IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 30 April 2014 21:03 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6178B1A0852 for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWc0PUvpDFII for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:03:10 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A71A81A063B for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 14:03:10 -0700 (PDT)
Received: from [10.70.10.85] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 9374CF984; Wed, 30 Apr 2014 17:03:07 -0400 (EDT)
Message-ID: <536164FF.6000908@fifthhorseman.net>
Date: Wed, 30 Apr 2014 17:02:55 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0
MIME-Version: 1.0
To: "Eggert, Lars" <lars@netapp.com>, Marcelo Bagnulo <marcelo@it.uc3m.es>
References: <536099A0.30900@it.uc3m.es> <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com>
In-Reply-To: <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="SMPsPEkAQ60mrSjltSnjgBK97lU1gBGB1"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/I87zpuDkWS5egtAabfDF3UYnhRY
Cc: "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 21:03:15 -0000

On 04/30/2014 04:20 AM, Eggert, Lars wrote:
> Is it desirable to have a model where you're vulnerable to MiM the first time you connect to a server, but not afterwards? (Like what SSH provides in terms of warning when the server key has changed?)

I'd call this trust-on-first-use (TOFU) or leap-of-faith (LoF).  I'm not
sure it's appropriate for TCP Inc as currently designed, because these
models have serious problems with re-keying events.  In particular, what
do we expect a TCP Inc client to do if a host's key changes?  If it
aborts the connection, then we've violated the "don't display state to
the normual user" approach.  If it falls back to cleartext, then we're
back to plain TCP, unprotected even against passive attackers.

Keys get compromised; hosts fail and need to be rebuilt; there are
legitimate reasons to re-key.  If TOFU or LoF deals poorly with those
circumstances, and we include TOFU/LoF in TCP Inc, it would make
thoughtful sysadmins wary of rolling out TCP Inc, out of fear of what it
would do for their reachability.

this isn't to say that a layer above TCP Inc couldn't do TOFU or LoF,
based on the authentication hooks provided by TCP Inc, of course,
assuming that the authentication hooks are built in a way to support
that behavior.  But i don't think it belongs in TCP Inc itself as
currently framed.

	--dkg

v2.23.0 | Report a Bug | By Email