Re: [secdir] [Taps] Secdir last call review of draft-ietf-taps-minset-06
"Aaron Falk" <aaron.falk@gmail.com> Mon, 27 August 2018 20:01 UTC
Return-Path: <aaron.falk@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A981130EFC; Mon, 27 Aug 2018 13:01:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSwry7muSjZh; Mon, 27 Aug 2018 13:01:52 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81595130F04; Mon, 27 Aug 2018 13:01:52 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id g197-v6so161708qke.5; Mon, 27 Aug 2018 13:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version; bh=sPfHCmg76VAZrqG+BWy0l94A7ko2eleyw+FXE89kV5M=; b=cgIuJIwBGGAs8JO8CKVIC1u7UgpLnVBRFBg4fpupBmNuvbRPsWW0dp4JPMXWJcgbMC OdP9TrKuTQtP91hH4f7n96tb1MYFfChU7ou22AW/1QLNUMVqihv0FY7P1kNR8WtpMN3O GO8L61Zc5Q9JThB3gPGsYCBRePNDsZDV1yj3WQTbSUVwfLyZNJw9abQft6EyJMFdKATR 5XQdg0i0/8PRylJYZedN/tWpx8ULsjsIkGB8y+NiRkUQKv8S4mWXdGU1su/lO4FZgWlE XpN+zrEX/Ed20oUkgZdns+0S3Am8fHKsz2VZ3WqyJ7aINmNax5LSkj8DZzHcblFjaiQt 6n1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version; bh=sPfHCmg76VAZrqG+BWy0l94A7ko2eleyw+FXE89kV5M=; b=kxjs86mSZIoKDm1EE9G4GrDX1wFJZX7ch58LZlj9rM6r9ENx/3+rKDWyR5qleJW8eB 2Du3GVYoS9PCQgALGY8Q1Bd2hAeSKzdpm9C0kAg1fewGNO9GCP0siX1NDPbzFrG8eN4X D8tebZT/PzD2OVq7FIRUJsh7/j7vXcPvtB5JrUpYS0TEzk92KIOG7SkSBr50Jgrlil6p opsIzgbTrbrRjiYa+Okd3DVh1UPzcULaS0nz1sfA/ogil8I7aHuxC7rC5smKNupxmHaj /pApT/PLZXAz5RHPRafM9r7D1v8wc1jzqCtGINqXfjsgv9i8pWkr8fe4WAajj35hnz+E fdmw==
X-Gm-Message-State: APzg51DVAWqesSmajvk8Q/L9P7JfWE42wqXPj+X3URRtsD3kRKSMhNdE xPLEJ3z2UhLyfhB+FValzuc=
X-Google-Smtp-Source: ANB0VdZtvWah34ynP4N+MQQjrhPP9XAp4kEmUJAVJpwaokWQiskfNnVsqrQKLXCeEupzrnfZe5iX2Q==
X-Received: by 2002:a37:8542:: with SMTP id h63-v6mr14836364qkd.307.1535400111330; Mon, 27 Aug 2018 13:01:51 -0700 (PDT)
Received: from [172.19.37.217] ([2601:184:4980:a321:8d9d:417f:9ca0:8d3c]) by smtp.gmail.com with ESMTPSA id a26-v6sm99003qtc.74.2018.08.27.13.01.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Aug 2018 13:01:50 -0700 (PDT)
From: Aaron Falk <aaron.falk@gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Tommy Pauly <tpauly@apple.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, taps@ietf.org, draft-ietf-taps-minset.all@ietf.org, ietf@ietf.org, secdir@ietf.org
Date: Mon, 27 Aug 2018 16:01:47 -0400
X-Mailer: MailMate (1.11.3r5509)
Message-ID: <B9EA432F-FC9C-40DF-8E2F-6B79E15ED535@gmail.com>
In-Reply-To: <20180827200019.GW59914@kduck.kaduk.org>
References: <153534622572.11764.16971261463087249495@ietfa.amsl.com> <11A6EDDC-06EE-47E5-B61B-ED6F7B5999A6@apple.com> <20180827200019.GW59914@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_7EFFFC0B-70AE-430C-9D96-D832BCC85B63_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xDrXqFpCPdu-BiLwTUhyD4lwQCY>
Subject: Re: [secdir] [Taps] Secdir last call review of draft-ietf-taps-minset-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2018 20:02:00 -0000
My $0.02: I don't think it is too early for a SecDir review. --aaron (TAPS wg chair) On 27 Aug 2018, at 16:00, Benjamin Kaduk wrote: > On Mon, Aug 27, 2018 at 08:53:16AM -0700, Tommy Pauly wrote: >> Hi Yaron, >> >> This minimal set is a description of the surface that any generic API >> must have to cover the common *transport* features of protocols only. >> This document is not meant in itself to describe an API that >> applications use directly, but instead describe the distilled feature >> set from transport services (such as reliable/unreliable sending, >> etc). To that end, it essentially describes what you need to be able >> to use basic things like TCP, UDP, etc. Even without security >> considered, this distillation is a non-trivial task, thus it required >> this document. >> >> The security document that is referenced >> (draft-ietf-taps-transport-security) provides a similar survey and >> distillation for how transport security interfaces add more surface >> to control and interact with handshake and record layers used on top >> of/in conjunction with the base transport. > > FWIW, I think that draft-ietf-taps-transport-security would benefit > from > some more attention from the security (is it ready enough to ask for > an > early secdir review?). I looked at bits of the -01, and though the > -02 is > improved in some ways, I think there are still some incorrect > statements > present about some of the protocols in question, etc.. Anyone from > secdir > interested? > > -Ben > >> The set of documents that actually describe the API surface that we >> want applications to use (draft-ietf-taps-arch, draft-ietf-taps-api, >> draft-ietf-taps-interface, draft-ietf-taps-impl) does indeed provide >> a unified abstraction for a secure transport connection. However, >> this surface depends upon both the distillation from >> draft-ietf-taps-minset and draft-ietf-taps-transport-security. There >> is no intention of promoting insecure connections for applications. >> >> Thanks, >> Tommy >> >>> On Aug 26, 2018, at 10:03 PM, Yaron Sheffer <yaronf.ietf@gmail.com> >>> wrote: >>> >>> Reviewer: Yaron Sheffer >>> Review result: Not Ready >>> >>> The whole notion of TAPS is new to me, so I may be missing the point >>> here. This >>> document defines a minimal set of network APIs that should be >>> available to >>> applications, in order to allow multiple different transport >>> protocols to be >>> used as interchangeable plug-ins with minimal or no change to >>> applications. >>> >>> However the document does not cover security, and instead refers >>> readers to a >>> security protocol survey (draft-ietf-taps-transport-security). >>> >>> There's a disconnect here: in many cases we want applications to be >>> aware of >>> security features. For example, a typical TCP-using application >>> should choose >>> whether to enable TLS encryption of the connection (or as a >>> receiver, whether >>> to require encryption), and if TLS is selected, should at the very >>> least >>> receive access to the authenticated address of the connection's >>> peer. In other >>> words, a meaningful minimal set of APIs cannot be defined without >>> considering >>> the effects and requirements of security protocols. >>> >>> Put differently, the application normally treats the transport >>> protocol and the >>> security protocol layered on it as one protocol. Hence the old name >>> of TLS: >>> Secure Socket Layer. The application sees a single socket, not one >>> socket for >>> transport and another for security. This has been the case for TCP >>> for the last >>> 20-odd years, and is unlikely to change any time soon. >>> >>> I have not surveyed the protocols discussed in this draft, and I >>> don't know >>> whether a viable transport-level security protocol exists for each >>> of them. If >>> this is not the case, then I guess the industry is not yet ready for >>> the kind >>> of solution proposed here. >>> >>> _______________________________________________ >>> Taps mailing list >>> Taps@ietf.org >>> https://www.ietf.org/mailman/listinfo/taps >>
- [secdir] Secdir last call review of draft-ietf-ta… Yaron Sheffer
- Re: [secdir] [Taps] Secdir last call review of dr… Tommy Pauly
- Re: [secdir] [Taps] Secdir last call review of dr… Benjamin Kaduk
- Re: [secdir] [Taps] Secdir last call review of dr… Aaron Falk
- Re: [secdir] [Taps] Secdir last call review of dr… Yaron Sheffer