IETF Logo Mail Archive

Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 05 October 2015 16:25 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tzdist@ietfa.amsl.com
Delivered-To: tzdist@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26DB01A1ADF; Mon, 5 Oct 2015 09:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.711
X-Spam-Level:
X-Spam-Status: No, score=-3.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6QmBoee8Zdz; Mon, 5 Oct 2015 09:25:23 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 517651A1B5D; Mon, 5 Oct 2015 09:23:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1907DBDCB; Mon, 5 Oct 2015 17:23:29 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Xxlj3DhjqH4; Mon, 5 Oct 2015 17:23:27 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.26.211]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 34EC1BE49; Mon, 5 Oct 2015 17:23:26 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1444062207; bh=eL3whtK4qqeRTkiImbnYPOTDUSXrgvR5IEob+GZt2Mg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=qnzPpitiQqKpWjB4QOGcJepAPZ8RTNb9PRQPXCCK6xfWCSOllsFuFnS0R28RZZD+K tLIKZlViTku1vYyTp2G+hGW2uuZgAZUGKer267Gl4mt2EsHXxsMpmTwJFwDBZQ3aV/ NUmPp/OWahYTDfx5pGQIxZUclhp0c/hPF2gdgOGg=
To: Cyrus Daboo <cyrus@daboo.name>, The IESG <iesg@ietf.org>
References: <20150930135935.9433.76218.idtracker@ietfa.amsl.com> <31C472AFF9FCDED2E9D8A031@cyrus.local>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Enigmail-Draft-Status: N1110
Message-ID: <5612A3FD.5060206@cs.tcd.ie>
Date: Mon, 05 Oct 2015 17:23:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <31C472AFF9FCDED2E9D8A031@cyrus.local>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tzdist/guGBkXcoiaJ3SEPyi2YLsJOm9E8>
Cc: tzdist@ietf.org, draft-ietf-tzdist-caldav-timezone-ref.shepherd@ietf.org, draft-ietf-tzdist-caldav-timezone-ref@ietf.org, draft-ietf-tzdist-caldav-timezone-ref.ad@ietf.org, tzdist-chairs@ietf.org
Subject: Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)
X-BeenThere: tzdist@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <tzdist.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tzdist>, <mailto:tzdist-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tzdist/>
List-Post: <mailto:tzdist@ietf.org>
List-Help: <mailto:tzdist-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tzdist>, <mailto:tzdist-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 16:25:27 -0000

Hiya,

All below is good, couple of notes below but no pressing need to
follow up further - handling it as you suggest is good.

On 05/10/15 16:52, Cyrus Daboo wrote:
> Hi Stephen,
> 
> --On September 30, 2015 at 6:59:35 AM -0700 Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
> 
>> - 3.1.2: The tzdist protocol says clients SHOULD use TLS. A
>> question then is ought servers here (be able to) include trust
>> point information for tzdist for the service in question when
>> they tell a client to use a particular tzdist service?
> 
> As in the CalDAV server includes some certificate information about the
> tzdist servers it connects to, so the clients can verify they see the
> same details when they connect? I think that is probably going a step
> too far given all the usual requirements to verify the tzdist service
> certs.

Fair enough. It wouldn't be what's usually done, true. It might be
better though if (in general) we moved from naming via DNS to naming
via DNS+some keying material. But that'd probably be better done
when more major changes are being made.

> 
>> - Given the three points below, maybe it is worth specifying
>> some 'background' kind of traffic to be sent between client and
>> tzdist services? What do you think?

I note you didn't answer here, but that's ok. A separate spec
(e.g. "privacy friendly guidelines for developing caldav clients")
could be developed for that (or for caldav in general) at some
other time I guess.

>>
>> - section 4, point 5: that seems onerous - is a client supposed
>> to retrieve all known timezones from all servers?  What if/when
>> those change?
> 
> The client definitely needs to retrive the full time zone data for any
> time zones it is using in calendar data - there is no way around that.
> Beyond that they are really not required to retrive all time zone data.
> For those time zones they do retrive, they do need to keep those up to
> date by following suggestions in the tzdist protocol spec.
> 
>> - section 8: missing privacy issue: if I create an event using a
>> weird TZ and can see who accesses the tzdist service, then I can
>> find out who is subscribed to some calendars maybe. Worth
>> noting? I don't see what can be done about it, except maybe to
>> ask clients to occasionally make a random query to the tzdist
>> service just to confuse matters, but that'd also have downsides
>> if not done well.
> 
> I will add a new Privacy Considerations section that references the
> tzdist protocol privacy section (which is very comprehensive):
> 
> 9.  Privacy Considerations
> 
>   The privacy recommendations in Section 9 of the Time Zone Data
>   Distribution Service [I-D.ietf-tzdist-service] specification SHOULD
>   be used to ensure that details of clients' interactions with CalDAV
>   servers are not exposed to potential network observers.

That's good but I do think there's a new twist here. The 9th
bullet in that reference does talk about a fake TZ for tracking
but only says a server could do that. With this spec, I think
we're extending the issue to anyone who can create an event
(if a server supports an unknown TZ or if we just use a lesser
used TZ). If I'm right there, then I'd argue to maybe recognise
that here, e.g. by adding something like "This specification
extends the potential privacy issues discussed in [service]
to anyone who can create a calendar event e.g. with a fake or
lesser-used TZ."

> 
>> - section 8: missing security issue: if a lot of clients are
>> fetching this information from a tzdist server, then that
>> becomes an interesting thing to attack as the consequences could
>> be significant. Maybe worth noting just to encourage folks to
>> (document their code so as to get others to) think about this
>> when deploying.
> 
> I can add the following as a new paragraph in the security considerations:
> 
>   This specifications adds Time Zone Data Distribution Service
>   [I-D.ietf-tzdist-service] servers into the overall calendaring and
>   scheduling client/server architecture, as a critical component, and
>   thus adds a new vector of attack against such systems.  As such,
>   administrators of CalDAV servers SHOULD ensure that any advertised
>   time zone distribution servers are protected by a level of security
>   commensurate with all the other components in the system.

Nice.

Cheers,
S.


> 
>

v2.23.0 | Report a Bug | By Email