Re: [Taps] Secdir early review of draft-ietf-taps-transport-security-04
Christopher Wood <christopherwood07@gmail.com> Wed, 27 February 2019 15:48 UTC
Return-Path: <christopherwood07@gmail.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1135131023; Wed, 27 Feb 2019 07:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bw_ZfavhSN8F; Wed, 27 Feb 2019 07:48:37 -0800 (PST)
Received: from mail-yw1-xc2e.google.com (mail-yw1-xc2e.google.com [IPv6:2607:f8b0:4864:20::c2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F8DE130FE9; Wed, 27 Feb 2019 07:48:37 -0800 (PST)
Received: by mail-yw1-xc2e.google.com with SMTP id k14so8436586ywe.4; Wed, 27 Feb 2019 07:48:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0gm1MZ+OidvCx0F6JPOEA4VUppThM82emWOOoB3LTgw=; b=cW05JHvv6GY/UoCHXvU6SZDwoGCOmnbgnKoc0RNky5oeXzzSx1HX0+GQ7ghIJctpWp 5b4AnguREaansjdiGhe0QSqFGi+W30DyxcjrBydwIRoM38KQ4naBHztwrOnRIbJ8sEY7 uUxiA3a8T6nyJZR1o45DKgQwu2kQBXivzWtG8+s0msSWDEW076wuWIwzt6uAzyrdF/PE kZxf+L0akWewPs4HT82WGzX3okvgNjpQajtSsQm8aT92A66WeMS3CK228n6M20Z61ijo JVGIjWI2o6mpY7WGS0kDFbJZFHaN5ZS1cGeEhj8sQcivWYl0ocVVW2+tPaRJEOcJ12V8 Livg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0gm1MZ+OidvCx0F6JPOEA4VUppThM82emWOOoB3LTgw=; b=jLxpkFBYeF4qQpaXqFN+cFB8mncsp5HQSa1klTeuCk96fodlwt/W1UlsBzblELkjCm b2UcdUqERN3Tm63F0jnCOpFodtwozql0hLBXa2IUCVRYzKaoFCfQr2i6t2NDB00+3thn XMWAuCdDqdxPgtg7vZoZQPlyOdW8GAHNXi8lIwJJ8s6VDY5SAPNMw2JYzqWk2RWD9+RQ 3nf5rxblVZdLyY90xbd8iER8d5U/xEzV/1scp56Zg5mvDlDePex4RMnuB3uvZ4QwlW6Y eC8UkVS1e7OERCYyqdk3MVvjig+VHDemhslEoPqHZKfjQiGeWD8dSm+epwWzBcWDCDTv hthw==
X-Gm-Message-State: AHQUAuYawn5xttWB0pP93Fd3buGFHB67uOX387XRBO2pfeTJ1ihxON5f lkAUjXgi5gPnaI1Ox3aD/vfw+Vrqg7VGvqsvTrs=
X-Google-Smtp-Source: AHgI3IY/7b8EpWev6dZJSMh+U7ZgNkEna/oNa/zZC4HxHD0iryUOZcl9AI3jQbbSul6e+1+iSZyD/w/xlxMC0K2jau4=
X-Received: by 2002:a25:d64e:: with SMTP id n75mr2424522ybg.199.1551282516499; Wed, 27 Feb 2019 07:48:36 -0800 (PST)
MIME-Version: 1.0
References: <154321083813.24275.4373340388504093292@ietfa.amsl.com> <03808BD3-11AA-4010-9B8D-7E33EC1FE39B@gmail.com> <CAO8oSX=36n3v0vnUxki8bVHs5_NE3K55Wn=UCUeiEqpvChASWA@mail.gmail.com> <alpine.LRH.2.21.1902271005140.3041@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1902271005140.3041@bofh.nohats.ca>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Wed, 27 Feb 2019 07:48:25 -0800
Message-ID: <CAO8oSXk1htxBMS6gajapSGp=xVHO2XgtxSpUgTRfFUfju-Ov+Q@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: secdir <secdir@ietf.org>, draft-ietf-taps-transport-security.all@ietf.org, taps WG <taps@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/CgXl0mtK5vUHlookzw3EIjt324A>
Subject: Re: [Taps] Secdir early review of draft-ietf-taps-transport-security-04
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 15:48:47 -0000
On Wed, Feb 27, 2019 at 7:29 AM Paul Wouters <paul@nohats.ca> wrote: > > On Tue, 26 Feb 2019, Christopher Wood wrote: > > > We just posted a revision to this document incorporating updates based > > on your comments [1]. (Thanks again for your careful review!) If you > > have time to check the diffs, we would greatly appreciate any more > > feedback you may have. > > In general, the changes look good to me, although I still have > reservations about some of the toy protocols mentioned which just gives > them too much credibility. Thanks for adding openvpn. I see you did not > add openconnect/anyconnect, and kept in curvecp/minimalt. Not my > preference but if that's what the WG wants, I'm okay with it. > > Note that the latest openvpn version now uses AES-GCM per default, so > perhaps you can excorsise blowfish from the document because Bruce > said not to use it like over a decade ago. If you do mention blowfish, > I think it should come with a big disclaimer to ensure people don't > think IETF belives it's okay to use. And I don't think we need to > point people to blowfish in the reference section. > (see https://openvpn.net/community-downloads/) Good to know. Consider blowfish gone. > Just a few remaining questionts/comments left: > > >>> WireGuard is designed to be entirely stateless, modulo the > >>> CryptoKey > >>> routing table, > >>> > >>> Wouldn't you be able to say the same about the ESP SPD/SAD table? I'm > >>> not sure > >>> how different the ESP/wireguard statelessness is on a scale or truly > >>> stateless > >>> to NFS > > I'm still a bit concerned about the "designed to be entirely stateless". > As I said before, that's more of a marketing gimmick than an actual > technical property. Every VPN like protocol is stateless except for the > state it needs (a rule database, counters, crypto keys). I would suggest > removing this entire sentence: > > WireGuard is designed to be entirely stateless, modulo the CryptoKey > routing table, which has size linear with the number of trusted > peers. Good suggestion! I'll take it for the next update. > > >>> You do not mention mobility or session resumption for WireGuard. Since > >>> it is > >>> all about static inner IP addresses over arbitrary outer addresses, it > >>> has > >>> mobility. And I guess the 1RTT means it has session resumption? > > You did not add these to the wireguard feature list. Whoops -- missed this. I'll add mobility (they call it roaming), though there is no session resumption, if I understand correctly. I'll work with Jason afterwards to make sure this section is accurate. > > >>> 5.1: > >>> > >>> Listed as mandatory feature is: > >>> > >>> o Public-key certificate based authentication. > >>> > >>> Yet you have mentioned that neither WireGuard or CurveCP can do > >>> authentication > >>> based on certificates? > >> > >> Indeed. This should read, “Public-key (raw or certificate) based > >> authentication.” > > It seems you decided to completely remove the mandatory requirement? > What that on purpose or by accident? Intentional! We felt that unilateral responder authentication was more fitting here. Thanks again, Chris
- [Taps] Secdir early review of draft-ietf-taps-tra… Paul Wouters
- Re: [Taps] Secdir early review of draft-ietf-taps… Christopher Wood
- Re: [Taps] Secdir early review of draft-ietf-taps… Christopher Wood
- Re: [Taps] Secdir early review of draft-ietf-taps… Paul Wouters
- Re: [Taps] Secdir early review of draft-ietf-taps… Christopher Wood