>
To: draft-ietf-taps-interface.all@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/eg1freo1kVMj3nAg-iXKqOO8u-E>
Subject: Re: [secdir] Secdir early review of draft-ietf-taps-interface-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 05:14:13 -0000
I went ahead and submitted Issues/PRs for these. Note that some were addressed by other merged PRs, some I reconsidered and withdrew as comments, and some I revised after re-reading them. And, I came up with a new one about whether the PSK modes need to be included in s6.3.1: https://github.com/ietf-tapswg/api-drafts/issues/999 Cheers, spt > On Oct 19, 2021, at 22:42, Sean Turner via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Sean Turner > Review result: Has Issues > > This is an early sector review. Based on the ARTART early reviews of this I-D > and the -arch I-D, there is no doubt going to need to be another review after > the authors get done restructuring both I-Ds. > > BTW: Theresa thank you for the heads up about that restructuring. It forced me > to read the -arch and -impl I-Ds, but that probably helped me not make silly > requests of the authors/WG. > > tl;dr: I picked "has issues" knowing there is a rewrite on the way and I would > like to reserve final judgement until then. > > I apologize upfront because I am going to ramble a bit before I get to the > specifics: > > The taps I-Ds are about “a protocol-independent Transport Services Application > Programming Interface (API).” I took a pretty liberal approach when reviewing > this I-D from a security perspective because these I-Ds are somewhat different > than the “normal” protocol I-Ds. As noted in the -arch I-D: these I-Ds do not > specify “specific protocols or algorithms” … gasp. But, that’s probably okay in > this context. > > I wondered what you would say about an API: > - Apps need to use the API properly! check: see -arch I-D > - Implementation/Library needs to be from trust source! check: see -interface > I-D - Apps need to use the right keys at the right time! check: see -arch I-D - > Avoid fallback/downgrade to insecure protocols! check: see -arch I-D and -impl > I-D - Deal with 0-RTT! check: see -impl I-D - Address privacy aspects! check: > see -interface I-D > > I mean maybe you could add something about: > > - randomness for keys - but that better already be in the security protocol > specifications so I do not think it is absolutely needed here. > > - following good programming techniques - but I am not sure where you would > point nor whether it really makes sense to do so. > > I think I found what I was looking for is somewhere in the stack of I-Ds. Am I > worried somebody can implement this wrong. Sure. But, not any more than I would > be for any other protocol. > > Now on to the specifics: > > NOTE: I tried not repeat anything from the ARTART review. > > 0) s6: maybe this wording would be better? > > For these two sentences are you trying to say that MUST else if? > > OLD: At least one Local Endpoint MUST be specified if the Preconnection is > used to Listen() for incoming Connections, but the list of Local > Endpoints MAY be empty if the Preconnection is used to Initiate() > connections. > > NEW: At least one Remote Endpoint MUST > be specified if the Preconnection is used to Initiate() Connections, > but the list of Remote Endpoints MAY be empty if the Preconnection is > used to Listen() for incoming Connections https://github.com/ietf-tapswg/api-drafts/issues/973 > 1) s6.3.1 I know this is an example, but can we replace: > > SecurityParameters.Set(supported-group, "secp256k1") > > with > > SecurityParameters.Set(supported-group, "secp256r1") > > r1 the current MTI for TLS. k1 is for bitcoin :) > > Or, is this where I get a bitcoin because I caught the shiny object? :) https://github.com/ietf-tapswg/api-drafts/issues/975 > 2) s6.3.2: Is this like checking the certificate status? https://github.com/ietf-tapswg/api-drafts/issues/977 > 3) s8.1.1- I read this definition a bunch. Are there two special values? The > Type line says “Full Coverage” is special, but then the description says “0” is > special too. Maybe look at s91.3.6 for inspiration? https://github.com/ietf-tapswg/api-drafts/issues/978 > 4) s8.1.2: Any reason it’s not called connPriority? Seems arbitrary to drop the > end of the word when connTimeout is even longer. https://github.com/ietf-tapswg/api-drafts/issues/979 > 5) s8.1.2-should “Type” line also include (non-negative) like s8.1.1 and > s9.1.3.2 do? https://github.com/ietf-tapswg/api-drafts/issues/981 > 6) s8.1.3/.4: The Numeric values specifies seconds, minutes, hours, or > millennia? https://github.com/ietf-tapswg/api-drafts/issues/983 > 7) s8.1.6: don’t you need to specify the Type? I guess Enumeration is what > you’re after? https://github.com/ietf-tapswg/api-drafts/issues/984 > 8) s8.1.11.2/.3/.4: Are these sizes in bytes too like 8.1.11.1? https://github.com/ietf-tapswg/api-drafts/issues/986 > 9) s8.2.1: RFC 5482 allows granularity of minutes or seconds don’t you need to > say which it is here? https://github.com/ietf-tapswg/api-drafts/issues/988 > 10) s8.2.2: Is there some reason it’s not called tcp.userTimeoutEnabled? https://github.com/ietf-tapswg/api-drafts/issues/989 > 11) s8.2.3: Is there some reason it’s not called tcp.userTimeoutChangable? https://github.com/ietf-tapswg/api-drafts/issues/991 > 12) s9.1.3.2: Why 100? https://github.com/ietf-tapswg/api-drafts/issues/993 > 13) s9.1.3.2: Why shorten to msrPrio when msgOrdered is almost as long and > safelyReplayable is longer? https://github.com/ietf-tapswg/api-drafts/issues/994 > 14) A.1: Could the caution about freeing memory be generalized? https://github.com/ietf-tapswg/api-drafts/issues/996 > 15) What follows are the I-D nits references to check. Some of these might be > on purpose: > > == Outdated reference: A later version (-11) exists of > draft-ietf-taps-arch-10 > > ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) > > == Outdated reference: A later version (-06) exists of > draft-ietf-httpbis-priority-03 > > == Outdated reference: A later version (-10) exists of > draft-ietf-taps-impl-09 > > -- Obsolete informational reference (is this intentional?): RFC 5245 > (Obsoleted by RFC 8445, RFC 8839) > > -- Obsolete informational reference (is this intentional?): RFC 5766 > (Obsoleted by RFC 8656) https://github.com/ietf-tapswg/api-drafts/issues/997 > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: https://trac.ietf.org/trac/sec/wiki/SecDirReview
- [secdir] Secdir early review of draft-ietf-taps-i… Sean Turner via Datatracker
- Re: [secdir] Secdir early review of draft-ietf-ta… Benjamin Kaduk
- Re: [secdir] Secdir early review of draft-ietf-ta… Sean Turner