Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Rob Austein <sra@isc.org> Tue, 19 July 2011 13:59 UTC

Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B2C821F8797 for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 06:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.393
X-Spam-Level:
X-Spam-Status: No, score=-100.393 tagged_above=-999 required=5 tests=[AWL=-0.441, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrCyuQQV3AUe for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 06:59:58 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) by ietfa.amsl.com (Postfix) with ESMTP id 6344221F873A for <sidr@ietf.org>; Tue, 19 Jul 2011 06:59:58 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-66-30-16-106.hsd1.ma.comcast.net [66.30.16.106]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (not verified)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 6C63BB878; Tue, 19 Jul 2011 13:59:57 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [127.0.0.1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id C8EC033C66F; Tue, 19 Jul 2011 09:59:56 -0400 (EDT)
Date: Tue, 19 Jul 2011 09:59:56 -0400
From: Rob Austein <sra@isc.org>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CA4BBB06.17F28%terry.manderson@icann.org>
References: <m239i2pllp.wl%randy@psg.com> <CA4BBB06.17F28%terry.manderson@icann.org>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20110719135956.C8EC033C66F@minas-ithil.hactrn.net>
Cc: draft-ietf-sidr-repos-struct@tools.ietf.org, sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 13:59:59 -0000

At Tue, 19 Jul 2011 05:51:50 -0700, Terry Manderson wrote:
> 
> The win is to eliminate a threat that has already been identified on the
> list.

What threat?  Please describe it.

The only "threat" I saw discussed is, in my opinion, a non-issue: an
attacker can mangle filenames in the unprotected data stream, thus
causing objects to fail validation.  An attacker who can do that can
also mangle the objects themselves in the unprotected data stream,
which will also cause the objects to fail validation, so being able to
change the filenames doesn't give the attacker anything new.

> The suggestion of adding the mapping/type into the Manifest (while
> awkward in ietf processing) gives both the mapping result, and
> removes the CA/Repository threat identified.

The file types are already in the manifest, because the file types are
encoded in the filenames, which are in the manifest.