Re: [secdir] Secdir review of draft-ietf-intarea-broadcast-consider-07
Rolf Winter <rolf.winter@hs-augsburg.de> Fri, 19 January 2018 15:20 UTC
Return-Path: <rolf.winter@hs-augsburg.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639C212D964; Fri, 19 Jan 2018 07:20:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.13
X-Spam-Level:
X-Spam-Status: No, score=-1.13 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50AfmYBbqsMj; Fri, 19 Jan 2018 07:20:05 -0800 (PST)
Received: from fly1.rz.hs-augsburg.de (fly1.RZ.HS-Augsburg.DE [IPv6:2001:638:102:201::11:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7736F12D958; Fri, 19 Jan 2018 07:20:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by fly1.rz.hs-augsburg.de (Postfix) with ESMTP id 2820740B82; Fri, 19 Jan 2018 16:19:55 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at hs-augsburg.de
Received: from fly1.rz.hs-augsburg.de ([127.0.0.1]) by localhost (fly1.rz.hs-augsburg.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id S_ZLEE9J0TfD; Fri, 19 Jan 2018 16:19:54 +0100 (CET)
Received: from [192.168.1.148] (nightswatch.informatik.hs-augsburg.de [141.82.79.79]) by fly1.rz.hs-augsburg.de (Postfix) with ESMTPSA id 413904098C; Fri, 19 Jan 2018 16:19:54 +0100 (CET)
To: Vincent Roca <vincent.roca@inria.fr>, IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-intarea-broadcast-consider.all@ietf.org
References: <383EA7C8-CFF0-48AF-AD0C-840545483E94@inria.fr> <80beb32b-35fe-9a2d-e951-037a34d81a5f@hs-augsburg.de> <50006956-2D5C-49F9-8CA8-ACBEC2B266F1@inria.fr> <1A4312A1-16CA-4BC9-BDEB-FDF0E33CF1FA@inria.fr>
From: Rolf Winter <rolf.winter@hs-augsburg.de>
Message-ID: <ada774f9-f2d3-938f-5c98-f058074869d6@hs-augsburg.de>
Date: Fri, 19 Jan 2018 16:20:01 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <1A4312A1-16CA-4BC9-BDEB-FDF0E33CF1FA@inria.fr>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/f3Bcz1yKlE-g9awhfHSjKvMWOR8>
Subject: Re: [secdir] Secdir review of draft-ietf-intarea-broadcast-consider-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 15:20:09 -0000
Hi Vincent, we have not forgotten about this point. You say about the text that: "It suggests that because it’s difficult, it won’t be used. This is not the message the I-D should carry." The reality today is, that it is not used, even for IETF-specified protocols it is mostly not specified. We still think about a good way to phrase it without making a point about this and then having to admit that the IETF itself has failed at doing it, which would be hypocitical. Best, Rolf Am 19.01.18 um 16:10 schrieb Vincent Roca: > This is a re-review. My answer below, sent on Jan. 16th, also applies > to version -07. > > Summary: *Almost r**eady* > > Most of my initial comments have been addressed by the authors. > > I made a few suggestions/clarifications (below), in addition to my > initial review. > > I would insist on implementing the first one, 2), beginning with: > "I’d like you extend a little the the bullet (b) of introduction: … » > > but let the authors judge what they prefer to do for the next ones. > > Regards, > > Vincent > > > >> Le 16 janv. 2018 à 09:50, Vincent Roca <vincent.roca@inria.fr >> <mailto:vincent.roca@inria.fr>> a écrit : >> >> Hello Rolf, >> >>> thanks for the detailed review and sorry for the belated reply. We >>> have submitted a new version based on these comments and >>> recommendations. Please see inline: >> >> You’re welcome. >> >>>> 2) Another point: I'd like to see the item (b) of introduction >>>> developed as this is the key issue with multicast/broadcast traffic. >>>> Without encryption, application messages are vulnerable to >>>> eavesdropping and all kinds of analyses. A group key could be >>>> negociated and used for encrypting this traffic, but this requires a >>>> more complex setup mechanism (typically a key management system, >>>> probably with re-keying and all the stuff) and requires a preliminary >>>> association of a terminal that is not necessarily compatible with the >>>> application-layer protocol features. >>>> The text could say that if possible, multicast/broadcast traffic >>>> encryption should be used, otherwise risks should be minimised as >>>> discussed in this document. And of course, it's always good to remind >>>> the designers that unicast traffic should be always encrypted since >>>> there's no good reason not to do that. >>> >>> >>> We talk about this in the security considerations section and come to >>> the same conclusion as you do: >>> >>> "It should be noted that certain applications could make use of >>> existing mechanisms to protect multicast traffic such as the ones >>> defined in [RFC5374]. Examples of such applications can be found in >>> Appendix A. of [RFC5374]. Given the required infrastructure and >>> assumptions about these applications and the security infrastructure, >>> many applications will not be able to make use of such mechanisms." >>> >>> In which way would you expand on this? >> >> I’d like you extend a little the the bullet (b) of introduction: >> (b) Encryption is more difficult when broadcast/multicast messages, >> leaving content of these messages in the clear and making it >> easier to spoof and replay them. >> It suggests that because it’s difficult, it won’t be used. This is not the >> message the I-D should carry. It’s difficult (add a reference here), sure, >> but not impossible. You can also briefly explain why it’s more >> difficult with >> multicast/broadcast. >> >> >>>> 3) I'd like to suggest another recommendation: when applicable, limit >>>> or avoid user-originated broadcast/multicast messages, preferring >>>> infrastructure originated messages. >>>> An example: in a discovery mechanism, avoid terminal sollicitation as >>>> much as possible and limit oneself to infrastructure announcement >>>> broadcast messages, even if it can include some extra delay (controled >>>> with the announcement frequency). This is exactly what happened in >>>> Wifi AP discovery, where the passive discovery scheme, AP based, is >>>> now prefered to the active scheme. >>>> Said differently, multicast/broadcast is not per se the issue, when >>>> originating from the infrastructure it is generaly safe. >>> >>> I think I disagree somewhat (and it is not a generally applicable use >>> case, e.g. if resources on a host are offered there is no general way >>> to delegate announcements of these to the infrastructure). Saying >>> that infrastructure announcements are generally safe requires that a >>> receiver can validate that a message came from the infrastructure >>> which is a problem (e.g. rogue DHCP servers). A lot of deployments >>> solve some of this through infrastructure means (e.g. DHCP snooping), >>> but we have documented that. Also, whatever comes from the >>> infrastructure requires a standard so that devices/apps understand >>> it. We have text around that, too. >> >> Let me clarify what I had in mind. A few years ago, discovery of a >> known WiFi AP >> from a device was accelerated through the use of an active mechanism, >> with the >> device sending probes to potentially detects those know WiFi APs. That was >> awful from a privacy point of view as highlighted by researchers. The >> trend was to >> move to a passive approach, relying mostly on AP announcements (in >> addition to >> MAC address randomisation). The privacy benefits while doing so are >> terrible. >> See e.g., my colleague Mathieu publication on the topic: >> https://hal.inria.fr/hal-00747825 >> This is perfectly in line with your I-D. How privacy can be >> compromised by using >> a broadcast based protocol. >> >> Having said that, I agree with you that rogue announcements raise >> security concerns >> (but that’s true for any message sent), and it does not work for >> resources offered by >> a host. I agree, this is not a universal approach. I let you judge >> whether it makes sense >> to talk about it or not. >> >> >>>> 4) A more general comment, related to item (a) of intro: >>>> Broadcast/multicast can simplify user surveillance, I agree. However, >>>> when I'm looking at all the practicies of companies working in the >>>> advertising area (in particular A&A companies, sitting between >>>> smartphone users and advertisers, domain that I know a little bit), >>>> the techniques deployed are incredibly smart, some of them bypassing >>>> technical protections set up by the OS manufacturers, others relying >>>> on hidden technical features. It's impressive how inventive those >>>> companies can be. >>>> My point is that even if traffic is 100% unicast, as long as a >>>> wireless medium is used, anyone wanting to monitor users in order to >>>> profile them will set up the required hardware/software configuration. >>>> This is trivial and extremely cheap nowadays (except perhaps for 4G >>>> connections), and most of the time this is a purely passive >>>> monitoring. The unicast/multicast/broadcast nature of traffic has no >>>> importance as long as you are within wireless network range. >>> >>> >>> I think there is little that the IETF can do about that. Also >>> "bypassing technical protection" and using "hidden technical >>> features" is nothing you can protect against in general and I assume >>> is often not by design. >> >> I agree and I don’t want to question the importance of this I-D here. >> But it remains that wireless communications are so easy to monitor. >> >> >>>> *Various:* >>>> ** the authors use the term "host name" to refer to a higher layer >>>> name of a device. To me this term refers to the DNS notion of >>>> "hostname", i.e. something different, hence confusion. I'd recommend >>>> to use "device name" in order to avoid it. >>> >>> Well, RFC 7719 even admits the term is ill defined and does refer to >>> various things. Also, for the protocols we looked at and OS >>> configurations, sometimes there are different host namens being used >>> for different purposes. We would like to stick with host names (also >>> since RFC8117 useses the term which is highly relevant in this context). >> >> I was not aware of those RFCs. Do what you believe is the most >> appropriate. >> >> Cheers, >> >> Vincent >
- [secdir] Secdir review of draft-ietf-intarea-broa… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-intarea-… Rolf Winter
- Re: [secdir] Secdir review of draft-ietf-intarea-… Vincent Roca
- [secdir] Secdir review of draft-ietf-intarea-broa… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-intarea-… Rolf Winter
- Re: [secdir] Secdir review of draft-ietf-intarea-… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-intarea-… Rolf Winter
- Re: [secdir] Secdir review of draft-ietf-intarea-… Vincent Roca