Re: [secdir] sec-dir review of draft-ietf-sieve-autoreply-02

Barry Leiba <barryleiba@computer.org> Fri, 03 December 2010 15:38 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 11FAC28C120; Fri, 3 Dec 2010 07:38:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.535
X-Spam-Level:
X-Spam-Status: No, score=-102.535 tagged_above=-999 required=5 tests=[AWL=0.442, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0CnoShzK48b; Fri, 3 Dec 2010 07:38:30 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 70D5B28C11D; Fri, 3 Dec 2010 07:38:29 -0800 (PST)
Received: by iwn40 with SMTP id 40so11844335iwn.31 for <multiple recipients>; Fri, 03 Dec 2010 07:39:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=BQlOOXQiupU2jtO680o6A8IYH82uWNv9TpW9OqgTSPI=; b=P7c7titBpXiUw1oNjZ9babwMevJQv8KcPqG9AzU1fjbVop2IUthuN+E351DPLLdnJt D1aPHe+Ljga2lQfAiENVEY4TtxqjDe3erdc8m+NAkSY87BOiXgJdKnVgggUhbs0CBudc qWeixm8AVqKAey5M1NZc05kO4YiMLu8L1C4No=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=Sgne9pswVmvsHLUU7fh1PCp437hlhfvXQRKRckmYLehWFKJxNKoNTQ6Ksa0Id+D58O PCu2qviOxoK8eX5G0O+HF/H+2QewSqkdprT/lsrBNOnLKgjpSJEeE6JgM5Vx4QgU30ti CP/5a3EsppcJAlWrV/JJqICsSlkyVJsQZ/GQA=
MIME-Version: 1.0
Received: by 10.231.13.196 with SMTP id d4mr1959126iba.134.1291390786911; Fri, 03 Dec 2010 07:39:46 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.231.208.12 with HTTP; Fri, 3 Dec 2010 07:39:46 -0800 (PST)
In-Reply-To: <sjmmxon7ytl.fsf@pgpdev.ihtfp.org>
References: <sjmhbex9pqe.fsf@pgpdev.ihtfp.org> <AANLkTi=Lyr47Nk9EZfpZYPnvXAgp-TCj-+RHar6oSPwM@mail.gmail.com> <sjmmxon7ytl.fsf@pgpdev.ihtfp.org>
Date: Fri, 3 Dec 2010 10:39:46 -0500
X-Google-Sender-Auth: JUmQu9EdjLE6ZHfc3v6d9MmxjPc
Message-ID: <AANLkTimiLyYsdvmtZrci681UvbNcM-+dvcA7R0KmmFWG@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: robinsgv@gmail.com, Alexey.Melnikov@isode.com, sieve-chairs@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] sec-dir review of draft-ietf-sieve-autoreply-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 15:38:31 -0000

Off list, Derek and I had a couple of exchanges, and Derek suggested
the following text, which I think is fine, and which I will add to my
working version of the document:

----------------------
 An autoresponder can cause leaks of other pieces of information,
 including potentially providing the ability to attack cryptographic
 keying material.  For example, using the time it takes to perform an
 cryptographic operation an attacker may obtain information about the
 secret key.  An autoresponder that doesn't take timing into account
 could accidentally leak this kind of information.

 Moreover, if an autoresponder script returns the results of a
 cryptographic operation that could also provide an attack vector.  For
 example, if a script returns the results of a decryption operation, an
 attacker can send an arbitrarily encrypted message and use the results
 as a chosen cyphertext attack to decode the encryption key.  Authors
 of scripts should be careful in what information they return to
 senders.
----------------------

Barry