Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

Tero Kivinen <kivinen@iki.fi> Mon, 13 November 2017 11:48 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9DD2127333; Mon, 13 Nov 2017 03:48:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BBsXdLmO0gob; Mon, 13 Nov 2017 03:48:46 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4B48124BFA; Mon, 13 Nov 2017 03:48:45 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id vADBlrf3027198 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 13 Nov 2017 13:47:56 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id vADBlkIE003143; Mon, 13 Nov 2017 13:47:46 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23049.34402.690826.271705@fireball.acr.fi>
Date: Mon, 13 Nov 2017 13:47:46 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: David Mazieres expires 2018-02-10 PST <mazieres-efwdaehigee67mibbkuh9en4yw@temporary-address.scs.stanford.edu>
Cc: "Black\, David" <David.Black@dell.com>, Eric Rescorla <ekr@rtfm.com>, "tcpinc\@ietf.org" <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, "tcpinc-chairs\@ietf.org" <tcpinc-chairs@ietf.org>, "Mirja Kuehlewind \(IETF\)" <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, "draft-ietf-tcpinc-tcpeno\@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
In-Reply-To: <877euu7hy0.fsf@ta.scs.stanford.edu>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 13 min
X-Total-Time: 13 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/NP99N4EGkgPDYpuHnkMoTe_0Yqk>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 11:48:47 -0000

David Mazieres writes:
>    o  TEPs MUST NOT permit the use of encryption algorithms with a
>       security strength [SP800-57part1] of less than 120 bits.  The
>       intent of this requirement is to allow the use of algorithms such
>       as AES-128 [AES] that are designed for 128-bit security and still
>       widely considered secure even after losing a few bits of security
>       to highly theoretical attacks.

Just side comment about all this MUST / MUST NOT discussion. Remember
that there is going to be customer coming to you at one point and
asking you to show the line numbers which implements each MUST and
MUST NOT in the code, as their auditor required that information
before they allow product to be certified. Then you will curse all
those people who wrote the document and added all kind of MUSTs and
MUST NOTs to which cannot be verified.

I think both cases here are something that only limit the future IESG
or TEPs, and does not really need upper case MUST, and also mostly are
not even implementation or protocol issues but policy issues. And I
myself would recommend writing them in non-conformant manner just to
make implementors life easier.

And yes, I did get request from support asking me to provide line
numbers which implement the RFC7296 text saying "field X MUST NOT be
zero", so they can pass them to customers who is going to pass it to
audit lab... My original answer was "all of the lines", but I think
support converted it to more suitable answer.
-- 
kivinen@iki.fi