Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 05 October 2015 16:25 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tzdist@ietfa.amsl.com
Delivered-To: tzdist@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26DB01A1ADF; Mon, 5 Oct 2015 09:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.711
X-Spam-Level:
X-Spam-Status: No, score=-3.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6QmBoee8Zdz; Mon, 5 Oct 2015 09:25:23 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 517651A1B5D; Mon, 5 Oct 2015 09:23:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1907DBDCB; Mon, 5 Oct 2015 17:23:29 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Xxlj3DhjqH4; Mon, 5 Oct 2015 17:23:27 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.26.211]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 34EC1BE49; Mon, 5 Oct 2015 17:23:26 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1444062207; bh=eL3whtK4qqeRTkiImbnYPOTDUSXrgvR5IEob+GZt2Mg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=qnzPpitiQqKpWjB4QOGcJepAPZ8RTNb9PRQPXCCK6xfWCSOllsFuFnS0R28RZZD+K tLIKZlViTku1vYyTp2G+hGW2uuZgAZUGKer267Gl4mt2EsHXxsMpmTwJFwDBZQ3aV/ NUmPp/OWahYTDfx5pGQIxZUclhp0c/hPF2gdgOGg=
To: Cyrus Daboo <cyrus@daboo.name>, The IESG <iesg@ietf.org>
References: <20150930135935.9433.76218.idtracker@ietfa.amsl.com> <31C472AFF9FCDED2E9D8A031@cyrus.local>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Enigmail-Draft-Status: N1110
Message-ID: <5612A3FD.5060206@cs.tcd.ie>
Date: Mon, 05 Oct 2015 17:23:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <31C472AFF9FCDED2E9D8A031@cyrus.local>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tzdist/guGBkXcoiaJ3SEPyi2YLsJOm9E8>
Cc: tzdist@ietf.org, draft-ietf-tzdist-caldav-timezone-ref.shepherd@ietf.org, draft-ietf-tzdist-caldav-timezone-ref@ietf.org, draft-ietf-tzdist-caldav-timezone-ref.ad@ietf.org, tzdist-chairs@ietf.org
Subject: Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)
X-BeenThere: tzdist@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <tzdist.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tzdist>, <mailto:tzdist-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tzdist/>
List-Post: <mailto:tzdist@ietf.org>
List-Help: <mailto:tzdist-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tzdist>, <mailto:tzdist-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 16:25:27 -0000
Hiya, All below is good, couple of notes below but no pressing need to follow up further - handling it as you suggest is good. On 05/10/15 16:52, Cyrus Daboo wrote: > Hi Stephen, > > --On September 30, 2015 at 6:59:35 AM -0700 Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: > >> - 3.1.2: The tzdist protocol says clients SHOULD use TLS. A >> question then is ought servers here (be able to) include trust >> point information for tzdist for the service in question when >> they tell a client to use a particular tzdist service? > > As in the CalDAV server includes some certificate information about the > tzdist servers it connects to, so the clients can verify they see the > same details when they connect? I think that is probably going a step > too far given all the usual requirements to verify the tzdist service > certs. Fair enough. It wouldn't be what's usually done, true. It might be better though if (in general) we moved from naming via DNS to naming via DNS+some keying material. But that'd probably be better done when more major changes are being made. > >> - Given the three points below, maybe it is worth specifying >> some 'background' kind of traffic to be sent between client and >> tzdist services? What do you think? I note you didn't answer here, but that's ok. A separate spec (e.g. "privacy friendly guidelines for developing caldav clients") could be developed for that (or for caldav in general) at some other time I guess. >> >> - section 4, point 5: that seems onerous - is a client supposed >> to retrieve all known timezones from all servers? What if/when >> those change? > > The client definitely needs to retrive the full time zone data for any > time zones it is using in calendar data - there is no way around that. > Beyond that they are really not required to retrive all time zone data. > For those time zones they do retrive, they do need to keep those up to > date by following suggestions in the tzdist protocol spec. > >> - section 8: missing privacy issue: if I create an event using a >> weird TZ and can see who accesses the tzdist service, then I can >> find out who is subscribed to some calendars maybe. Worth >> noting? I don't see what can be done about it, except maybe to >> ask clients to occasionally make a random query to the tzdist >> service just to confuse matters, but that'd also have downsides >> if not done well. > > I will add a new Privacy Considerations section that references the > tzdist protocol privacy section (which is very comprehensive): > > 9. Privacy Considerations > > The privacy recommendations in Section 9 of the Time Zone Data > Distribution Service [I-D.ietf-tzdist-service] specification SHOULD > be used to ensure that details of clients' interactions with CalDAV > servers are not exposed to potential network observers. That's good but I do think there's a new twist here. The 9th bullet in that reference does talk about a fake TZ for tracking but only says a server could do that. With this spec, I think we're extending the issue to anyone who can create an event (if a server supports an unknown TZ or if we just use a lesser used TZ). If I'm right there, then I'd argue to maybe recognise that here, e.g. by adding something like "This specification extends the potential privacy issues discussed in [service] to anyone who can create a calendar event e.g. with a fake or lesser-used TZ." > >> - section 8: missing security issue: if a lot of clients are >> fetching this information from a tzdist server, then that >> becomes an interesting thing to attack as the consequences could >> be significant. Maybe worth noting just to encourage folks to >> (document their code so as to get others to) think about this >> when deploying. > > I can add the following as a new paragraph in the security considerations: > > This specifications adds Time Zone Data Distribution Service > [I-D.ietf-tzdist-service] servers into the overall calendaring and > scheduling client/server architecture, as a critical component, and > thus adds a new vector of attack against such systems. As such, > administrators of CalDAV servers SHOULD ensure that any advertised > time zone distribution servers are protected by a level of security > commensurate with all the other components in the system. Nice. Cheers, S. > >
- [Tzdist] Stephen Farrell's No Objection on draft-… Stephen Farrell
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Cyrus Daboo
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Stephen Farrell
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Cyrus Daboo
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Cyrus Daboo
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Stephen Farrell
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Barry Leiba
- Re: [Tzdist] Stephen Farrell's No Objection on dr… Cyrus Daboo