IETF Logo Mail Archive

Re: [stir] Permitted spoofing

Dave Crocker <dhc2@dcrocker.net> Tue, 11 June 2013 16:12 UTC

Return-Path: <dhc2@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5E1621F960F for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 09:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2N1rTHA+iDg for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 09:12:38 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id D62BD21F962D for <stir@ietf.org>; Tue, 11 Jun 2013 09:12:35 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r5BGCPbh018070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 11 Jun 2013 09:12:28 -0700
Message-ID: <51B74C64.4070302@dcrocker.net>
Date: Tue, 11 Jun 2013 09:12:20 -0700
From: Dave Crocker <dhc2@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: "Rosen, Brian" <Brian.Rosen@neustar.biz>
References: <5DDB5576-CAEF-453C-8C90-0C6709DAD84F@neustar.biz> <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu> <15ABDCF6-F127-4E8B-807F-FC3FAD78B905@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DAAEF@ex2k10mb2.corp.yaanatech.com> <E18AFC23-F162-4EEE-AAC1-FEA53438E15A@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DB34C@ex2k10mb2.corp.yaanatech.com> <02A4880B-8DBE-48D8-A5EC-DD82EC282527@neustar.biz>
In-Reply-To: <02A4880B-8DBE-48D8-A5EC-DD82EC282527@neustar.biz>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 11 Jun 2013 09:12:29 -0700 (PDT)
Cc: "hadriel.kaplan@oracle.com" <hadriel.kaplan@oracle.com>, Michael Hammer <michael.hammer@yaanatech.com>, "stir@ietf.org" <stir@ietf.org>, "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 16:12:44 -0000

On 6/11/2013 6:03 AM, Rosen, Brian wrote:
> MITM is a potential problem, which would be desirable to cut off, but it's not the stated problem we're trying to solve.
>
> There may be some number of service providers in the path that are tolerant of the problem, but not really complicit.


This could have a pretty substantial effect on design choices.

For example, session-based SSL authentication -- that is, without server 
validation (certs) -- permits MITM, which seems to be often/generally 
acceptable in terms of actual practice, although rhetoric claims otherwise.

But in general, I've had the impression that any effort at 
authentication or confidentiality comes with an expectation of 
resistance to MITM compromises.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email