Re: [secdir] secdir review of draft-ietf-syslog-sign-27
"Alexander Clemm (alex)" <alex@cisco.com> Fri, 09 October 2009 05:03 UTC
Return-Path: <alex@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BFE928C14E; Thu, 8 Oct 2009 22:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[AWL=-0.501, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Znr2RMCv3M1; Thu, 8 Oct 2009 22:03:31 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id B74973A6828; Thu, 8 Oct 2009 22:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=alex@cisco.com; l=43889; q=dns/txt; s=sjiport02001; t=1255064715; x=1256274315; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Alexander=20Clemm=20(alex)"=20<alex@cisco.com> |Subject:=20RE:=20[secdir]=20secdir=20review=20of=20draft -ietf-syslog-sign-27|Date:=20Thu,=208=20Oct=202009=2022:0 5:12=20-0700|Message-ID:=20<85B2F271FDF6B949B3672BA5A7BB6 2FB089E8F06@xmb-sjc-236.amer.cisco.com>|To:=20"Tina=20TSO U"=20<tena@huawei.com>,=20"secdir"=20<secdir@ietf.org>, =20<iesg@ietf.org>|Cc:=20<syslog-chairs@tools.ietf.org>, =20<draft-ietf-syslog-sign@tools.ietf.org>,=0D=0A=20=20 =20=20=20=20=20=20"Chris=20Lonvick=20(clonvick)"=20<clonv ick@cisco.com>,=0D=0A=20=20=20=20=20=20=20=20<Pasi.Eronen @nokia.com>,=20<ietfdbh@comcast.net>,=0D=0A=20=20=20=20 =20=20=20=20"Alexander=20Clemm=20(alex)"=20<alex@cisco.co m>|MIME-Version:=201.0|In-Reply-To:=20<00a301ca367a$420da 160$8e27460a@china.huawei.com>|References:=20<4AAE56EF.50 80002@ieca.com>=20<006801ca3677$25943b00$8e27460a@china.h uawei.com>=20<00a301ca367a$420da160$8e27460a@china.huawei .com>; bh=EmNNX/vDnbUOJ55ADu5+me+cGpDIZqMsghQQMqZu5Rs=; b=CX/BjX1RepsQ7X+OMyePiP/zzBitFK66iCokB8UPjOervAo2gsRgF6qH reEAjn1oXrv8IA/ga6CcvkLxOgR1apO57HfXT10GT/8eUScrJ+JVCS+bq 7OYHYlHFpKgO5ibp6K1kQgVQyOJ16R7mo+h/pS7JdDJsP6Vx44V4PfvmS w=;
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiAFAB9hzkqrR7Hu/2dsb2JhbACCJy2/XZg9gjAOgWwE
X-IronPort-AV: E=Sophos; i="4.44,530,1249257600"; d="scan'208,217"; a="212852784"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-2.cisco.com with ESMTP; 09 Oct 2009 05:05:14 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id n9955EKj008547; Fri, 9 Oct 2009 05:05:14 GMT
Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 8 Oct 2009 22:05:14 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CA489E.1575F3FE"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 08 Oct 2009 22:05:12 -0700
Message-ID: <85B2F271FDF6B949B3672BA5A7BB62FB089E8F06@xmb-sjc-236.amer.cisco.com>
In-Reply-To: <00a301ca367a$420da160$8e27460a@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [secdir] secdir review of draft-ietf-syslog-sign-27
Thread-Index: Aco2ek7wTFF8WPJFQGWjDynwgpqBowSIAsAQ
References: <4AAE56EF.5080002@ieca.com> <006801ca3677$25943b00$8e27460a@china.huawei.com> <00a301ca367a$420da160$8e27460a@china.huawei.com>
From: "Alexander Clemm (alex)" <alex@cisco.com>
To: Tina TSOU <tena@huawei.com>, secdir <secdir@ietf.org>, iesg@ietf.org
X-OriginalArrivalTime: 09 Oct 2009 05:05:14.0003 (UTC) FILETIME=[15BA1630:01CA489E]
X-Mailman-Approved-At: Sun, 11 Oct 2009 23:40:45 -0700
Cc: draft-ietf-syslog-sign@tools.ietf.org, Pasi.Eronen@nokia.com, syslog-chairs@tools.ietf.org, "Alexander Clemm (alex)" <alex@cisco.com>
Subject: Re: [secdir] secdir review of draft-ietf-syslog-sign-27
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 05:03:45 -0000
Hi, Thank you for your review. Please see responses, inline, delimited with <ALEX>. Please let me know if you feel that those responses adequately resolve the issue, or clarify any problems that you feel have not been adequately addressed. Thank you and kind regards --- Alexander Clemm From: Tina TSOU [mailto:tena@huawei.com] Sent: Tuesday, September 15, 2009 8:03 PM To: secdir; iesg@ietf.org Cc: syslog-chairs@tools.ietf.org; draft-ietf-syslog-sign@tools.ietf.org Subject: Re: [secdir] secdir review of draft-ietf-syslog-sign-27 Sending to draft-ietf-syslog-sign@tools.ietf.org B. R. Tina http://tinatsou.weebly.com/contact.html ----- Original Message ----- From: Tina TSOU <mailto:tena@huawei.com> To: iesg@ietf.org ; secdir <mailto:secdir@ietf.org> Cc: draft-ietf-syslog-sign-27@tools.ietf.org ; syslog-chairs@tools.ietf.org Sent: Wednesday, September 16, 2009 10:41 AM Subject: [secdir] secdir review of draft-ietf-syslog-sign-27 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In general, from the security point of view, this draft does not specify what the loghost should do in case of packet loss, DoS attack, etc. Should the device try to retrieve the sys log information again? Section 1, third paragraph (talking about Certificate Block): not to over-complicate matters, but this is really talking about the content of a Payload Block. Rather than introduce that term, perhaps rephrase the paragraph slightly to make clear that multiple Certificate Blocks may be used. What's the key management information here? Is it Certificate information or public key information? Additionally, a signer sends Certificate Blocks to provide key management information between the signer and the collector. A Certificate Block has a field to denote the type of key material which may be such things as a PKIX certificate, an OpenPGP certificate, or even an indication that a key had been pre- distributed. In the cases of certificates being sent, the certificates may have to be split across multiple Certificate Blocks carried in separate messages. <ALEX> Change accepted </ALEX> Section 1, fifth paragraph, first sentence: not clear what "previous" refers to. The phrase "of the previous messages" doesn't seem to add anything and can be dropped. Suggest adding "syslog" after "received" and "corresponding" before "Signature Block", so the sentence reads: The collector may verify that the hash of each received syslog message matches the signed hash contained in the corresponding Signature Block. <ALEX> Change accepted </ALEX> Section 4.2.3: It is strongly suggested that the field currently identified as Signature Group (SG) be renamed to Signature Group Interpretation (SGI) to avoid confusion. The statement that SPRI identifies the actual signature group also comes a bit late (beginning of the fourth paragraph). It should be moved up to the first paragraph. Note that changing SG to SGI affects the tables in section 4.2 and 5.3.2 and IANA considerations. Note also that the field is called SIG instead of SG in section 5.3.2.3. <ALEX> There does not seem to be a need for that change - section 4.2.3 contains an additional clarification which clearly points out the difference between SG field and the Signature Group itself; this should be sufficient. </ALEX> In section 5.3.2, P23, what's the main difference between using Signature block and using Certificate block? It seems Certificate Block overlaps with Signature Block, e.g., Both block are digitally signed, why is only certificate block termed "certificate block", why not term certificate block as "signature block"? <ALEX> The question is confusing. The difference between Signature Block and Certificate Block should be clear (as also evidenced from the proposed text in the first comment) and there should be no issue that they might be confused. Signature Blocks contain the signatures of previously sent messages, whereas Certificate Blocks contain key material - two very distinct purposes. No changes are made. </ALEX> In section 5.3.2.9, the point is made that the timestamp of the Certificate Block message is the same as that of the Payload Block. In fact, they differ very slightly in the example. Is that intended? <ALEX> Proposed wording change as follows: Note that the Certificate Block message in this example has a time stamp that is very close to the time stamp in the Payload Block. The fact that the time stamps are so close implies that this is the first Certificate Block message sent in this reboot session; additional Certificate Block messages can be sent later with a later time stamp, which will carry the same Payload Block that will still contain the same time stamp. </ALEX> In section 6, near the bottom of the first paragraph, a couple of words are missing. It is suggested that the sentence be changed to read: The collector MUST ignore duplicates of Signature Blocks and Certificate ^^^^^^^^^^^^^^ Blocks it has already received and authenticated. <ALEX> Suggested change is accepted. </ALEX Section 7 is informative. Perhaps it belongs in an appendix. <ALEX> There does not seem to be compelling reason to change the structure at this point, propose to keep as is. </ALEX In section 7.1, 4. Set the last message number processed to the value of the First Message Number plus the Count of the Signature Block minus 1. Why is the Last message number not defined in this document? <ALEX> The last message number is in fact introduced in item b. As it is stated there clearly, it is a cursor that is maintained by the collector to keep track of the point to which it has received message signatures. Additional explanation does not appear to be necessary. </ALEX> In section 8.1, This specification uses Public Key Cryptography technologies. The proper party or parties have to control the private key portion of a public-private key pair. Any party that controls a private key can sign anything it pleases. As regarding the last sentence, Is it appropriate to use "pleases" here? How about using *favors* or *prefers* instead of *pleases*? <ALEX> "Pleases" appears to be the appropriate term in this context - it expresses that it can in effect do whatever it wants - "favors" or "prefers" would imply there are a choices to select between, which does not sound quite right in this context. No change is made. </ALEX> In section 8.2, As a signer, it is advisable to avoid message lengths exceeding 2048 octets. Various problems might result if a signer were to send messages with a length greater than 2048 octets, because relays MAY truncate messages with lengths greater than 2048 octets which would make it impossible for collectors to validate a hash of the packet. To increase the chance of interoperability, it tends to be best to be conservative with what you send but liberal in what you are able to receive. From the above paragraph, we can see it is necessary to restrict the length of message, So I would like to suggest changing the last sentence as: " To increase the chance of interoperability, it tends to be best to limit the length of what you send but loose what you are able to receive. " to make it more precise. Is it reasonable to do this? <ALEX> The "conservative" and "liberal" saying dates back to Jon Postel and RFC 760. We think this should stay as is. </ALEX> In section 8.3, Syslog does not strongly associate the message with the message originator. That association is established by the collector upon verification of the Signature Block. What's the difference between associating the message with the message originator and signature? If they are the same thing, I think the association should be pre-established in collector? Is it a correct understanding? <ALEX> It is up to facility and application-ID to indicate who or what actually triggered the original message; for the purposes of this here, "originator" refers to the sender of the message, not the source of the event that triggers the sending of the message. The wording should stand. </ALEX> In section 8.4, Event messages might be recorded and replayed by an attacker. Using the information contained in the Signature Blocks, a reviewer can determine whether the received messages are the ones originally sent by an originator. The reviewer can also identify messages that have been replayed. I am wondering what the information is in the signature block can be used to prevent replaying? Count or sequence number, time stamp, if there is such thing, it is better to point it out which field of signature block is used for anti-replaying. <ALEX> Section 7 implicitly explains how messages can be identified that have been replayed. In that case, in step 3.b (section 7.1), the authenticated log file would already contain the message. Step 3.b does not explicitly state to flag the fact that a replayed message was received, but adding such a capability if desired would be near-trivial (and IMHO hence does not need to be explained) and in any event the authenticated log file would clearly contain only one instance of the authenticated message. To make it even clearer, the following wording is added to section 8.4: Using the methods for verification of logs outlined in Section 7, a replayed message can be detected by checking prior to writing a message to the authenticated log file whether the message is already contained in it. </ALEX> B. R. Tina http://tinatsou.weebly.com/contact.html ________________________________ _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir
- [secdir] secdir review of draft-ietf-ipsecme-ikev… Sean Turner
- Re: [secdir] secdir review of draft-ietf-ipsecme-… Yaron Sheffer
- [secdir] secdir review of draft-ietf-syslog-sign-… Tina TSOU
- Re: [secdir] secdir review of draft-ietf-syslog-s… Tina TSOU
- Re: [secdir] secdir review of draft-ietf-syslog-s… Alexander Clemm (alex)