Re: [secdir] Secdir review of draft-ietf-ecrit-additional-data

stephen.farrell@cs.tcd.ie Wed, 16 September 2015 07:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 218671B3845 for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 00:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YuwV87AbOUYj for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 00:38:09 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1859D1B36F3 for <secdir@ietf.org>; Wed, 16 Sep 2015 00:38:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1D938BE87; Wed, 16 Sep 2015 08:38:07 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKoUC8D3Vd6p; Wed, 16 Sep 2015 08:38:05 +0100 (IST)
Received: from [127.0.0.1] (unknown [86.46.27.30]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0AB57BE2F; Wed, 16 Sep 2015 08:38:05 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1442389085; bh=N0zrb2vwbaIxy9LSK8koJFRc5CNbdGbC4HAKPj/ogLE=; h=To:Cc:From:Subject:In-Reply-To:References:Date:From; b=SA9nCw9bUIp0MfitPLjQnaPqBwyppstAslOjOCo6vSEwNMiti8uOKTC5mE8YLZ8hM nZDOUjJkaq+zqj2TzY1XT1gYFd9yI1Oynebw7IHwWAKnFPr6Vadco7jCPLYfvo0wxR BqN+QxmknDRoDWZfCMlzwSvle/0KKXNZlZ7bD2e8=
X-Priority: 3
To: magnusn@gmail.com
From: stephen.farrell@cs.tcd.ie
In-Reply-To: <CADajj4ZGx-8vFrZXd_CQcuG3GJWYDJoFTBQ+do-duicgadkEYw@mail.gmail.com>
References: <CADajj4bzDNqCzaJSjviVZm1nk8CrbUopzj0PrNNOUcK9SNG1ZA@mail.gmail.com> <p06240610d21e68de6c17@99.111.97.136> <CADajj4a+uJi3h1qjQ9xgGup_2teQc9hgfRyWDwwKvQS5aUJDOg@mail.gmail.com> <p06240612d21e7dc050f6@99.111.97.136> <CADajj4ZGx-8vFrZXd_CQcuG3GJWYDJoFTBQ+do-duicgadkEYw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Date: Wed, 16 Sep 2015 07:38:03 +0000
Message-ID: <2do7j0.nurejh.2vaeqo-qmf@mercury.scss.tcd.ie>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/ltAojabfYBD0VS2vqIkb_lbXCPo>
Cc: randy@qti.qualcomm.com, draft-ietf-ecrit-additional-data@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-ecrit-additional-data
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 07:38:12 -0000


On Wed Sep 16 04:09:03 2015 GMT+0100, Magnus Nyström wrote:
> Yes, at least mandating TLS 1.2 or higher and recommending as per above
> seems reasonable.
> The references for the GCM suites would be RFC 5288 and RFC 5289.

BCP195 has recent recommendations for most TLS options. I'd say it'd be best to use those or if not figure out why they're not correct for this context.

S.
 

> 
> Thanks!
> 
> On Tue, Sep 15, 2015 at 7:06 PM, Randall Gellens <randy@qti.qualcomm.com>
> wrote:
> 
> > Hi Magnus,
> >
> > I think we can mandate TLS 1.2 or later without any problem, and I can add
> > that to the text that mandates HTTPS.  I don't think I can add MTI cypher
> > suites at this stage, but I think it would be OK to add text such as "it is
> > RECOMMENDED to use only suites that offer Perfect Forward Secrecy (PFS) and
> > avoid Cipher Block Chaining (CBC)", with your list of suites as an example.
> > What do you think?  If we go this way, I'd probably need to also add an
> > informational reference or two; what do you suggest?
> >
> > At 6:39 PM -0700 9/15/15, Magnus Nyström wrote:
> >
> >  Hi Randall,
> >>  Yes, I guess it may be surprising ... but I was thinking more about
> >> getting this effort implemented in an expedited fashion rather than
> >> potentially delaying due to the potential issues (also pointed out in the
> >> draft) around getting the necessary trust anchors in place between PSAPs
> >> and service providers enabling the mutual authentication.
> >>
> >>  It may be good to say something about MTI suites - I would suggest
> >> mandating support for a set of suites that offers PFS and avoids CBC, e.g.,
> >> something like:
> >>
> >>  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> >>
> >>  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> >>
> >>  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> >>
> >>  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> >>
> >>  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> >>
> >>  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> >>
> >>
> >>  I would also suggest mandating TLS 1.2 (or later) for a new application
> >> like this.
> >>  On the last point, yes, if the service provider is in a possession to
> >> vouch for or sanity-check then that could help introduce reliability.
> >>
> >>  Best,
> >>
> >>
> >>  On Tue, Sep 15, 2015 at 5:58 PM, Randall Gellens <<mailto:
> >> randy@qti.qualcomm.com>randy@qti.qualcomm.com> wrote:
> >>
> >>  Hi Magnus,
> >>
> >>  Thank you for your review and comments.  Please see in-line.
> >>
> >>  At 9:26 PM -0700 8/31/15, Magnus Nyström wrote:
> >>
> >>   I have reviewed this document as part of the security directorate's
> >> ongoing effort to review all IETF documents being processed by the IESG.
> >> These comments were written primarily for the benefit of the security area
> >> directors. Document editors and WG chairs should treat these comments just
> >> like any other last call comments.
> >>
> >>   This memo provides fundamental data structure definitions and
> >> procedural rules for providing auxiliary information to public service
> >> answering points (PSAPs) when emergency calls are being made.
> >>
> >>
> >>   This reads as an important memo and has been at least five years in the
> >> making. I don't find the Security (and Privacy) Considerations section
> >> lacking per se, but do have these questions:
> >>
> >>   - Why require HTTPS for the reference case but not the value case (I
> >> can understand why you don't require it for the value case, but couldn't it
> >> be a choice for the PSAP also in the reference case? This would also seem
> >> to simplify during an introductory phase when a wide-spread PKI solution is
> >> not yet in place.)?
> >>
> >>
> >>  I'm very surprised that a security area person is asking why we don't
> >> make TLS optional!  It's a valid question, of course, just surprising in
> >> this context.  Because of the limited scope of the document, specifically
> >> emergency services, and given that the dereferencing entities will be PSAPs
> >> and other responders that have upgraded to support next-generation, we felt
> >> that it was reasonable to require the use of TLS and client-side
> >> certificates for dereferencing.
> >>
> >>   - When HTTPS is required, I assume the PSAP needs a client certificate
> >> - i.e., that the mutual auth option of TLS is being used, perhaps this
> >> needs to be clarified?
> >>
> >>
> >>  Yes, good point.  I added clarifying text in response to Ben's comments.
> >>
> >>   - Was there any discussion around any MTI TLS cipher suites?
> >>
> >>
> >>  No, this was never discussed as far as I can recall.
> >>
> >>   - I assume there's not only a privacy issue but also a potential
> >> spoofing issue - the PSAPs don't want to be overly susceptible to spoofed
> >> calls (although they rather err on the side of safety, of course. Thus,
> >> should integrity of infomation in the direct case be considered? I.e., by
> >> n/w or service providers in the path to the PSAP vouching for the
> >> information?
> >>
> >>
> >>  You're absolutely correct that PSAPs are concerned about spoofed (and
> >> other false) calls but will generally err by taking a call and asking the
> >> caller for information.  In general, PSAPs prefer information that comes
> >> from known and trusted providers (the major carriers). Are you suggesting a
> >> mechanism by which providers verify the information provided by the device?
> >> For location information, there are discussions in other SDOs about
> >> sanity-checking device-provided information (location or Wi-Fi APs) against
> >> network-known information (macro cell to which the device is associated).
> >>
> >>  --
> >>  Randall Gellens
> >>  Opinions are personal;    facts are suspect;    I speak for myself only
> >>  -------------- Randomly selected tag: ---------------
> >>  In a sense, when we started Virgin Atlantic, I was trying to create
> >>  an airline for myself. If you try to build the perfect airline for
> >>  yourself, it will be appreciated by others. --Richard Branson, 1996.
> >>
> >>
> >>
> >>
> >>  --
> >>
> >>  -- Magnus
> >>
> >
> >
> >
> > --
> > Randall Gellens
> > Opinions are personal;    facts are suspect;    I speak for myself only
> > -------------- Randomly selected tag: ---------------
> > All we're seeing is the negative side of nuclear war.
> >    --Barry Goldwater
> >
> 
> 
> 
> -- 
> -- Magnus
>