Re: [secdir] secdir review of draft-ietf-syslog-sign-27

"Alexander Clemm (alex)" <alex@cisco.com> Fri, 09 October 2009 05:03 UTC

Return-Path: <alex@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BFE928C14E; Thu, 8 Oct 2009 22:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[AWL=-0.501, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Znr2RMCv3M1; Thu, 8 Oct 2009 22:03:31 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id B74973A6828; Thu, 8 Oct 2009 22:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=alex@cisco.com; l=43889; q=dns/txt; s=sjiport02001; t=1255064715; x=1256274315; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Alexander=20Clemm=20(alex)"=20<alex@cisco.com> |Subject:=20RE:=20[secdir]=20secdir=20review=20of=20draft -ietf-syslog-sign-27|Date:=20Thu,=208=20Oct=202009=2022:0 5:12=20-0700|Message-ID:=20<85B2F271FDF6B949B3672BA5A7BB6 2FB089E8F06@xmb-sjc-236.amer.cisco.com>|To:=20"Tina=20TSO U"=20<tena@huawei.com>,=20"secdir"=20<secdir@ietf.org>, =20<iesg@ietf.org>|Cc:=20<syslog-chairs@tools.ietf.org>, =20<draft-ietf-syslog-sign@tools.ietf.org>,=0D=0A=20=20 =20=20=20=20=20=20"Chris=20Lonvick=20(clonvick)"=20<clonv ick@cisco.com>,=0D=0A=20=20=20=20=20=20=20=20<Pasi.Eronen @nokia.com>,=20<ietfdbh@comcast.net>,=0D=0A=20=20=20=20 =20=20=20=20"Alexander=20Clemm=20(alex)"=20<alex@cisco.co m>|MIME-Version:=201.0|In-Reply-To:=20<00a301ca367a$420da 160$8e27460a@china.huawei.com>|References:=20<4AAE56EF.50 80002@ieca.com>=20<006801ca3677$25943b00$8e27460a@china.h uawei.com>=20<00a301ca367a$420da160$8e27460a@china.huawei .com>; bh=EmNNX/vDnbUOJ55ADu5+me+cGpDIZqMsghQQMqZu5Rs=; b=CX/BjX1RepsQ7X+OMyePiP/zzBitFK66iCokB8UPjOervAo2gsRgF6qH reEAjn1oXrv8IA/ga6CcvkLxOgR1apO57HfXT10GT/8eUScrJ+JVCS+bq 7OYHYlHFpKgO5ibp6K1kQgVQyOJ16R7mo+h/pS7JdDJsP6Vx44V4PfvmS w=;
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiAFAB9hzkqrR7Hu/2dsb2JhbACCJy2/XZg9gjAOgWwE
X-IronPort-AV: E=Sophos; i="4.44,530,1249257600"; d="scan'208,217"; a="212852784"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-2.cisco.com with ESMTP; 09 Oct 2009 05:05:14 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id n9955EKj008547; Fri, 9 Oct 2009 05:05:14 GMT
Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 8 Oct 2009 22:05:14 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CA489E.1575F3FE"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 8 Oct 2009 22:05:12 -0700
Message-ID: <85B2F271FDF6B949B3672BA5A7BB62FB089E8F06@xmb-sjc-236.amer.cisco.com>
In-Reply-To: <00a301ca367a$420da160$8e27460a@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [secdir] secdir review of draft-ietf-syslog-sign-27
Thread-Index: Aco2ek7wTFF8WPJFQGWjDynwgpqBowSIAsAQ
References: <4AAE56EF.5080002@ieca.com> <006801ca3677$25943b00$8e27460a@china.huawei.com> <00a301ca367a$420da160$8e27460a@china.huawei.com>
From: "Alexander Clemm (alex)" <alex@cisco.com>
To: "Tina TSOU" <tena@huawei.com>, "secdir" <secdir@ietf.org>, <iesg@ietf.org>
X-OriginalArrivalTime: 09 Oct 2009 05:05:14.0003 (UTC) FILETIME=[15BA1630:01CA489E]
X-Mailman-Approved-At: Sun, 11 Oct 2009 23:40:45 -0700
Cc: draft-ietf-syslog-sign@tools.ietf.org, Pasi.Eronen@nokia.com, syslog-chairs@tools.ietf.org, "Alexander Clemm \(alex\)" <alex@cisco.com>
Subject: Re: [secdir] secdir review of draft-ietf-syslog-sign-27
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 05:03:45 -0000

Hi,

 

Thank you for your review.  Please see responses, inline, delimited with
<ALEX>.  Please let me know if you feel that those responses adequately
resolve the issue, or clarify any problems that you feel have not been
adequately addressed.  

 

Thank you and kind regards

--- Alexander Clemm

 

From: Tina TSOU [mailto:tena@huawei.com] 
Sent: Tuesday, September 15, 2009 8:03 PM
To: secdir; iesg@ietf.org
Cc: syslog-chairs@tools.ietf.org; draft-ietf-syslog-sign@tools.ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-syslog-sign-27

 

Sending to draft-ietf-syslog-sign@tools.ietf.org

 

 

B. R.
Tina

http://tinatsou.weebly.com/contact.html

	----- Original Message ----- 

	From: Tina TSOU <mailto:tena@huawei.com>  

	To: iesg@ietf.org ; secdir <mailto:secdir@ietf.org>  

	Cc: draft-ietf-syslog-sign-27@tools.ietf.org ;
syslog-chairs@tools.ietf.org 

	Sent: Wednesday, September 16, 2009 10:41 AM

	Subject: [secdir] secdir review of draft-ietf-syslog-sign-27

	 

	I have reviewed this document as part of the security
directorate's 
	ongoing effort to review all IETF documents being processed by
the IESG. 
	  These comments were written primarily for the benefit of the
security 
	area directors.  Document editors and WG chairs should treat
these 
	comments just like any other last call comments.
	In general, from the security point of view, this draft does not
specify what 
	the loghost should do in case of packet loss, DoS attack, etc.
Should the 
	device try to retrieve the sys log information again? 
	 
	Section 1, third paragraph (talking about Certificate Block):
not to 
	over-complicate matters, but this is really talking about the
content of a 
	Payload Block. Rather than introduce that term, perhaps rephrase
the paragraph 
	slightly to make clear that multiple Certificate Blocks may be
used. What's the key management information here? Is it Certificate
information or public key information?

	 

	    Additionally, a signer sends Certificate Blocks to provide
key
	    management information between the signer and the collector.
A
	    Certificate Block has a field to denote the type of key
material
	    which may be such things as a PKIX certificate, an OpenPGP
	    certificate, or even an indication that a key had been pre-
	    distributed.  In the cases of certificates being sent, the
	    certificates may have to be split across multiple
Certificate
	    Blocks carried in separate messages.

	 

	<ALEX>  Change accepted  

	</ALEX>

	 

	Section 1, fifth paragraph, first sentence: not clear what
"previous" refers to. 
	The phrase "of the previous messages" doesn't seem to add
anything and can be 
	dropped. Suggest adding "syslog" after "received" and
"corresponding" before 
	"Signature Block", so the sentence reads:

	 

	    The collector may verify that the hash of
	    each received syslog message matches the signed hash
contained in the
	    corresponding Signature Block.

	 

	 <ALEX> Change accepted

	</ALEX>

	 

	
	Section 4.2.3: It is strongly suggested that the field currently
identified as 
	Signature Group (SG) be renamed to Signature Group
Interpretation (SGI) to avoid 
	confusion. The statement that SPRI identifies the actual
signature group also 
	comes a bit late (beginning of the fourth paragraph). It should
be moved up to 
	the first paragraph.

	 

	Note that changing SG to SGI affects the tables in section 4.2
and 5.3.2 and IANA considerations. Note also that the field is called
SIG instead of SG in section 5.3.2.3.

	 

	<ALEX>  There does not seem to be a need for that change -
section 4.2.3 contains an additional clarification which clearly points
out the difference between SG field and the Signature Group itself; this
should be sufficient.

	</ALEX>

	 

	
	In section 5.3.2, P23, what's the main difference between using
Signature block and using Certificate block? It seems Certificate Block
overlaps with Signature Block, e.g., Both block are digitally signed,
why is only certificate block termed "certificate block", why not term
certificate block as "signature block"?

	 

	<ALEX>  

	The question is confusing.  The difference between Signature
Block and Certificate Block should be clear (as also evidenced from the
proposed text in the first comment) and there should be no issue that
they might be confused.  Signature Blocks contain the signatures of
previously sent messages, whereas Certificate Blocks contain key
material - two very distinct purposes.  No changes are made.

	</ALEX>

	 

	In section 5.3.2.9, the point is made that the timestamp of the
Certificate 
	Block message is the same as that of the Payload Block. In fact,
they differ 
	very slightly in the example. Is that intended?

	 

	<ALEX> 

	Proposed wording change as follows:

	                       Note that the Certificate Block message
in this example has a time stamp

	                       that is very close to the time stamp in
the Payload Block.  

	                       The fact that the time stamps are so
close implies that this is the first 

	                       Certificate Block message

	                       sent in this reboot session; additional
Certificate Block messages can be 

	                       sent later with a later time stamp, which
will carry the same Payload Block 

	                       that will still contain the same time
stamp.  

	</ALEX>

	 

	In section 6, near the bottom of the first paragraph, a couple
of words are 
	missing. It is suggested that the sentence be changed to read:

	 

	
The
	    collector MUST ignore duplicates of Signature Blocks and
Certificate
	                          ^^^^^^^^^^^^^^
	    Blocks it has already received and authenticated.

	 

	<ALEX>

	Suggested change is accepted.

	</ALEX

	 

	Section 7 is informative. Perhaps it belongs in an appendix.
	 

	<ALEX>

	There does not seem to be compelling reason to change the
structure at this point, propose to keep as is.

	</ALEX

	
	In section 7.1, 
	 4.  Set the last message number processed to the value of the
	           First Message Number plus the Count of the Signature
Block
	           minus 1.
	Why is the Last message number not defined in this document?
	 

	<ALEX>

	The last message number is in fact introduced in item b.  As it
is stated there clearly, it is a cursor that is maintained by the
collector to keep track of the point to which it has received message
signatures.  Additional explanation does not appear to be necessary.  

	</ALEX>

	 

	
	In section 8.1,
	 This specification uses Public Key Cryptography technologies.
The
	   proper party or parties have to control the private key
portion of a
	   public-private key pair.  Any party that controls a private
key can
	   sign anything it pleases.
	 
	As regarding the last sentence, Is it appropriate to use
"pleases" here? How about using *favors* or *prefers* instead of
*pleases*?
	 

	<ALEX>

	"Pleases" appears to be the appropriate term in this context -
it expresses that it can in effect do whatever it wants - "favors" or
"prefers" would imply there are a choices to select between, which does
not sound quite right in this context.  No change is made.  

	</ALEX>

	 

	
	In section 8.2,
	As a signer, it is advisable to avoid message lengths exceeding
2048
	   octets.  Various problems might result if a signer were to
send
	   messages with a length greater than 2048 octets, because
relays MAY
	   truncate messages with lengths greater than 2048 octets which
would
	   make it impossible for collectors to validate a hash of the
packet.
	   To increase the chance of interoperability, it tends to be
best to be
	   conservative with what you send but liberal in what you are
able to
	   receive.
	 
	   From the above paragraph, we can see it is necessary to
restrict
	   the length of message, So I would like to suggest changing
the last
	   sentence as:
	   "
	   To increase the chance of interoperability, it tends to be
best to 
	   limit the length of what you send but loose what you are able
to
	   receive.
	   "
	   to make it more precise. Is it reasonable to do this?
	
	

	<ALEX>

	The "conservative" and "liberal" saying dates back to Jon Postel
and RFC 760.  We think this should stay as is.  

	</ALEX>

	 
	 
	In section 8.3,
	Syslog does not strongly associate the message with the message
	   originator.  That association is established by the collector
upon
	   verification of the Signature Block. 
	   
	What's the difference between associating the message with the
message originator
	and signature? If they are the same thing, I think the
association should be pre-established
	in collector? Is it a correct understanding?
	
	

	<ALEX>

	 It is up to facility and application-ID to indicate who or what
actually triggered the original message; for the purposes of this here,
"originator" refers to the sender of the message, not the source of the
event that triggers the sending of the message.  The wording should
stand.  

	</ALEX> 

	 

	
	 
	In section 8.4,
	Event messages might be recorded and replayed by an attacker.
Using
	   the information contained in the Signature Blocks, a reviewer
can
	   determine whether the received messages are the ones
originally sent
	   by an originator.  The reviewer can also identify messages
that have
	   been replayed.

	 

	I am wondering what the information is in the signature block
can be used to
	prevent replaying? Count or sequence number, time stamp, if
there is such thing, it is better to
	point it out which field of signature block is used for
anti-replaying.
	 
	<ALEX> 

	Section 7 implicitly explains how messages can be identified
that have been replayed.  In that case, in step 3.b (section 7.1), the
authenticated log file would already contain the message.  Step 3.b does
not explicitly state to flag the fact that a replayed message was
received, but adding such a capability if desired would be near-trivial
(and IMHO hence does not need to be explained) and in any event the
authenticated log file would clearly contain only one instance of the
authenticated message.  

	To make it even clearer, the following wording is added to
section 8.4:

	 

	                       Using the methods for verification of
logs 

	                       outlined in Section 7, a replayed message
can be detected by checking

	                       prior to writing a message to the
authenticated log file whether the message is 

	                       already contained in it.

	</ALEX>

	 
	 
	 

	 

	B. R.
	Tina
	http://tinatsou.weebly.com/contact.html

	 

	 

	 

	 

________________________________

	_______________________________________________
	secdir mailing list
	secdir@ietf.org
	https://www.ietf.org/mailman/listinfo/secdir