Re: [lamps] Call for adoption of draft-housley-lamps-3g-nftypes
Russ Housley <housley@vigilsec.com> Mon, 08 August 2022 15:31 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF32C157B53 for <spasm@ietfa.amsl.com>; Mon, 8 Aug 2022 08:31:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCtHOTdFeqFu for <spasm@ietfa.amsl.com>; Mon, 8 Aug 2022 08:31:37 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2272C157B52 for <spasm@ietf.org>; Mon, 8 Aug 2022 08:31:36 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id BFDD0140B37; Mon, 8 Aug 2022 11:31:33 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 84163140A5A; Mon, 8 Aug 2022 11:31:33 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <2404FB76-F49E-4DBE-A8F9-7655EE210440@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D4C99414-EA8F-499A-850D-47CBAEFB2D05"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Mon, 08 Aug 2022 11:31:32 -0400
In-Reply-To: <CAFpG3geF2jxoMZfeXO9hLM+9z6Ovsn59eBhYYmEez7A=AfF4eA@mail.gmail.com>
Cc: LAMPS <spasm@ietf.org>
To: tirumal reddy <kondtir@gmail.com>
References: <DM8PR14MB52376D8E7F6F414563238A18839F9@DM8PR14MB5237.namprd14.prod.outlook.com> <CAFpG3gciz2h+wTCnWy0Uazn+CLSKhWaCRnk6tNtptZriVtvseA@mail.gmail.com> <E1C193C7-F876-4F18-8AD8-8548F4BFA983@vigilsec.com> <CAFpG3geF2jxoMZfeXO9hLM+9z6Ovsn59eBhYYmEez7A=AfF4eA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GHjcjENmUVZut1KIh5v-YmOEtRM>
Subject: Re: [lamps] Call for adoption of draft-housley-lamps-3g-nftypes
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2022 15:31:38 -0000
Tiru: > 1. Yes, this is a good topic to expand the Security Considerations. > > 2. This seems pretty obvious to me, but I will think about a sentence or two for a more complete explanation. > > Thanks. You may want to also discuss the privacy and security implications of using NFType in the certificate extension for RBAC. For example (1) If TLS 1.2 is used by network functions, pervasive monitoring is possible for an attacker to identify the NFTypes visible in the TLS handshake and can potentially target a specific NFType (e.g., subject to DDoS or launch a targeted attack). (3) Misuse of NFType to gain additional privileges and what are the potential remediation techniques ? Yes, the certificate is plaintext when TLS 1.2 is used, and it it encrypted when TLS 1.3 or IKEv2 is used. I'm not sure what you mean about misuse of the NFType. Are you talking about the trusted CA putting the wrong NFType in the certificate? Russ
- [lamps] Call for adoption of draft-housley-lamps-… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-housley-la… Daniel Migault
- Re: [lamps] Call for adoption of draft-housley-la… Corey Bonnell
- Re: [lamps] Call for adoption of draft-housley-la… Joseph Mandel
- Re: [lamps] Call for adoption of draft-housley-la… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-housley-la… tirumal reddy
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… tirumal reddy
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-housley-la… tirumal reddy
- Re: [lamps] Call for adoption of draft-housley-la… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-housley-la… tirumal reddy
- Re: [lamps] Call for adoption of draft-housley-la… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-housley-la… Peinado, German (Nokia - PL/Wroclaw)
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Peinado, German (Nokia - PL/Wroclaw)
- Re: [lamps] Call for adoption of draft-housley-la… Sean Turner
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Peinado, German (Nokia - PL/Wroclaw)
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Tim Hollebeek