review of draft-ietf-dnsext-dnssec-gost-05

From lisa.dusseault@gmail.com Thu Dec 31 07:55:08 2009 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 961FA3A6A1A; Thu, 31 Dec 2009 07:55:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.507 X-Spam-Level: X-Spam-Status: No, score=-2.507 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3t9039gi4ry; Thu, 31 Dec 2009 07:55:08 -0800 (PST) Received: from mail-vw0-f193.google.com (mail-vw0-f193.google.com [209.85.212.193]) by core3.amsl.com (Postfix) with ESMTP id BFF7E3A68C2; Thu, 31 Dec 2009 07:55:07 -0800 (PST) Received: by vws31 with SMTP id 31so4281828vws.29 for ; Thu, 31 Dec 2009 07:54:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9ptoqeXQNvxnjQSc6hRewaBlOkQAY5+c6EmedZhlk8A=; b=l31bfLCEzosTaSufPias9n82PA0mg+aD7GOEX5HztQ/yz39FAWe6Wlo3iYOeX4lC5I +lG1UY+JDiGdIvEHvI4v5T92tr558+tVYyiJaoOfiElozHVGdGRnMVEx1PfF9nVSzKp5 ruYHZId311s/TRVQU0ec+yovple8KwhCPWDPQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=s0YSmgDzTmTyteGvH7LSlpdUZCwDDopXQ5w6NKqf33dmpTiZUN8jI6VtdOyOeaTKmU lZQPfyoS5TRiL8lEc1qQdB++4/5JUciA+26JVqyWo0GALH0uYFmq22QmSwi3c1gofFbA AK6iktXHXL8usLiiFYLn4jUaM0vfF9C5G6F+E= MIME-Version: 1.0 Received: by 10.220.65.200 with SMTP id k8mr1407161vci.56.1262274884504; Thu, 31 Dec 2009 07:54:44 -0800 (PST) In-Reply-To: References: Date: Thu, 31 Dec 2009 07:54:44 -0800 Message-ID: From: Lisa Dusseault To: Chris Lonvick Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sat, 02 Jan 2010 19:21:49 -0800 Cc: victoriano@uma.es, r.mcduff@uq.edu.au, secdir-secretary@mit.edu, iesg@ietf.org, secdir@ietf.org Subject: Re: [secdir] SECDIR review of draft-giralt-schac-ns X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2009 15:55:08 -0000 On Wed, Dec 30, 2009 at 8:33 PM, Chris Lonvick wrote: > Hi, ... > First off, can we get the status of the document straightened out? =A0The > document says that it's STANDARDS TRACK but idtracker says that it's > INFORMATIONAL. I believe it should be Informational. Victoriano, was this a glitch in producing version 02 of the document? Thanks, Lisa From abegen@cisco.com Thu Dec 31 13:50:53 2009 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 204FA3A6829; Thu, 31 Dec 2009 13:50:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.307 X-Spam-Level: X-Spam-Status: No, score=-8.307 tagged_above=-999 required=5 tests=[AWL=2.292, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KeAYbeGRcvW; Thu, 31 Dec 2009 13:50:52 -0800 (PST) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 579573A67B6; Thu, 31 Dec 2009 13:50:52 -0800 (PST) Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApwEABqrPEurRN+J/2dsb2JhbACDaJY1pXqHAI0tgS2CLlYE X-IronPort-AV: E=Sophos;i="4.47,483,1257120000"; d="scan'208";a="126922771" Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-5.cisco.com with ESMTP; 31 Dec 2009 21:50:31 +0000 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id nBVLoVd4022320; Thu, 31 Dec 2009 21:50:31 GMT Received: from xmb-sjc-215.amer.cisco.com ([171.70.151.169]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 31 Dec 2009 13:50:31 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Date: Thu, 31 Dec 2009 13:50:33 -0800 Message-ID: <04CAD96D4C5A3D48B1919248A8FE0D540AEEF9F6@xmb-sjc-215.amer.cisco.com> In-Reply-To: <1262286190.65839253@192.168.2.230> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: secdir review of draft-ietf-fecframe-dvb-al-fec Thread-Index: AcqKS+ZAvjIymBIfTya5iawFIl1ZHgAFtwgA References: <1262286190.65839253@192.168.2.230> From: "Ali C. Begen (abegen)" To: , , , , X-OriginalArrivalTime: 31 Dec 2009 21:50:31.0886 (UTC) FILETIME=[4645DEE0:01CA8A63] X-Mailman-Approved-At: Sat, 02 Jan 2010 19:21:49 -0800 Subject: Re: [secdir] secdir review of draft-ietf-fecframe-dvb-al-fec X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2009 21:50:53 -0000 SGkgU2NvdHQsDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogc2NvdHRA aHlwZXJ0aG91Z2h0LmNvbSBbbWFpbHRvOnNjb3R0QGh5cGVydGhvdWdodC5jb21dDQo+IFNlbnQ6 IFRodXJzZGF5LCBEZWNlbWJlciAzMSwgMjAwOSAyOjAzIFBNDQo+IFRvOiBpZXNnQGlldGYub3Jn OyBzZWNkaXJAaWV0Zi5vcmc7IEFsaSBDLiBCZWdlbiAoYWJlZ2VuKTsgc3RvY2toYW1tZXJAbm9t b3IuZGU7IGZlY2ZyYW1lLQ0KPiBjaGFpcnNAdG9vbHMuaWV0Zi5vcmcNCj4gU3ViamVjdDogc2Vj ZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWZlY2ZyYW1lLWR2Yi1hbC1mZWMNCj4gDQo+IEkgaGF2 ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9y YXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8NCj4gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWlu ZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJlIHdyaXR0ZW4NCj4g cHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYSBkaXJlY3RvcnMu ICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMNCj4gc2hvdWxkIHRyZWF0IHRoZXNlIGNv bW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpUaGFua3Mg Zm9yIHRoZSByZXZpZXcuDQogDQo+IFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGltcGxlbWVudGF0 aW9uIG9mIGEgZm9yd2FyZCBlcnJvciBjb3JyZWN0aW9uIHByb3RvY29sIG92ZXIgUlRQDQo+IHVz aW5nIGFscmVhZHktZGVmaW5lZCBwcm90b2NvbCBlbGVtZW50cy4gVGhlIHByb3RvY29sIHdhcyBv cmlnaW5hbGx5IGRlZmluZWQgYnkgYW4gRVRTSQ0KPiBncm91cC4NCj4gDQo+IFRoZSBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uIHNheXMsICJUaGlzIHNwZWNpZmljYXRpb24gYWRkcyBu byBuZXcgc2VjdXJpdHkNCj4gY29uc2lkZXJhdGlvbnMgdG8gdGhlIERWQi1JUFRWIEFMLUZFQyBw cm90b2NvbCIsIHdoaWNoIEkgdGFrZSB0byBtZWFuIHRoYXQgdGhlIGF1dGhvcnMgc2VlDQo+IG5v IHdheSBpbiB3aGljaCB0aGUgcHJvcG9zZWQgYXBwcm9hY2ggY2hhbmdlcyB0aGUgc2VjdXJpdHkg cHJvcGVydGllcyBvZiB0aGUgb3JpZ2luYWwgRVRTSQ0KPiBzcGVjaWZpY2F0aW9uLiBTaW5jZSB0 aGUgcHJvdG9jb2wgZG9lc24ndCBzZWVtIHRvIGltcGxlbWVudCBhbnkgc2VjdXJpdHkgZmVhdHVy ZXMsIEkgZ3Vlc3MNCj4gdGhpcyBpcyBwcm9iYWJseSBjb3JyZWN0LiBTdGlsbCwgaXQgbWlnaHQg YmUgYmV0dGVyIHRvIGFkZCBzb21lIGFkZGl0aW9uYWwgY29tbWVudGFyeSBzdWNoDQo+IGFzIHdo YXQgaXMgZm91bmQgaW4gdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24gb2YgZHJh ZnQtaWV0Zi1mZWNmcmFtZS0NCj4gaW50ZXJsZWF2ZWQtZmVjLXNjaGVtZS0wNy50eHQgKG9yLCBw ZXJoYXBzIHBvaW50IHRvIHRoYXQgYW5kIHRoZSBmcmFtZXdvcmsgZG9jKS4NCg0KV2UgY2FuIGRv IHRoaXMuIEknZCBwcm9iYWJseSBwcmVmZXIgdG8gZG8gdGhpcyBtaW5vciBhZGRpdGlvbiBhZnRl ciBhbGwgSUVTRyBjb21tZW50cyBhcmUgcmVjZWl2ZWQuDQogDQo+IExhY2tpbmcgbXVjaCBuZWNl c3NhcnkgYmFja2dyb3VuZCBpbiB0aGlzIGFyZWEsIEkgZG9uJ3QgZmVlbCBxdWFsaWZpZWQgdG8g ZnVsbHkgZXZhbHVhdGUNCj4gdGhpcyBkb2N1bWVudC4gV2l0aCB0aGF0IGRlZmljaWVuY3kgbm90 ZWQsIHRoZSBvbmx5IHBvc3NpYmxlIHJlZCBmbGFnIEkgc2F3IGlzIHRoYXQgdGhlDQo+IEZFQyBw cm90b2NvbCByZXF1aXJlcyB0aGF0IHRoZSBTU1JDIGZpZWxkcyBvZiB0aGUgRkVDIGZyYW1lcyBi ZSBzZXQgdG8gMCwgd2hpbGUgU1JUUA0KPiByZXF1aXJlcyB1bmlxdWUgU1NSQyB2YWx1ZXMgZm9y IHNlY3VyaXR5IHJlYXNvbnMuIFdpdGggbXkgdmVyeSBsaW1pdGVkIGJhY2tncm91bmQsIEkgY2Fu J3QNCj4gYmUgc3VyZSBpZiB0aGVyZSBpcyBhbiBpbXBvcnRhbnQgc2VjdXJpdHkgaW50ZXJhY3Rp b24gaGVyZSBvciBub3QsIGJ1dCBpdCBzZWVtcyB3b3J0aA0KPiBhc2tpbmcgYWJvdXQuDQoNCkFn cmVlLCBob3dldmVyLCB0aGF0IGlzIG9uZSBvZiB0aGUgaXNzdWVzIEVUU0kvRFZCIHdhcyBub3Qg YWJsZSB0byBjaGFuZ2UgZHVlIHRvIGV4aXN0aW5nIGltcGxlbWVudGF0aW9ucyBpbiB0aGUgZmll bGQuIGRyYWZ0LWlldGYtZmVjZnJhbWUtaW50ZXJsZWF2ZWQtZmVjLXNjaGVtZSBkb2VzIG5vdCBo YXZlIHRoaXMgYnVnLCBidXQgdGhlIGFsLWZlYyBkcmFmdCBuZWVkcyB0byBzYXkgd2hhdCB0aGUg RVRTSSBzcGVjIGN1cnJlbnRseSByZXF1aXJlcy4NCg0KQ2hlZXJzIGFuZCBoYXBweSBuZXcgeWVh ci4NCi1hY2JlZ2VuDQoNCiANCj4gLS1TY290dA0KPiANCg0K From ekr@networkresonance.com Tue Jan 5 08:55:38 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AD0228C15A; Tue, 5 Jan 2010 08:55:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.318 X-Spam-Level: * X-Spam-Status: No, score=1.318 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXcefa2hlKeu; Tue, 5 Jan 2010 08:55:37 -0800 (PST) Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 6138128C144; Tue, 5 Jan 2010 08:55:36 -0800 (PST) Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id 9DE066CBAC8; Tue, 5 Jan 2010 08:57:42 -0800 (PST) Date: Tue, 05 Jan 2010 08:57:41 -0800 From: Eric Rescorla To: Julian Reschke In-Reply-To: <4B40E063.7070605@greenbytes.de> References: <20100102230208.8346F6CB202@kilo.networkresonance.com> <4B40E063.7070605@greenbytes.de> User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Message-Id: <20100105165742.9DE066CBAC8@kilo.networkresonance.com> Cc: iesg@ietf.org, draft-brown-versioning-link-relations@tools.ietf.org, secdir@ietf.org Subject: Re: [secdir] Review of draft-brown-versioning-link-relations-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jan 2010 16:55:38 -0000 At Sun, 03 Jan 2010 19:22:27 +0100, Julian Reschke wrote: > > Eric Rescorla wrote: > > This document describes a set of link relations which provide > > information about other versions of a versioned resource. > > > > In general this mechanism seems sound but I'm not sure that > > the security considerations are entirely adequate. This > > mechanism lets you learn information about other versions > > of a resource even if you potentially don't have permission > > to view them directly. Consider a limiting case where each > > version of the resource had a name that contained the > > change set for that resource. E.g., > > > > http://example.com/versions/filename/_@line_50_+_FOO;@line_60_+_BAR/; > > > > In this case, seeing other parts of the version tree leaks > > information about those versions. I don't think that this > > is a problem for the draft, but it might be useful to > > mention that this feature has implications for name > > construction. > > Yes, we can mention that. > > But, isn't this a general problem with exposing meta data in link > relations? Yes, probably. > As such, shouldn't it have been mentioned in RFC 4287, and > should it also be mentioned in draft-nottingham-http-link-header? Probably... I just didn't read these. :) I only did this one as part of secdir review. -Ekr From mundy@tislabs.com Tue Jan 5 23:15:33 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 126C43A680C; Tue, 5 Jan 2010 23:15:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZ--edytJ45N; Tue, 5 Jan 2010 23:15:32 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id 7CED63A659A; Tue, 5 Jan 2010 23:15:31 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id o067FSIB014053; Wed, 6 Jan 2010 01:15:28 -0600 Received: from worf.ads.sparta.com (worf.sparta.com [157.185.61.21]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id o067FSom026101; Wed, 6 Jan 2010 01:15:28 -0600 Received: from calvin.home.tislabs.com ([69.250.64.147]) by worf.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Jan 2010 01:15:27 -0600 Received: from calvin.home.tislabs.com (localhost [127.0.0.1]) by calvin.home.tislabs.com (Postfix) with ESMTP id 21C5B17B380F; Wed, 6 Jan 2010 02:15:53 -0500 (EST) To: iesg@ietf.org, secdir@ietf.org, jari.arkko@piuha.net, yoshihiro.ohba@toshiba.co.jp, alper.yegin@yegin.org From: Russ Mundy Date: Wed, 06 Jan 2010 02:15:53 -0500 Sender: mundy@tislabs.com Message-Id: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> X-OriginalArrivalTime: 06 Jan 2010 07:15:28.0420 (UTC) FILETIME=[063F3E40:01CA8EA0] Cc: mundy@sparta.com Subject: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 07:15:33 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. * There are some sections where additional information would make the document more clear and complete: ** Section 1. I suggest including Figure 1 from RFC5193 between the first and second paragraphs of this section to illustrate the relationship of the components being described. (Although a reference to the figure might be sufficient, 5193 is Informational so including the diagram would avoid a potentially normative reference.) ** Section 2.4 defines the lifetime of the PEMK with respect to the MSK. I believe this means the lifetime of the exact MSK from which the particular PEMK is derived. If this is the intent, I suggest adding the following to the end of the current sentence: "from which it is derived." ** Since the PEMK does have a specified lifetime, it seems as though there should be some information provided about what occurs at the end of that lifetime. If this information is in other related specifications then these should be referenced. ** Similarly, since the PEMK is defined to be a pre-shared key, providing information (or reference(s)) to what protocols are required to put the PEMK in place would make the specification more clear (is the EAP security mechanism required to provide for this?). * Some terminology does not seem consistent with other referenced specifications: ** Although the Master Session Key (MSK) provides the basis for the PEMK, there is no definition of MSK in this specification and the terminology sections of RFCs referenced in the introduction (RFC3748 and RFC5191) have different definitions for MSK in their terminology sections. ** Making Use of more terminology from RFC5191 would make it easier to relate this specification to related RFCs. For instance, use of "PANA Session", "Session Lifetime" and "PANA Security Association (PANA SA)" in Sections 2.2, 2.3 & 2.4 might make the sections more clear. It also appears that the Key Name of PEMK (section 2.1) should have some relationship to a "PANA Session" or "Session Identifier" but it's not clear if or what relationship is intended. The specification should state the relationship (or absence of a relationship) or implementers will make different (probably incompatible) choices in their implementations. ** To make the scope more clear, I would suggest changing the first sentence of section 2.2 to read: "One PEMK is used between one PaC and one EP." I would suggest adding a terminology section to this specification that referenced the terminology sections of RFC3748 and RFC5191 since they are both standards track documents. Regards, Russ Mundy From Hannes.Tschofenig@gmx.net Wed Jan 6 03:44:50 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CE2528B23E for ; Wed, 6 Jan 2010 03:44:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jd48087thP7p for ; Wed, 6 Jan 2010 03:44:49 -0800 (PST) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 93DA23A68C8 for ; Wed, 6 Jan 2010 03:44:48 -0800 (PST) Received: (qmail invoked by alias); 06 Jan 2010 11:44:45 -0000 Received: from a88-115-222-204.elisa-laajakaista.fi (EHLO 4FIL42860) [88.115.222.204] by mail.gmx.net (mp008) with SMTP; 06 Jan 2010 12:44:45 +0100 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/IpbFWMNHIFVvAmrypD8niX71y8gQtTve4clZrCK Bgcq3ytA1WScsn From: "Hannes Tschofenig" To: Date: Wed, 6 Jan 2010 13:48:37 +0200 Message-ID: <005e01ca8ec6$3019dab0$02ffa8c0@nsnintra.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcqOxi6lIVdjFXjoRN6XhquwvXhi9w== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350 X-Y-GMX-Trusted: 0 X-FuHaFi: 0.57 Cc: y.ikejiri@ntt.com, jeanlouis.leroux@orange-ftgroup.com, jpv@cisco.com Subject: [secdir] Secdir review of draft-ietf-pce-monitoring-07.txt X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 11:44:50 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. =C2 These comments were written primarily for the benefit of the security area directors. =C2 Document editors and WG chairs should treat these comments just like any other last call comments. What does the document do?=20 My understanding is that the document defines some payloads for = obtaining information about control plane elements (namely about Path = Computational Elements). The obtained information includes 'Liveness', 'Processing = Time', and 'Overload'. The document does not describe mechanisms for obtaining information about the data plane elements, as far as I can tell.=20 Collecting information about control plane elements is not uncommon (although other approaches are typically used, such as SNMP MIBs).=20 There is often a different philosophy when it comes to writing a specification. Some people believe that it is sufficient to just define = the packet on the wire (and a minimum of message processing rules) and then there are folks who are more interested in defining the behavior and algorithms. Here the former approach was selected and there might be = some problems with doing that (see comments below).=20 (Minor note: A figure or an example would have really helped me to understand this document.) -- Technical Issues=20 The Monitoring-id-number is described as:=20 " Monitoring-id-number (32 bits): The monitoring-id-number value combined with the PCEP-ID of the PCC identifies the monitoring request context. The monitoring-id-number MUST start at a non-zero value and MUST be incremented each time a new monitoring request is sent to a PCE. Each increment SHOULD have a value of 1 and may cause a wrap back to zero. If no reply to a monitoring request is received from the PCE, and the PCC wishes to resend its path computation monitoring request, the same monitoring-id-number MUST be used. Conversely, a different monitoring-id-number MUST be used for different requests sent to a PCE. The path computation monitoring reply is unambiguously identified by the monitoring-id-number and the PCEP-ID of the replying PCE. A PCEP implementation SHOULD checkpoint the Monitoring-id-number of pending monitoring requests in case of restart thus avoiding the re-use of a Monitoring-id-number of an in- process monitoring request. " I understand that a sender may want to match requests against responses = even if the responses alone should provide already sufficient information so = that the matching to the request becomes irrelevant.=20 But what is the reason to demand a specific way to increment the Monitoring-id-number? The sender only needs to avoid sending a request = with the same monitor-id-# already used in an previously sent request where = the response is still pending. Why would someone want to re-send the request with the same number again? Wouldn't this be largely irrelevant?=20 >From the PROTO writeup I can read that there are three independent implementations.=20 When I read through the Section 4.1 about the MONITORING object and the flags that are defined I have some doubts how they can interwork. Just = to give you an example. I (PCE element of domain A) send a request for monitoring and, for example, set the flag "General". This flag is = defined in the document as:=20 " G (General) - 1 bit: when set, this indicates that the monitoring request is a general monitoring request. When the requested performance metric is specific, the G bit MUST be cleared. The G bit MUST always be ignored in a PCMonRep or PCRep message. " So, another PCE element in domain B is now receiving this request and is supposed to include something in the reply message a little later. So, = what would this be? Where does an implementer find a precise description of = what has to be done to fullfill this request?=20 The same is true for the other flags as well. Another example: = "Processing Time" ... is set to indicate that the processing times is a metric of interest. Section 4.3 provides a bit = more details but stops more or less when it comes to the real meat with = something like " out of the scope of this document".=20 =20 I am not sure how to get meaningful measurement results at different PCE elements (potentially provided by different vendors). What conclusions = could I then draw from the information that comes back with the response = message? =20 The same is true for the OVERLOAD Object.=20 So, while the authors (and the group) may believe that they have indeed developed a standard it will not lead to interoperability without a = number of other things happening. I would at least appreciate a discussion in = the document (maybe related to operational considerations) that the values = are only meaningful if the entities operating the PCEs have a way to agree = on the same mechanism to perform the value calculation. Typically, this = will not easily work in a multi-vendor fashion. So, I believe that the = authors might have had another document in mind in the future that actually = provides the algorithms. This would then raise the question of the usefulness of = the flags if the calculation of the values are done in many differents. = Example. I could imagine that the overload being calculated in, for example, 5 different ways. Vendor A supports only 2 and vendor B supports 4 = different algorithms but there is only one flag to indicate "overload".=20 -- Specification Writing Style Below I list two examples where I had hoped for a stricter style: " 4.1. MONITORING Object The MONITORING object MUST be present within PCMonReq and PCMonRep messages ("out of band" monitoring requests) and MAY be carried within PCRep and PCReq messages ("in band" monitoring requests). There SHOULD NOT be more than one instance of the MONITORING object in a PCMonReq or PCMonRep message: if more than one instance of the MONITORING object is present, the recipient MUST process the first instance and MUST ignore other instances. " Why couldn't you say that there MUST only be one instance of the = MONITORING=20 object in the message. Everything else is an error (and you already have = an error message for that). Done.=20 =20 " I (Incomplete) - 1 bit: If a PCE supports a received PCMonReq message and that message does not trigger any policy violation, but the PCE cannot provide any of the set of requested performance metrics for unspecified reasons, the PCE MUST set the I bit. The I bit has no meaning in a request and SHOULD be ignored on receipt. " If you say "SHOULD" in the last sentence then you have to say what = happens otherwise.=20 In this specific case I believe you would just put a MUST in there.=20 Additionally, the document defines multiple ways to accomplish the same effect on how monitoring takes place (In-band vs. out-of-band requests). = Is there some text that could be referenced to give some guides on when to = use what?=20 For some reason you decided to re-use the same object for the request = and the response. This typically leads to a more complex description because = the semantic of the object content is different in the two directions.=20 -- Operations & Management=20 How does the information being collected here related to other = mechanisms to potentially collect similar information? For example, network management systems might collect information already and two systems collect lead = to conflicting conclusions.=20 Wouldn't it be good to discuss how the monitoring requests are treated differently from any other request. Particularly for the overload = handling request this would be interesting. You don't want to the monitoring = starve because the request is stuck in the queues somewhere.=20 The document does not discuss what is actually being done with the = collected information. Obviously, there is a lot of potential for messing up the network.=20 -- Security=20 The description focuses on securing communication. With the scope of the document this seems to be fine. However, the real security problems will show up when an adversary is able to control one of the PCE elements and = is therefore able to impact larger parts of the network. On the other hand, adversaries could have a huge impact already without this specific = extension being defined. A PCE represents a single point of failure and a nice = target. -- IANA Considerations To help IANA it is always useful to state whether you enter new values = into an existing registry (and where that registry has initially been = defined) or whether you create a new registry (and what the policy is).=20 * The new PCEP messages are being added to an existing registry (one = that was created with [RFC5440]).=20 * The new PCEP objects are also added to an existing registry. Most = likely one that was also created by [RFC5440]. * The same is true for the new Error-Values. Sentences like "A registry = was created for the Error-type and Error-value of the PCEP Error Object." = are misleading.=20 * Then, you create a new registry for a few other items. You may want to reference http://tools.ietf.org/html/rfc5226. Are you sure that you = really want to put the bar so high for adding new entries to the registry, = namely "IETF review"? I would have said that "Specification Required" is more = than enough. You might also want to indicate whether bits can be re-assigned, = the semantic updated, etc. For example, assume that you revise the RFC to strengthen the description. Under what conditions would it be OK to just update the existing registry entries and under what conditions would you need new entries? Because of the encoding you have chosen you have some space constraints. You also say that "Each bit should be tracked with = the following qualities:". Why "should"? Just indicate what has to be = included in the registry. Additionally, I believe the second column isn't really = a description but rather a label.=20 -- Editorial s/section Section 4.1/Section 4.1 In general, always write "Section X" instead of "section X".=20 Capitalize headings. Example: s/Path Computation Monitoring = messages/Path Computation Monitoring Messages Ciao Hannes From julian.reschke@greenbytes.de Wed Jan 6 07:02:26 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 169C03A6879; Wed, 6 Jan 2010 07:02:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.249 X-Spam-Level: X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDjnh5EpxS3b; Wed, 6 Jan 2010 07:02:25 -0800 (PST) Received: from donbot.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by core3.amsl.com (Postfix) with ESMTP id 24E533A63C9; Wed, 6 Jan 2010 07:02:24 -0800 (PST) Received: from [192.168.1.105] (unknown [192.168.1.105]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by donbot.greenbytes.de (Postfix) with ESMTPSA id 7E4F3C4CA6C; Wed, 6 Jan 2010 16:02:22 +0100 (CET) Message-ID: <4B44A5F8.7010103@greenbytes.de> Date: Wed, 06 Jan 2010 16:02:16 +0100 From: Julian Reschke Organization: greenbytes GmbH User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666 MIME-Version: 1.0 To: Eric Rescorla References: <20100102230208.8346F6CB202@kilo.networkresonance.com> <4B40E063.7070605@greenbytes.de> <20100105165742.9DE066CBAC8@kilo.networkresonance.com> In-Reply-To: <20100105165742.9DE066CBAC8@kilo.networkresonance.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: draft-brown-versioning-link-relations@tools.ietf.org, iesg@ietf.org, secdir@ietf.org Subject: Re: [secdir] Review of draft-brown-versioning-link-relations-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 15:02:26 -0000 Hi Eric, for now I have added: "Care should be applied when versioned resources are subject to differing access policies. In this case, exposing links may leak information even if the linked resource itself is properly secured. In particular, the syntax of the link URI/IRI could expose sensitive information (see Section 16.2 of [RFC3253] for a similar consideration in WebDAV Versioning). Note that this applies to exposing link metadata in general, not only to links related to versioning." to the Secutiry Considerations (). Is this sufficient? Lisa: please let me know whether (and when) to submit a new draft (I'll assume post LC end sometimes last week?). Best regards, Julian Eric Rescorla wrote: > At Sun, 03 Jan 2010 19:22:27 +0100, > Julian Reschke wrote: >> Eric Rescorla wrote: >>> This document describes a set of link relations which provide >>> information about other versions of a versioned resource. >>> >>> In general this mechanism seems sound but I'm not sure that >>> the security considerations are entirely adequate. This >>> mechanism lets you learn information about other versions >>> of a resource even if you potentially don't have permission >>> to view them directly. Consider a limiting case where each >>> version of the resource had a name that contained the >>> change set for that resource. E.g., >>> >>> http://example.com/versions/filename/_@line_50_+_FOO;@line_60_+_BAR/; >>> >>> In this case, seeing other parts of the version tree leaks >>> information about those versions. I don't think that this >>> is a problem for the draft, but it might be useful to >>> mention that this feature has implications for name >>> construction. >> Yes, we can mention that. >> >> But, isn't this a general problem with exposing meta data in link >> relations? > > Yes, probably. > > >> As such, shouldn't it have been mentioned in RFC 4287, and >> should it also be mentioned in draft-nottingham-http-link-header? > > Probably... I just didn't read these. :) I only did this one as part > of secdir review. > > -Ekr > -- bytes GmbH, Hafenweg 16, D-48155 M�nster, Germany Amtsgericht M�nster: HRB5782 From new-work-bounces@ietf.org Wed Jan 6 11:52:30 2010 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE8F33A68F7; Wed, 6 Jan 2010 11:52:30 -0800 (PST) X-Original-To: new-work@ietf.org Delivered-To: new-work@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 30) id D796D28C131; Wed, 6 Jan 2010 11:52:28 -0800 (PST) From: IESG Secretary To: new-work@ietf.org Mime-Version: 1.0 Message-Id: <20100106195228.D796D28C131@core3.amsl.com> Date: Wed, 6 Jan 2010 11:52:28 -0800 (PST) X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: new-work-bounces@ietf.org Errors-To: new-work-bounces@ietf.org X-Mailman-Approved-At: Wed, 06 Jan 2010 12:16:48 -0800 Subject: [secdir] [New-work] WG Review: BiDirectional or Server-Initiated HTTP (hybi) X-BeenThere: secdir@ietf.org Reply-To: iesg@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 19:52:31 -0000 A new IETF working group has been proposed in the Applications Area. The IESG has not made any determination as yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by Wednesday, January 13, 2010. BiDirectional or Server-Initiated HTTP (hybi) -------------------------------------------------------- Last Modified: 2010-01-05 Current Status: Proposed Working Group Chairs: * TBD * TBD Applications Area Director(s): * Lisa Dusseault * Alexey Melnikov Applications Area Advisor: * Lisa Dusseault Mailing Lists: General Discussion: hybi@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/hybi Archive: http://www.ietf.org/mail-archive/web/hybi/current/maillist.html Description of Working Group: HTTP has most often been used as a request/response protocol, leading to clients polling for new data, or users hitting the refresh button in their browsers. Recent web applications are finding ways to communicate with web servers in realtime, pushing data from the server-side to the client as soon as it is available. However, these applications at present can only use a variety of HTTP mechanisms (e.g. long polling requests) to communicate with web servers bidirectionally. The Hypertext-Bidirectional (HyBi) working group will seek standardization of one approach to maintain bidirectional communications between the HTTP client, server and intermediate entities, which will provide more efficiency compared to the current use of hanging requests. A general approach is preferred, with abstract semantics that can apply to a large number of applications. The Web is the design space into which the solution will be deployed. Since the existing Web is much more complicated that it seems, the working group will document how it works first, with special attention to deployed infrastructure (e.g. web clients, intermediaries, firewalls, NATs, web servers) and programming environments. New features will be required of clients, servers, or intermediaries allowing a more scalable and robust end-to-end experience. Although multiple protocols exist as starting points, backward compatibility with these protocols is not a requirement. In particular, the working group has liaised with the W3C WebApps working group around the WebSockets protocol and the need to support the WebSocket API; as agreed by both parties, the HyBi working group will take on prime responsibility for the specification of the WebSockets protocol, taking into consideration all the requirements, needs and eventual concerns raised by the W3C WebApps working group. The draft-hixie-thewebsocketprotocol "The Web Socket protocol" is considered as the input document for the working group. Wide browser support is a goal for the bidirectional communication mechanism, however the solution should also be suitable for clients other than Web Browsers. The Working Group will work to standardize a generic solution that can work efficiently in as many of the deployed environments as possible and in particular in all the elements of the web infrastructure (e.g. web browser, generic HTTP client, HTTP server and HTTP-aware intermediaries like proxies, load balancers, caches, etc.) and it is not specific for just one. The Working Group should consider: * Implementer experience * Impact on existing implementations and deployments * Ability to achieve broad implementation * Ability to address broader use cases than those covered in the input document The Working Group will produce one or more documents suitable for consideration as Proposed Standard that will: * Define a characterization of the design space * Define a solution for the bidirectional web communication Goals and Milestones: --------------------- Apr 2010 - Submit a document as a working group item describing the Web Socket requirements (draft-hixie-thewebsocketprotocol will be used as a starting point for further work.) Apr 2010 - Submit 'The Web Socket protocol' as working group item (draft-hixie-thewebsocketprotocol will be used as a starting point for further work.) Jul 2010 - Start Working Group Last Call on the WebSocket requirements Jul 2010 - Submit a document as a working group item describing the Design Space characterization Sep 2010 - Submit the 'Web Socket requirements' to the IESG for consideration as an Informational document Nov 2010 - Start Working Group Last Call on the Design Space characterization Nov 2010 - Start of discussion about Web Socket extensions the group should work on Dec 2010 - Submit the 'Design Space characterization' to the IESG for consideration as an Informational document Mar 2011 - Start Working Group Last Call on 'The Web Socket protocol' Mar 2011 - Prepare milestone update to start new work within the scope of the charter Apr 2011 - Submit the 'The Web Socket protocol' to the IESG for consideration as a Proposed Standard May 2011 - Close or recharter _______________________________________________ New-work mailing list New-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From ekr@networkresonance.com Wed Jan 6 13:31:49 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BF993A6955; Wed, 6 Jan 2010 13:31:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.668 X-Spam-Level: X-Spam-Status: No, score=0.668 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTydAW-JAHYC; Wed, 6 Jan 2010 13:31:48 -0800 (PST) Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 3C2CF3A68C7; Wed, 6 Jan 2010 13:31:48 -0800 (PST) Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id 860CB6CC151; Wed, 6 Jan 2010 13:34:03 -0800 (PST) Date: Wed, 06 Jan 2010 13:34:03 -0800 From: Eric Rescorla To: Julian Reschke In-Reply-To: <4B44A5F8.7010103@greenbytes.de> References: <20100102230208.8346F6CB202@kilo.networkresonance.com> <4B40E063.7070605@greenbytes.de> <20100105165742.9DE066CBAC8@kilo.networkresonance.com> <4B44A5F8.7010103@greenbytes.de> User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Message-Id: <20100106213403.860CB6CC151@kilo.networkresonance.com> Cc: iesg@ietf.org, draft-brown-versioning-link-relations@tools.ietf.org, secdir@ietf.org Subject: Re: [secdir] Review of draft-brown-versioning-link-relations-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 21:31:49 -0000 This looks fine to me. -ekr From stefan@aaa-sec.com Thu Jan 7 03:19:39 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29D8E3A6816 for ; Thu, 7 Jan 2010 03:19:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.249 X-Spam-Level: X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t+TA-opAxDkO for ; Thu, 7 Jan 2010 03:19:38 -0800 (PST) Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id 1F5CC3A67B2 for ; Thu, 7 Jan 2010 03:19:37 -0800 (PST) Received: from s57.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id E017F2E80AD for ; Thu, 7 Jan 2010 12:19:37 +0100 (CET) Received: (qmail 86476 invoked from network); 7 Jan 2010 11:19:33 -0000 Received: from 213-64-142-247-no153.business.telia.com (HELO MacBookPro-6.local) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender ) by s57.loopia.se (qmail-ldap-1.03) with SMTP for ; 7 Jan 2010 11:19:33 -0000 Received: from [127.0.0.1] by MacBookPro-6.local (PGP Universal service); Thu, 07 Jan 2010 12:19:34 +0100 X-PGP-Universal: processed; by MacBookPro-6.local on Thu, 07 Jan 2010 12:19:34 +0100 User-Agent: Microsoft-Entourage/12.23.0.091001 Date: Thu, 07 Jan 2010 12:19:31 +0100 From: Stefan Santesson To: pat cain , , "Pope, Nick" Message-ID: Thread-Topic: [secdir] Security Review of draft-ietf-pkix-rfc3161-update-09.txt Thread-Index: Acp5zbtpe0AaM7i2RWyyVwO4obpXfwVvYzrV In-Reply-To: <02f601ca79cd$c433b4e0$4c9b1ea0$@coopercain.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Cc: pkix-chairs@tools.ietf.org, secdir@ietf.org Subject: Re: [secdir] Security Review of draft-ietf-pkix-rfc3161-update-09.txt X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 11:19:39 -0000 Pat, I think you may have misunderstood the issue this draft is addressing. Including ESSCertIDv2 does not mean adding another signature with different strength. ESSCertID and ESSCertIDv2 are just different certificate identifiers for the same certificate used to validate the same signature. The only difference is that the identifier in ESSCertIDv2 is done with a stronger hash (and includes a hash alg identifier) than the one in ESSCertID. I don't see any problem with including both. How to deal with that is defined by, and an issue for, S/MIME rather than this specification. /Stefan On 09-12-10 8:19 PM, "pat cain" wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > Document Abstract: > > This document updates RFC 3161 [RFC3161]. It allows the use of > ESSCertIDv2 defined in RFC 5035 [ESSV2] to specify the hash of a > signer certificate when the hash is calculated with a function other > than SHA-1 [SHA1]. > > Comment: > > The purpose of this document is laudable. > My only comment/concern is about the 'note' at the end of Section 2.2.1. > > "Note: For backwards compatibility, in line with RFC 5035, both > ESSCertID and ESSCertIDv2 MAY be present. Systems MAY ignore > ESSCertIDv2 if RFC 5035 has not been implemented." > > When RFC3161 was undergoing development, there was a robust discussion about > signing > A TST multiple times. I seem to recall the output was not to do it. Since > the requestor has to verify the TST when the TSA sends it back, I'm unclear > on how a requestor that "has not implemented RFC5035" is going to do this > verification if both ESSCertID and ESSCertIDV2 are included. > I expect more guidance is needed here since the different signature > algorithms will have differing characteristics and strengths. > > It seems to make more sense that a TSA return a TST with *either* an > ESSCertID or ESSCertIDV2, but not both. Is there a specific use case that > was intended here or are we just trying to be polite. > > Pat Cain > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir From kent@bbn.com Thu Jan 7 13:01:28 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D9AC3A68C5 for ; Thu, 7 Jan 2010 13:01:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCki5bgMJoD3 for ; Thu, 7 Jan 2010 13:01:27 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id EAB413A67B3 for ; Thu, 7 Jan 2010 13:01:26 -0800 (PST) Received: from dhcp89-089-161.bbn.com ([128.89.89.161]) by smtp.bbn.com with esmtp (Exim 4.63) (envelope-from ) id 1NSzTw-0008RZ-BO; Thu, 07 Jan 2010 16:01:24 -0500 Mime-Version: 1.0 Message-Id: Date: Thu, 7 Jan 2010 14:38:14 -0500 To: secdir@ietf.org From: Stephen Kent Content-Type: multipart/alternative; boundary="============_-949224412==_ma============" Cc: ajs@shinkuro.com, dol@cryptocom.ru, ogud@ogud.com, Ralph Droms Subject: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 21:01:28 -0000 --============_-949224412==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Since several SECDIR members are reviewing draft-ietf-dnsext-dnssec-gost-05 I have chosen to focus on one aspect of the document, i.e., the statement that support for GOST algorithms is a SHOULD (Section 6.1) for all DNSSEC aware implementations. I think this is an inappropriate characterization for the level of support that ought to be accorded an algorithm of this type. I explain my rationale for this assertion below. GOST is an example of what I would term a "national" crypto algorithm. I characterize an algorithm as "national" if use of the algorithm is mandated by a government (within its sphere of influence, for some or all application contexts), but the algorithm otherwise is not widely adopted. The GOST set of algorithms are one such example. Others (chosen form the space of symmetric algorithms) include Camellia (Japan), SKIPJACK (US), SEED (Korea), and SMS4 (China, for WAPI). AES and DES are not "national" algorithms. Even though they were published by NIST as FIPS, both were very widely adopted outside of the national context in which use is (was) mandated. This illustrates that the designation of an algorithm as "national" can change over time. Other IETF WGs (e.g., IPsec, S/MIME, OPGP, and TLS) have adopted a policy of publishing RFCs that describe how to use one or more national algorithms in the context of a protocol. However, in these WGs, support for the algorithm is optional, i.e., a MAY in RFC 2119 parlance. These RFCs define how to use a national algorithm IF one chooses to implement it. They do not require support for the algorithm by making it a SHOULD or MUST. This approach allows the IETF to publish RFCs that deal with a wide range of crypto algorithms (national and otherwise) without prejudice, without engaging in a protracted debate about whether all of these algorithms are equally "worthy" etc. These WGs also define a small number of mandatory (MUST or SHOULD), non-national algorithms, to promote interoperability. I think the convention adopted by other WGs is appropriate for DNESEC as well. As a result, I suggest that this document be modified to specify support for GOST algorithms as a MAY. --============_-949224412==_ma============ Content-Type: text/html; charset="us-ascii" review of draft-ietf-dnsext-dnssec-gost-05

I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

Since several SECDIR members are reviewing draft-ietf-dnsext-dnssec-gost-05 I have chosen to focus on one aspect of the document, i.e., the statement that support for GOST algorithms is a SHOULD (Section 6.1) for all DNSSEC aware implementations. I think this is an inappropriate characterization for the level of support that ought to be accorded an algorithm of this type. I explain my rationale for this assertion below.

GOST is an example of what I would term a "national" crypto algorithm. I characterize an algorithm as "national" if use of the algorithm is mandated by a government (within its sphere of influence, for some or all application contexts), but the algorithm otherwise is not widely adopted. The GOST set of algorithms are one such example. Others (chosen form the space of symmetric algorithms) include Camellia (Japan), SKIPJACK (US), SEED (Korea), and SMS4 (China, for WAPI). AES and DES are not "national" algorithms. Even though they were published by NIST as FIPS, both were very widely adopted outside of the national context in which use is (was) mandated. This illustrates that the designation of an algorithm as "national" can change over time.

Other IETF WGs (e.g., IPsec, S/MIME, OPGP, and TLS) have adopted a policy of publishing RFCs that describe how to use one or more national algorithms in the context of a protocol. However, in these WGs, support for the algorithm is optional, i.e., a MAY in RFC 2119 parlance. These RFCs define how to use a national algorithm IF one chooses to implement it. They do not require support for the algorithm by making it a SHOULD or MUST. This approach allows the IETF to publish RFCs that deal with a wide range of crypto algorithms (national and otherwise) without prejudice, without engaging in a protracted debate about whether all of these algorithms are equally "worthy" etc. These WGs also define a small number of mandatory (MUST or SHOULD), non-national algorithms, to promote interoperability.

I think the convention adopted by other WGs is appropriate for DNESEC as well. As a result, I suggest that this document be modified to specify support for GOST algorithms as a MAY.

--============_-949224412==_ma============-- From ajs@shinkuro.com Thu Jan 7 14:28:17 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D121428C112 for ; Thu, 7 Jan 2010 14:28:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.049 X-Spam-Level: X-Spam-Status: No, score=-3.049 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1966PLiipqZu for ; Thu, 7 Jan 2010 14:28:17 -0800 (PST) Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id EDDB628C0E6 for ; Thu, 7 Jan 2010 14:28:16 -0800 (PST) Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 646842FE8CA1; Thu, 7 Jan 2010 22:28:14 +0000 (UTC) Date: Thu, 7 Jan 2010 17:28:09 -0500 From: Andrew Sullivan To: Stephen Kent Message-ID: <20100107222809.GA25747@shinkuro.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: Ralph Droms , dol@cryptocom.ru, ogud@ogud.com, secdir@ietf.org Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 22:28:17 -0000 Hi, I want to emphasise two things, before my question: 1. I'm not the shepherd for this document, but I'm asking this question in my capacity as co-Chair, such that I might ask something (or not ask) of document editors based on the response. 2. I super-really-I-mean-it don't have a strong opinion on this matter yet. On Thu, Jan 07, 2010 at 02:38:14PM -0500, Stephen Kent wrote: > Other IETF WGs (e.g., IPsec, S/MIME, OPGP, and TLS) have adopted a > policy of publishing RFCs that describe how to use one or more national > algorithms in the context of a protocol. However, in these WGs, support > for the algorithm is optional, i.e., a MAY in RFC 2119 parlance. These > RFCs define how to use a national algorithm IF one chooses to implement > it. They do not require support for the algorithm by making it a SHOULD > or MUST. This approach allows the IETF to publish RFCs that deal with a > wide range of crypto algorithms (national and otherwise) without > prejudice, without engaging in a protracted debate about whether all of > these algorithms are equally "worthy" etc. These WGs also define a small > number of mandatory (MUST or SHOULD), non-national algorithms, to promote > interoperability. I get this argument. The worry I have has something to do with either the protocol environment or the use cases of the analogue protocols you've picked. In the case of IPsec and TLS, I believe (and I'm totally prepared to be corrected) that there is a negotiation mechanism in place between end points. If I'm right about that, there's a serious disanalogy here, because there's no possible way to make that negotiation work in DNS (because of caches, and the way they might affect results). That's perhaps unfortunate, but it's the protocol as we have it. In the case of OPGP and S/MIME, the issue is different: these are mostly protocols for people communicating with one another inside some web of trust. (I know, I know, S/MIME isn't like that, but it immediately is in case we're using limited-deployment algorithms.) The disanalogy here is different, but it has a similar force: if we are going to continue to maintain the position that there's a global DNS that's a universal service, then we have to discourage non-implementation of algorithms that will freeze people out. I've done my best to present above, as succinctly as possible, the arguments against your argument. I don't know that I've done their partisans justice, but I'm trying to weigh each side. So I'd appreciate it if (1) those who agree with Steve could make their best arguments supporting his (do we need the secdir list for this? Feel free to forward this, and you can direct replies to me for summary if desired) and (2) those who think I've made a weak case to follow up with stronger arguments. A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. From alper.yegin@yegin.org Thu Jan 7 23:55:33 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA39E3A635F; Thu, 7 Jan 2010 23:55:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.531 X-Spam-Level: X-Spam-Status: No, score=-0.531 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MSGID_MULTIPLE_AT=1.449, RCVD_IN_SORBS_WEB=0.619] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SofHLtxj2uN5; Thu, 7 Jan 2010 23:55:33 -0800 (PST) Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by core3.amsl.com (Postfix) with ESMTP id CE32A28C0EA; Thu, 7 Jan 2010 23:55:31 -0800 (PST) Received: from LENOVO (dsl.static.85-105-43069.ttnet.net.tr [85.105.168.61]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0LaVtv-1OBoQh3Ey7-00lufv; Fri, 08 Jan 2010 02:55:28 -0500 From: "Alper Yegin" To: "'Yoshihiro Ohba'" , "'Russ Mundy'" References: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> <4B46E06D.4070607@toshiba.co.jp> In-Reply-To: <4B46E06D.4070607@toshiba.co.jp> Date: Fri, 8 Jan 2010 09:55:19 +0200 Message-ID: <029001ca9037$f17bbda0$d47338e0$@yegin@yegin.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqQNU1qjPCdMmnlRQ6jQCQwEN/N8gAAmYjw Content-Language: en-us X-Provags-ID: V01U2FsdGVkX18hcMOsIAPmP6qih6y2d1I4qtU2WUz0LDOXLfq EQ08togdO0/BbY1ylHle0ZzrjXlkGWriqevIL4FuZzXULf2NLd yE2syw4ijO9PMlUhpp8kw== Cc: jari.arkko@piuha.net, iesg@ietf.org, secdir@ietf.org Subject: Re: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 07:55:33 -0000 > > ** To make the scope more clear, I would suggest changing the first > > sentence of section 2.2 to read: "One PEMK is used between one = PaC > > and one EP." >=20 > OK. There can be multiple PANA sessions between the same PaC and the PAA, = hence there can also be multiple PEMKs between the same pair of PaC-EP. = This is currently allowed by the specs, and I don't see a need to = constrain that with the above sentence. Alper From alper.yegin@yegin.org Fri Jan 8 00:10:12 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72CFC3A6866; Fri, 8 Jan 2010 00:10:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.531 X-Spam-Level: X-Spam-Status: No, score=-0.531 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MSGID_MULTIPLE_AT=1.449, RCVD_IN_SORBS_WEB=0.619] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iD-8deAAG3o2; Fri, 8 Jan 2010 00:10:11 -0800 (PST) Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by core3.amsl.com (Postfix) with ESMTP id 7F5773A67F4; Fri, 8 Jan 2010 00:10:10 -0800 (PST) Received: from LENOVO (dsl.static.85-105-43069.ttnet.net.tr [85.105.168.61]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0Md2mA-1NAwXd31gg-00IeKO; Fri, 08 Jan 2010 03:09:58 -0500 From: "Alper Yegin" To: "'Yoshihiro Ohba'" References: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> <4B46E06D.4070607@toshiba.co.jp> <029001ca9037$f17bbda0$d47338e0$%yegin@yegin.org> <4B46E5DB.2030706@toshiba.co.jp> In-Reply-To: <4B46E5DB.2030706@toshiba.co.jp> Date: Fri, 8 Jan 2010 10:09:49 +0200 Message-ID: <029201ca9039$f83ad020$e8b07060$@yegin@yegin.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqQOIP2vH4puYFTR2unETUKXlGWYQAAMfNA Content-Language: en-us X-Provags-ID: V01U2FsdGVkX19gLJuv7VMUv8kY63eY7UiOmt/Hgq4oZMG3UaA /t7XkY6GdMxOGSTuNBTqkV3tk/alBKYG3LmecxTgddewrBnORR 8EmqELiFJl7yjkJAnS0+A== Cc: secdir@ietf.org, jari.arkko@piuha.net, iesg@ietf.org, 'Russ Mundy' Subject: Re: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 08:10:12 -0000 Yoshi, Going back to the baseline text, it says: A PEMK is used between a PaC and an EP. A PEMK MUST NOT be shared among multiple PaCs or EPs. I think the intent of the first sentence is same as the second one. So, saying "A PEMK is bound to a PaC-EP pair. A PEMK MUST NOT be shared = among multiple PaCs or EPs." is more accurate. Alper > -----Original Message----- > From: Yoshihiro Ohba [mailto:yoshihiro.ohba@toshiba.co.jp] > Sent: Friday, January 08, 2010 9:59 AM > To: Alper Yegin > Cc: 'Russ Mundy'; iesg@ietf.org; secdir@ietf.org; jari.arkko@piuha.net > Subject: Re: Secdir review of draft-ohba-pana-pemk-03 >=20 > Alper, >=20 > Since it does not say "Only one PMK is used ...", I think > the case you mentioned below is covered. >=20 > Yoshihiro Ohba >=20 >=20 > Alper Yegin wrote: > >>> ** To make the scope more clear, I would suggest changing the = first > >>> sentence of section 2.2 to read: "One PEMK is used between one > PaC > >>> and one EP." > >> OK. > > > > There can be multiple PANA sessions between the same PaC and the = PAA, > hence there can also be multiple PEMKs between the same pair of = PaC-EP. > This is currently allowed by the specs, and I don't see a need to > constrain that with the above sentence. > > > > Alper > > > > > > From yoshihiro.ohba@toshiba.co.jp Thu Jan 7 23:36:24 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF5BF3A67D3; Thu, 7 Jan 2010 23:36:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.089 X-Spam-Level: X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8O2NGOnfh3j; Thu, 7 Jan 2010 23:36:23 -0800 (PST) Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by core3.amsl.com (Postfix) with ESMTP id 5F2C13A63EB; Thu, 7 Jan 2010 23:36:23 -0800 (PST) Received: from arc11.toshiba.co.jp ([133.199.90.127]) by imx12.toshiba.co.jp with ESMTP id o087aJiT026054; Fri, 8 Jan 2010 16:36:19 +0900 (JST) Received: (from root@localhost) by arc11.toshiba.co.jp id o087aJsK018208; Fri, 8 Jan 2010 16:36:19 +0900 (JST) Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id SAA18194; Fri, 8 Jan 2010 16:36:19 +0900 Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id o087aHNF017107; Fri, 8 Jan 2010 16:36:18 +0900 (JST) Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id o087aErQ018097; Fri, 8 Jan 2010 16:36:16 +0900 (JST) Received: from [133.196.17.30] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0KVX00HXN3SF4150@mail.po.toshiba.co.jp>; Fri, 08 Jan 2010 16:36:15 +0900 (JST) Date: Fri, 08 Jan 2010 16:36:13 +0900 From: Yoshihiro Ohba In-reply-to: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> To: Russ Mundy Message-id: <4B46E06D.4070607@toshiba.co.jp> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7bit References: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) X-Mailman-Approved-At: Fri, 08 Jan 2010 00:22:14 -0800 Cc: alper.yegin@yegin.org, jari.arkko@piuha.net, iesg@ietf.org, secdir@ietf.org Subject: Re: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 07:36:25 -0000 Thank you for your review of the draft. Please see my response below. Russ Mundy wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > * There are some sections where additional information would make the > document more clear and complete: > > ** Section 1. I suggest including Figure 1 from RFC5193 between the > first and second paragraphs of this section to illustrate the > relationship of the components being described. (Although a > reference to the figure might be sufficient, 5193 is Informational > so including the diagram would avoid a potentially normative > reference.) OK. > > ** Section 2.4 defines the lifetime of the PEMK with respect to the > MSK. I believe this means the lifetime of the exact MSK from which > the particular PEMK is derived. If this is the intent, I suggest > adding the following to the end of the current sentence: "from > which it is derived." OK. > > ** Since the PEMK does have a specified lifetime, it seems as though > there should be some information provided about what occurs at the > end of that lifetime. If this information is in other related > specifications then these should be referenced. To address this issue, we have added the following text: "At the end of the lifetime, the PEMK and its associated states MUST be deleted." > > ** Similarly, since the PEMK is defined to be a pre-shared key, > providing information (or reference(s)) to what protocols are > required to put the PEMK in place would make the specification more > clear (is the EAP security mechanism required to provide for > this?). We provide a guideline for distributing PEMK from PAA to EP in Section 3.2. There was a fair amount of discussion in the PANA WG, and AFAIK it was decided not to specify a specific key distribution protocol in this document. > > * Some terminology does not seem consistent with other referenced > specifications: > > ** Although the Master Session Key (MSK) provides the basis for the > PEMK, there is no definition of MSK in this specification and the > terminology sections of RFCs referenced in the introduction > (RFC3748 and RFC5191) have different definitions for MSK in their > terminology sections. Yes, the two documents do not use the same text for MSK definition, but they mean the same key and this should not be a problem. We will follow your below suggestion of use of more terms from RFFC 5191. > > ** Making Use of more terminology from RFC5191 would make it easier to > relate this specification to related RFCs. For instance, use of > "PANA Session", "Session Lifetime" and "PANA Security Association > (PANA SA)" in Sections 2.2, 2.3 & 2.4 might make the sections more > clear. OK. >It also appears that the Key Name of PEMK (section 2.1) > should have some relationship to a "PANA Session" or "Session > Identifier" but it's not clear if or what relationship is > intended. The specification should state the relationship (or > absence of a relationship) or implementers will make different > (probably incompatible) choices in their implementations. > Session identifier is included in the key name as SID. We added the following sentence to address your comment. "Inclusion of the EPID, SID and KID provides uniqueness of PEMK names among multiple PaC-EP pairs under a given PAA." > ** To make the scope more clear, I would suggest changing the first > sentence of section 2.2 to read: "One PEMK is used between one PaC > and one EP." OK. > > I would suggest adding a terminology section to this specification > that referenced the terminology sections of RFC3748 and RFC5191 since > they are both standards track documents. > Terminology section has been added. All reused terms are from RFC5191 now. Those changes are incorporated in to version 04, together with the changes based on Pasi and Alexey's comments. Thank you, Yoshihiro Ohba > > Regards, > > Russ Mundy > > > From yoshihiro.ohba@toshiba.co.jp Thu Jan 7 23:59:29 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEBDD3A6866; Thu, 7 Jan 2010 23:59:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.089 X-Spam-Level: X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxSppDsNWU1F; Thu, 7 Jan 2010 23:59:29 -0800 (PST) Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by core3.amsl.com (Postfix) with ESMTP id EECA53A635F; Thu, 7 Jan 2010 23:59:28 -0800 (PST) Received: from arc11.toshiba.co.jp ([133.199.90.127]) by imx12.toshiba.co.jp with ESMTP id o087xQD0007180; Fri, 8 Jan 2010 16:59:26 +0900 (JST) Received: (from root@localhost) by arc11.toshiba.co.jp id o087xQ6b011522; Fri, 8 Jan 2010 16:59:26 +0900 (JST) Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id SAA11521; Fri, 8 Jan 2010 16:59:26 +0900 Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id o087xQd0006931; Fri, 8 Jan 2010 16:59:26 +0900 (JST) Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id o087xPmY022305; Fri, 8 Jan 2010 16:59:25 +0900 (JST) Received: from [133.196.17.30] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0KVX00HVR4V14160@mail.po.toshiba.co.jp>; Fri, 08 Jan 2010 16:59:25 +0900 (JST) Date: Fri, 08 Jan 2010 16:59:23 +0900 From: Yoshihiro Ohba In-reply-to: <029001ca9037$f17bbda0$d47338e0$%yegin@yegin.org> To: Alper Yegin Message-id: <4B46E5DB.2030706@toshiba.co.jp> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7bit References: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> <4B46E06D.4070607@toshiba.co.jp> <029001ca9037$f17bbda0$d47338e0$%yegin@yegin.org> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) X-Mailman-Approved-At: Fri, 08 Jan 2010 00:22:14 -0800 Cc: secdir@ietf.org, jari.arkko@piuha.net, iesg@ietf.org, 'Russ Mundy' Subject: Re: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 07:59:29 -0000 Alper, Since it does not say "Only one PMK is used ...", I think the case you mentioned below is covered. Yoshihiro Ohba Alper Yegin wrote: >>> ** To make the scope more clear, I would suggest changing the first >>> sentence of section 2.2 to read: "One PEMK is used between one PaC >>> and one EP." >> OK. > > There can be multiple PANA sessions between the same PaC and the PAA, hence there can also be multiple PEMKs between the same pair of PaC-EP. This is currently allowed by the specs, and I don't see a need to constrain that with the above sentence. > > Alper > > > From yoshihiro.ohba@toshiba.co.jp Fri Jan 8 00:38:59 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DD993A6821; Fri, 8 Jan 2010 00:38:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.089 X-Spam-Level: X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LYteeP+IbT-p; Fri, 8 Jan 2010 00:38:58 -0800 (PST) Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by core3.amsl.com (Postfix) with ESMTP id 8F9F13A67F4; Fri, 8 Jan 2010 00:38:58 -0800 (PST) Received: from arc11.toshiba.co.jp ([133.199.90.127]) by imx12.toshiba.co.jp with ESMTP id o088ctIR027713; Fri, 8 Jan 2010 17:38:55 +0900 (JST) Received: (from root@localhost) by arc11.toshiba.co.jp id o088ctc3024536; Fri, 8 Jan 2010 17:38:55 +0900 (JST) Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id TAA24533; Fri, 8 Jan 2010 17:38:55 +0900 Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id o088css2012540; Fri, 8 Jan 2010 17:38:55 +0900 (JST) Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id o088cocG013120; Fri, 8 Jan 2010 17:38:53 +0900 (JST) Received: from [133.196.17.30] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0KVX00HP66OM4180@mail.po.toshiba.co.jp>; Fri, 08 Jan 2010 17:38:46 +0900 (JST) Date: Fri, 08 Jan 2010 17:38:44 +0900 From: Yoshihiro Ohba In-reply-to: <029201ca9039$f83ad020$e8b07060$%yegin@yegin.org> To: Alper Yegin Message-id: <4B46EF14.2060901@toshiba.co.jp> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7bit References: <20100106071553.21C5B17B380F@calvin.home.tislabs.com> <4B46E06D.4070607@toshiba.co.jp> <029001ca9037$f17bbda0$d47338e0$%yegin@yegin.org> <4B46E5DB.2030706@toshiba.co.jp> <029201ca9039$f83ad020$e8b07060$%yegin@yegin.org> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) Cc: secdir@ietf.org, jari.arkko@piuha.net, iesg@ietf.org, 'Russ Mundy' Subject: Re: [secdir] Secdir review of draft-ohba-pana-pemk-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 08:38:59 -0000 Alper Yegin wrote: > Yoshi, > > Going back to the baseline text, it says: > > A PEMK is used between a PaC and an EP. A PEMK MUST NOT be shared > among multiple PaCs or EPs. > > > I think the intent of the first sentence is same as the second one. > > So, saying "A PEMK is bound to a PaC-EP pair. A PEMK MUST NOT be shared among multiple PaCs or EPs." is more accurate. I agree. Yoshihiro Ohba > > Alper > > > > > > > > >> -----Original Message----- >> From: Yoshihiro Ohba [mailto:yoshihiro.ohba@toshiba.co.jp] >> Sent: Friday, January 08, 2010 9:59 AM >> To: Alper Yegin >> Cc: 'Russ Mundy'; iesg@ietf.org; secdir@ietf.org; jari.arkko@piuha.net >> Subject: Re: Secdir review of draft-ohba-pana-pemk-03 >> >> Alper, >> >> Since it does not say "Only one PMK is used ...", I think >> the case you mentioned below is covered. >> >> Yoshihiro Ohba >> >> >> Alper Yegin wrote: >>>>> ** To make the scope more clear, I would suggest changing the first >>>>> sentence of section 2.2 to read: "One PEMK is used between one >> PaC >>>>> and one EP." >>>> OK. >>> There can be multiple PANA sessions between the same PaC and the PAA, >> hence there can also be multiple PEMKs between the same pair of PaC-EP. >> This is currently allowed by the specs, and I don't see a need to >> constrain that with the above sentence. >>> Alper >>> >>> >>> > > > From simon@josefsson.org Fri Jan 8 04:48:37 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE5783A68A0; Fri, 8 Jan 2010 04:48:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4QrsIkiEbEB; Fri, 8 Jan 2010 04:48:36 -0800 (PST) Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 4F1FA3A67FD; Fri, 8 Jan 2010 04:48:34 -0800 (PST) Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id o08CmJSX009378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 8 Jan 2010 13:48:25 +0100 From: Simon Josefsson To: "Glen Zorn" References: <000001ca6a19$665b3320$33119960$@net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:100108:alexey.melnikov@isode.com::9ZLjKvUmUCn433Qk:E2s X-Hashcash: 1:22:100108:iesg@ietf.org::aejakOGiLs3gLiBc:c6Z X-Hashcash: 1:22:100108:kurt.zeilenga@isode.com::bDA6o+IRcr5QhGhT:1fN8 X-Hashcash: 1:22:100108:secdir@ietf.org::/Ow4xjjwvDyGOp31:U0HR X-Hashcash: 1:22:100108:nicolas.williams@sun.com::BMcrnxbaQ7yowkvS:EKz3 X-Hashcash: 1:22:100108:tlyu@mit.edu::Ioz3NT/9JQBoMHUO:a24o X-Hashcash: 1:22:100108:gwz@net-zen.net::n0p+WSrRMii6pz6H:e2GL Date: Fri, 08 Jan 2010 13:48:19 +0100 In-Reply-To: <000001ca6a19$665b3320$33119960$@net> (Glen Zorn's message of "Fri, 20 Nov 2009 14:39:59 -0500") Message-ID: <87k4vs7ofg.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v X-Virus-Status: Clean X-Mailman-Approved-At: Fri, 08 Jan 2010 04:52:25 -0800 Cc: Nicolas.Williams@sun.com, secdir@ietf.org, 'Kurt Zeilenga' , iesg@ietf.org, 'Alexey Melnikov' Subject: Re: [secdir] secdir review of draft-ietf-sasl-gs2-17 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 12:48:37 -0000 "Glen Zorn" writes: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. Thanks for your review Glen. I am now merging your comments into the document. > GENERAL COMMENTS > The reference to a document is not the document; for example, in the > following excerpt from section 2, there are no names defined in the > reference to RFC 2743: > The document uses many terms and function names defined in [RFC2743] > as updated by [RFC5554]. > Please change to something like > The document uses many terms and function names defined in RFC 2743 > [RFC2743] > as updated by RFC 5554 [RFC5554]. > Note that this comment applies globally to all such usages in the document. I agree with Alexey, Pasi and Nico on this and we'll let the RFC Editor handle this. > ABSTRACT > The last sentence of the Abstract says: "See > for more information." Unless the > referenced URL is intended to be permanently available (and probably even > then), this line should be removed before publication as an RFC. I have removed the link.. It was only to aid during development. > SECTION 3 > Third paragraph, first sentence. > Old: > If the GSS_Inquire_SASLname_for_mech interface is not used, the GS2 > implementation need some other mechanism to map mechanism OIDs to > SASL name internally. In this case, the implementation can only > New: > If the GSS_Inquire_SASLname_for_mech interface is not used, the GS2 > implementation needs some other mechanism to map mechanism OIDs to > SASL names internally. In this case, the implementation can only Fixed. > SECTION 3.1 > s/characters outside of the base32 alphabet/characters outside of the Base32 > alphabet/ Fixed. > SECTION 3.2 > s/This obliterate the need/This obliterates the need/ It now reads 'This eliminates the need'. > The final sentence seems slightly clumsy; suggest the following change: > Old: > The computed mechanism name can be used > directly in the implementation, and the implementation need not > concern itself with that the mechanism is part of a mechanism family. > New: > The computed mechanism name can be used > directly in the implementation, and the implementation need not > be concerned if the mechanism is part of a mechanism family. Fixed. > SECTION 4 > In the fourth paragraph, s/As this indicate an error condition/As this > indicates an error condition/ Fixed. > In paragraph 5, "The [RFC2743] section 3.1 initial context token header" has > the sound of GSSAPI "code words" ;-). Suggest changing to "The GSSAPIv2 > initial context token header (see section 3.1 of RFC 2743 [RFC2743])" or > some such. I agree with Nico's reply, so I avoided mentioning GSS*API at all here and used this text: The initial context token header (see section 3.1 of [RFC2743]) MUST be removed if present. > A similar comment pertains to the first paragraph on page 9; suggest: > Old: > When the "gs2-nonstd-flag" flag is present, the client did not find/ > remove a [RFC2743] section 3.1 token header from the initial token > returned by GSS_Init_sec_context. This signals to the server that it > MUST NOT re-add the data that is normally removed by the client. > New: > When the "gs2-nonstd-flag" flag is present, the client did not find/ > remove a GSSAPIv2 token header (RFC 2743, section 3.1) from the initial > token > returned by GSS_Init_sec_context. This signals to the server that it > MUST NOT re-add the data that is normally removed by the client. As before, I wanted to avoid using the term GSS*API here. Instead the text reads: When the "gs2-nonstd-flag" flag is present, the client did not find/ remove a token header ([RFC2743] section 3.1) from the initial token returned by GSS_Init_sec_context. > s/The NUL characters is forbidden/The NUL character is forbidden/ Fixed. > s/Upon the receipt/Upon receipt/ Fixed. > s/results in failed authentication exchange/results in a failed > authentication exchange/ Fixed. > SECTION 5 > I find this section rather difficult to understand: not all of the possible > combinations of gs2-cb-flag and server support for channel bindings seem to > be covered. A table might help, if not for that the gs2-cb-flag is > tri-valued & used to signal two different things. I agree with Nico that I believe we cover all the cases in the text. Can you point to which case is not covered? However, for illustration, I have added Nico's table. > SECTION 5.1 > First sentence s/The calls to GSS_Init_sec_context and > GSS_Accept_sec_context takes a/The calls to GSS_Init_sec_context and > GSS_Accept_sec_context take a/ Fixed. > SECTION 6 > This section needs a lot of work if it is expected to be understood by > non-members of the Illuminati ;->. Just one example (of many possible): > > Example #3: a two round-trip GSS-API context token exchange, no > channel binding, no standard token header. > > C: Request authentication exchange > S: Empty Challenge > C: F,n,, standard header> > S: Send reply context token as is > C: Send reply context token as is > S: Send reply context token as is > C: Empty message > S: Outcome of authentication exchange > > What does this mean? What do 'F' & 'n' stand for? How is it useful? It > might be claimed that these questions could be answered by dissecting the > ABNF for the gs2 header, but I don't think that's a good answer: examples > should be self-contained. I agree with Nico that we shouldn't explain this again in the example section: the meaning of the protocol messages are explained elsewhere in the document already. We could use complete verbatim example exchanges though, but they will be somewhat large due to the unrelated GSS-API tokens which aren't GS2 specific. > SECTION 8 > > The first paragraph says: > > GS2 does not use any GSS-API per-message tokens. Therefore the > setting of req_flags related to per-message tokens is irrelevant. > > OK, but what should the client and server behavior should be WRT the flags? It now reads: GS2 does not use any GSS-API per-message tokens. Therefore the per- message token ret_flags from GSS_Init_sec_context() and GSS_Accept_sec_context() are irrelevant; implementations SHOULD NOT set the per-message req_flags. > SECTION 14.1 > Old: > If a client implement GSS-API mechanism X, potentially negotiated > through a GSS-API mechanism Y, and the server also implement GSS-API > mechanism X negotiated through a GSS-API mechanism Z, the > authentication negotiation will fail. > New: > If a client implements GSS-API mechanism X, potentially negotiated > through a GSS-API mechanism Y, and the server also implements GSS-API > mechanism X negotiated through a GSS-API mechanism Z, the > authentication negotiation will fail. Fixed. > SECTION 14.2 > > s/use of GSS-API mechanisms that negotiate other mechanisms are/use of > GSS-API mechanisms that negotiate other mechanisms is/ Fixed. Thanks again, /Simon From simon@josefsson.org Fri Jan 8 04:49:59 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C55913A6958; Fri, 8 Jan 2010 04:49:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.549 X-Spam-Level: X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlKtogZAA9gU; Fri, 8 Jan 2010 04:49:59 -0800 (PST) Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id A0A313A68A0; Fri, 8 Jan 2010 04:49:58 -0800 (PST) Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id o08CnrfR009416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 8 Jan 2010 13:49:55 +0100 From: Simon Josefsson To: Nicolas Williams References: <000001ca6a19$665b3320$33119960$@net> <20091123165233.GJ773@Sun.COM> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:100108:iesg@ietf.org::obzvswTmjE55bmxQ:q7q X-Hashcash: 1:22:100108:secdir@ietf.org::Nh/bQJtKl7AzIZuq:1xtV X-Hashcash: 1:22:100108:gwz@net-zen.net::Wdt6YuxOurO3KO2J:4vk+ X-Hashcash: 1:22:100108:nicolas.williams@sun.com::L9oY6Aahv3bar4st:5Nwm X-Hashcash: 1:22:100108:tlyu@mit.edu::mPO/1yu2KI6idTWX:BWXf X-Hashcash: 1:22:100108:alexey.melnikov@isode.com::FTh+6Dfrlweu6w9X:B77q X-Hashcash: 1:22:100108:kurt.zeilenga@isode.com::obp1fQLyrZKhUUty:vNit Date: Fri, 08 Jan 2010 13:49:53 +0100 In-Reply-To: <20091123165233.GJ773@Sun.COM> (Nicolas Williams's message of "Mon, 23 Nov 2009 10:52:34 -0600") Message-ID: <87fx6g7ocu.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v X-Virus-Status: Clean X-Mailman-Approved-At: Fri, 08 Jan 2010 04:52:25 -0800 Cc: secdir@ietf.org, 'Kurt Zeilenga' , iesg@ietf.org, 'Alexey Melnikov' Subject: Re: [secdir] secdir review of draft-ietf-sasl-gs2-17 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 12:49:59 -0000 Nicolas Williams writes: >> SECTION 5 >> I find this section rather difficult to understand: not all of the possible >> combinations of gs2-cb-flag and server support for channel bindings seem to >> be covered. A table might help, if not for that the gs2-cb-flag is >> tri-valued & used to signal two different things. > > I believe we handled all cases. There are three flag values and two > server support alternatives. I suppose we can add a table, something > like: > > FLAG SERVER CB SUPPORT DISPOSITION > ---- ----------------- ----------- > > n Irrelevant If server disallows non-channel- > bound authentication, then fail > > y CB not supported Authentication may succeed > > y CB supported Authentication must fail > > p CB supported Authentication may succeed, with > CB used > > p CB not supported Authentication will fail > > CB not supported Client does not even try because > it insists on CB I have added this table to section 5. >> The first paragraph says: >> >> GS2 does not use any GSS-API per-message tokens. Therefore the >> setting of req_flags related to per-message tokens is irrelevant. >> >> OK, but what should the client and server behavior should be WRT the flags? > > There's no actual behavior w.r.t. req_flags and ret_flags. The GSS-API > mechanism is free to enable per-msg token features not requested by the > caller, but they are truly irrelevant: the application won't be using > per-msg tokens. It may make things simpler if we explicitly require > that req_flags not be set: > > GS2 does not use any GSS-API per-message tokens. Therefore the > per-message token ret_flags from GSS_Init_sec_context() and > GSS_Accept_sec_context() are irrelevant; implementations SHOULD NOT > set the per-message req_flags. This is in the document now too. Thanks, Simon From kent@bbn.com Fri Jan 8 06:08:00 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63F343A6862 for ; Fri, 8 Jan 2010 06:08:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNCcVJYV52xG for ; Fri, 8 Jan 2010 06:07:59 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 3B6313A67B5 for ; Fri, 8 Jan 2010 06:07:59 -0800 (PST) Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.1.5]) by smtp.bbn.com with esmtp (Exim 4.63) (envelope-from ) id 1NTFV8-0003vG-9v; Fri, 08 Jan 2010 09:07:42 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <20100107222809.GA25747@shinkuro.com> References: <20100107222809.GA25747@shinkuro.com> Date: Fri, 8 Jan 2010 09:07:24 -0500 To: Andrew Sullivan From: Stephen Kent Content-Type: multipart/alternative; boundary="============_-949162835==_ma============" Cc: Ralph Droms , dol@cryptocom.ru, ogud@ogud.com, secdir@ietf.org Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 14:08:00 -0000 --============_-949162835==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" Andrew, I think the arguments I made are not so tightly related to the question of the ability of the protocols in question to negotiate algorithms, but I do appreciate the questions you posed. You are correct that IPsec peers and TLS clients & servers perform a negotiation prior to establishing a session or secruity association. However, TLS is the most widely deployed and used crypto protocol in large part because the set of algorithms that MUST be supported to ensure very wide interoperability is very small, despite the fact that many algorithms have been defined to use with TLS. For S/MIME and OPGP there is a requirement that, ultimately, the receiver has some way to verify the cert associated with the sender. However, it is common for senders to sign messages that are send to mailing lists where the sender has no way of knowing what algorithms all the receivers support. So, your analysis for this case is off the mark. (Your analysis is applicable to the case of encrypted e-mail, because the sender has to retrieve certs for all recipients first, and thus can determine what algorithms, they support. But, signed e-mail is MUCH more common than encrypted e-mail in the public Internet.) I understand the arguments you are making, and I agree that there are differences between protocols that may be used in closed communities vs. ones that are intended to have global scope, like DNSSEC. But, I think the argument I made is valid. My point is that it is unreasonable to require every DNSSEC implementation to support every public key signature and hash algorithm that anybody chooses to register. This is a classic case of what economists call externalization of costs. By calling for such support for any national algorithm suite (or any algorithms that might be put forth and which are not widely employed), one establishes a bad precedent. Rather it makes sense to have a very limited number of algorithm suites that MUST (or SHOULD) be implemented. My recommendation is to limit mandated (MUST or SHOULD) support to just two: current and next. BTW, we have had this discussion in SIDR, where the RPKI has a similar global scope and where Vasily had made a similar request for recognition of GOST algorithms. So far, that WG has said no, for the reasons I cited in my comments and above. The current plan there is to go with the two suite model I described above. Steve --============_-949162835==_ma============ Content-Type: text/html; charset="us-ascii" Re: review of draft-ietf-dnsext-dnssec-gost-05

Andrew,

I think the arguments I made are not so tightly related to the question of the ability of the protocols in question to negotiate algorithms, but I do appreciate the questions you posed.

You are correct that IPsec peers and TLS clients & servers perform a negotiation prior to establishing a session or secruity association. However, TLS is the most widely deployed and used crypto protocol in large part because the set of algorithms that MUST be supported to ensure very wide interoperability is very small, despite the fact that many algorithms have been defined to use with TLS.

For S/MIME and OPGP there is a requirement that, ultimately, the receiver has some way to verify the cert associated with the sender. However, it is common for senders to sign messages that are send to mailing lists where the sender has no way of knowing what algorithms all the receivers support. So, your analysis for this case is off the mark. (Your analysis is applicable to the case of encrypted e-mail, because the sender has to retrieve certs for all recipients first, and thus can determine what algorithms, they support. But, signed e-mail is MUCH more common than encrypted e-mail in the public Internet.)

I understand the arguments you are making, and I agree that there are differences between protocols that may be used in closed communities vs. ones that are intended to have global scope, like DNSSEC. But, I think the argument I made is valid.

My point is that it is unreasonable to require every DNSSEC implementation to support every public key signature and hash algorithm that anybody chooses to register. This is a classic case of what economists call externalization of costs. By calling for such support for any national algorithm suite (or any algorithms that might be put forth and which are not widely employed), one establishes a bad precedent. Rather it makes sense to have a very limited number of algorithm suites that MUST (or SHOULD) be implemented. My recommendation is to limit mandated (MUST or SHOULD) support to just two: current and next.

BTW, we have had this discussion in SIDR, where the RPKI has a similar global scope and where Vasily had made a similar request for recognition of GOST algorithms. So far, that WG has said no, for the reasons I cited in my comments and above. The current plan there is to go with the two suite model I described above.

Steve

--============_-949162835==_ma============-- From ajs@shinkuro.com Fri Jan 8 06:44:36 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F4E73A6979 for ; Fri, 8 Jan 2010 06:44:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.985 X-Spam-Level: X-Spam-Status: No, score=-2.985 tagged_above=-999 required=5 tests=[AWL=-0.386, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSDv14qzm1Md for ; Fri, 8 Jan 2010 06:44:35 -0800 (PST) Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 8FAB03A6970 for ; Fri, 8 Jan 2010 06:44:35 -0800 (PST) Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id DEE702FE8CA1; Fri, 8 Jan 2010 14:44:32 +0000 (UTC) Date: Fri, 8 Jan 2010 09:44:31 -0500 From: Andrew Sullivan To: Stephen Kent Message-ID: <20100108144431.GB26259@shinkuro.com> References: <20100107222809.GA25747@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: Ralph Droms , dol@cryptocom.ru, ogud@ogud.com, secdir@ietf.org Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 14:44:36 -0000 On Fri, Jan 08, 2010 at 09:07:24AM -0500, Stephen Kent wrote: > > For S/MIME and OPGP there is a requirement that, ultimately, the > receiver has some way to verify the cert associated with the sender. > However, it is common for senders to sign messages that are send to > mailing lists where the sender has no way of knowing what algorithms all > the receivers support. So, your analysis for this case is off the mark. This is a good point. Thanks. > Rather it makes sense to have a very limited number of algorithm suites > that MUST (or SHOULD) be implemented. My recommendation is to limit > mandated (MUST or SHOULD) support to just two: current and next. Hrm. Well, we already violate this recommendation, I think, but I take your point. > BTW, we have had this discussion in SIDR, where the RPKI has a similar > global scope and where Vasily had made a similar request for recognition > of GOST algorithms. So far, that WG has said no, for the reasons I cited > in my comments and above. The current plan there is to go with the two > suite model I described above. Ok. Thanks for this; it's useful feedback. Best, A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. From phoffman@imc.org Fri Jan 8 08:13:15 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6497B28C10E for ; Fri, 8 Jan 2010 08:13:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.046 X-Spam-Level: X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HttUNxjGY3vD for ; Fri, 8 Jan 2010 08:13:09 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 01B413A677C for ; Fri, 8 Jan 2010 08:13:07 -0800 (PST) Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o08GCVAw020420 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 8 Jan 2010 09:12:33 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <20100108144431.GB26259@shinkuro.com> References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> Date: Fri, 8 Jan 2010 08:12:29 -0800 To: Andrew Sullivan , Stephen Kent From: Paul Hoffman Content-Type: text/plain; charset="us-ascii" Cc: secdir@ietf.org, dol@cryptocom.ru, ogud@ogud.com, Ralph Droms Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 16:13:15 -0000 To take it one step further: a signing algorithm that is easily broken opens up a new attack vector. Imagine that all DNSSEC "client" implementations (resolvers) need to support two algorithms, A and B. If A and B are of actual equal strength, an attacker has an equal problem. However, if B is found to have weaknesses that allows an attacker to forge signatures, that attacker then can create a bogus chain to a trust anchor using B in the entire path. It is for this reason that DNSSEC does not, for example, require that resolvers MUST be able to validate RSA signatures with 256-bit keys. However, by saying that resolvers MUST be able to validate anything other than the widely-agreed-to algorithms, you are opening up such an attack. GOST signatures use a hash algorithm that has a known academic attack. Thus, even if the GOST asymmetric encryption algorithm is as strong as RSA with the size of keys that people are using, the overall signing algorithm may be weaker. This is *not* an argument that Russia should not use GOST: they have made their own security decisions based on the same knowledge that we have (and possibly more). It is, however, an argument against making everyone else be able to verify GOST signatures as if they were equivalent to other mandatory-to-implement signature algorithms. From uri@mit.edu Fri Jan 8 08:45:51 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 603683A67FE for ; Fri, 8 Jan 2010 08:45:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eiL96uCxDybA for ; Fri, 8 Jan 2010 08:45:50 -0800 (PST) Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU [18.9.25.13]) by core3.amsl.com (Postfix) with ESMTP id 7488A3A67AE for ; Fri, 8 Jan 2010 08:45:50 -0800 (PST) X-AuditID: 1209190d-b7b0fae000000ead-aa-4b47613cb2d9 Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by dmz-mailsec-scanner-2.mit.edu (Symantec Brightmail Gateway) with SMTP id F2.FA.03757.C31674B4; Fri, 8 Jan 2010 11:45:48 -0500 (EST) Received: from outgoing-legacy.mit.edu (OUTGOING-LEGACY.MIT.EDU [18.7.22.104]) by central-city-carrier-station.mit.edu (8.13.6/8.9.2) with ESMTP id o08GkXTY007589 for ; Fri, 8 Jan 2010 11:46:38 -0500 (EST) Received: from webmail-7.mit.edu (WEBMAIL-7.MIT.EDU [18.9.23.17]) ) by outgoing-legacy.mit.edu (8.13.6/8.12.4) with ESMTP id o08GjYOj008979 for ; Fri, 8 Jan 2010 11:45:39 -0500 (EST) Received: from webmail-7.mit.edu (webmail-7.mit.edu [127.0.0.1]) by webmail-7.mit.edu (8.13.8) with ESMTP id o08GZTVO016533; Fri, 8 Jan 2010 11:35:29 -0500 Received: (from nobody@localhost) by webmail-7.mit.edu (8.13.8/8.13.8/Submit) id o08GZSHp016529 for secdir@ietf.org; Fri, 8 Jan 2010 11:35:28 -0500 X-Authentication-Warning: webmail-7.mit.edu: nobody set sender to uri@mit.edu using -f Received: from c-24-62-224-140.hsd1.ma.comcast.net (c-24-62-224-140.hsd1.ma.comcast.net [24.62.224.140]) (User authenticated as uri@ATHENA.MIT.EDU) by webmail.mit.edu (Horde MIME library) with HTTP; Fri, 08 Jan 2010 11:35:28 -0500 Message-ID: <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu> X-Priority: 3 (Normal) Date: Fri, 08 Jan 2010 11:35:28 -0500 From: Uri Blumenthal To: secdir@ietf.org References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) X-Scanned-By: MIMEDefang 2.42 X-Brightmail-Tracker: AAAAAxJXwFoSV8E+ElfC1g== Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 16:45:51 -0000 I am in full agreement with the arguments Paul and Steve have made. Keep GOST as MAY. Quoting Paul Hoffman : > To take it one step further: a signing algorithm that is easily > broken opens up a new attack vector. Imagine that all DNSSEC "client" > implementations (resolvers) need to support two algorithms, A and B. > If A and B are of actual equal strength, an attacker has an equal > problem. However, if B is found to have weaknesses that allows an > attacker to forge signatures, that attacker then can create a bogus > chain to a trust anchor using B in the entire path. > > It is for this reason that DNSSEC does not, for example, require that > resolvers MUST be able to validate RSA signatures with 256-bit keys. > However, by saying that resolvers MUST be able to validate anything > other than the widely-agreed-to algorithms, you are opening up such > an attack. > > GOST signatures use a hash algorithm that has a known academic > attack. Thus, even if the GOST asymmetric encryption algorithm is as > strong as RSA with the size of keys that people are using, the > overall signing algorithm may be weaker. This is *not* an argument > that Russia should not use GOST: they have made their own security > decisions based on the same knowledge that we have (and possibly > more). It is, however, an argument against making everyone else be > able to verify GOST signatures as if they were equivalent to other > mandatory-to-implement signature algorithms. > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > From ajs@shinkuro.com Fri Jan 8 10:22:27 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 405523A689A for ; Fri, 8 Jan 2010 10:22:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.157 X-Spam-Level: X-Spam-Status: No, score=-3.157 tagged_above=-999 required=5 tests=[AWL=-0.558, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MizV31DozpL4 for ; Fri, 8 Jan 2010 10:22:25 -0800 (PST) Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 6964E3A688D for ; Fri, 8 Jan 2010 10:22:25 -0800 (PST) Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id DD1542FE8CA1; Fri, 8 Jan 2010 18:22:20 +0000 (UTC) Date: Fri, 8 Jan 2010 13:22:19 -0500 From: Andrew Sullivan To: Paul Hoffman Message-ID: <20100108182219.GN26259@shinkuro.com> References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: secdir@ietf.org, dol@cryptocom.ru, ogud@ogud.com, Ralph Droms Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 18:22:27 -0000 On Fri, Jan 08, 2010 at 08:12:29AM -0800, Paul Hoffman wrote: > It is for this reason that DNSSEC does not, for example, require > that resolvers MUST be able to validate RSA signatures with 256-bit > keys. However, by saying that resolvers MUST be able to validate > anything other than the widely-agreed-to algorithms, you are opening > up such an attack. Now, this is an interesting point. I think if one combines this argument with Steve's point that a certain baseline of mandatory algorithms should be required _only_ because you need some common set for interoperability, one has a pretty good argument that most algorithms should be MAYs and not stronger. Thanks, A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. From phoffman@imc.org Fri Jan 8 10:37:01 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58CC13A68A6 for ; Fri, 8 Jan 2010 10:37:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.046 X-Spam-Level: X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RgV4IwsSqF4 for ; Fri, 8 Jan 2010 10:37:00 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 844A13A688C for ; Fri, 8 Jan 2010 10:37:00 -0800 (PST) Received: from [10.20.30.158] (sn87.proper.com [75.101.18.87]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o08Iana9028426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 8 Jan 2010 11:36:50 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <20100108182219.GN26259@shinkuro.com> References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> <20100108182219.GN26259@shinkuro.com> Date: Fri, 8 Jan 2010 10:36:48 -0800 To: Andrew Sullivan From: Paul Hoffman Content-Type: text/plain; charset="us-ascii" Cc: secdir@ietf.org, dol@cryptocom.ru, ogud@ogud.com, Ralph Droms Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 18:37:01 -0000 At 1:22 PM -0500 1/8/10, Andrew Sullivan wrote: >On Fri, Jan 08, 2010 at 08:12:29AM -0800, Paul Hoffman wrote: > >> It is for this reason that DNSSEC does not, for example, require >> that resolvers MUST be able to validate RSA signatures with 256-bit >> keys. However, by saying that resolvers MUST be able to validate >> anything other than the widely-agreed-to algorithms, you are opening >> up such an attack. > >Now, this is an interesting point. Thank you. However, it is far from original. >I think if one combines this >argument with Steve's point that a certain baseline of mandatory >algorithms should be required _only_ because you need some common set >for interoperability, one has a pretty good argument that most >algorithms should be MAYs and not stronger. Bingo. If there is an algorithm that the technical community thinks is the "next" mandatory algorithm, you might want to make it "SHOULD+", but even that proposal is not always clear-cut. From mcgrew@cisco.com Fri Jan 8 13:10:18 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 659D43A687C for ; Fri, 8 Jan 2010 13:10:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id au48YUPWRvO9 for ; Fri, 8 Jan 2010 13:10:17 -0800 (PST) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 64B1D3A686B for ; Fri, 8 Jan 2010 13:10:17 -0800 (PST) Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEALstR0urR7H+/2dsb2JhbADBPpQKgjmBdgQ X-IronPort-AV: E=Sophos;i="4.49,244,1262563200"; d="scan'208";a="463875566" Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-6.cisco.com with ESMTP; 08 Jan 2010 21:10:15 +0000 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o08LAFbK011166 for ; Fri, 8 Jan 2010 21:10:15 GMT Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 8 Jan 2010 13:10:15 -0800 Received: from [10.32.254.210] ([10.32.254.210]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 8 Jan 2010 13:10:15 -0800 Message-Id: <566303C7-A4F9-48B2-93E4-3F16FA394430@cisco.com> From: David McGrew To: secdir@ietf.org In-Reply-To: <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) X-Priority: 3 (Normal) Date: Fri, 8 Jan 2010 13:10:14 -0800 References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu> X-Mailer: Apple Mail (2.936) X-OriginalArrivalTime: 08 Jan 2010 21:10:15.0431 (UTC) FILETIME=[F9421970:01CA90A6] Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 21:10:18 -0000 I also agree with the compelling reasons that Steve and Paul have articulated. I'm confused about one point, though. The IANA considerations section in draft-ietf-dnsext-dnssec-gost-06 asks for GOST R 34.10-2001 and GOST R 34.11-94 to be registered as OPTIONAL. Was there some suggestion to make them mandatory? David On Jan 8, 2010, at 8:35 AM, Uri Blumenthal wrote: > I am in full agreement with the arguments Paul and Steve have made. > > Keep GOST as MAY. > > Quoting Paul Hoffman : >> To take it one step further: a signing algorithm that is easily >> broken opens up a new attack vector. Imagine that all DNSSEC >> "client" implementations (resolvers) need to support two >> algorithms, A and B. If A and B are of actual equal strength, an >> attacker has an equal problem. However, if B is found to have >> weaknesses that allows an attacker to forge signatures, that >> attacker then can create a bogus chain to a trust anchor using B in >> the entire path. >> >> It is for this reason that DNSSEC does not, for example, require >> that resolvers MUST be able to validate RSA signatures with 256-bit >> keys. However, by saying that resolvers MUST be able to validate >> anything other than the widely-agreed-to algorithms, you are >> opening up such an attack. >> >> GOST signatures use a hash algorithm that has a known academic >> attack. Thus, even if the GOST asymmetric encryption algorithm is >> as strong as RSA with the size of keys that people are using, the >> overall signing algorithm may be weaker. This is *not* an argument >> that Russia should not use GOST: they have made their own security >> decisions based on the same knowledge that we have (and possibly >> more). It is, however, an argument against making everyone else be >> able to verify GOST signatures as if they were equivalent to other >> mandatory-to-implement signature algorithms. >> _______________________________________________ >> secdir mailing list >> secdir@ietf.org >> https://www.ietf.org/mailman/listinfo/secdir >> > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir From Nicolas.Williams@sun.com Fri Jan 8 13:35:17 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 343AD3A68DE for ; Fri, 8 Jan 2010 13:35:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.046 X-Spam-Level: X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9hJGeThTYVS for ; Fri, 8 Jan 2010 13:35:16 -0800 (PST) Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id E94A43A686B for ; Fri, 8 Jan 2010 13:35:15 -0800 (PST) Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id o08LZDJB020051 for ; Fri, 8 Jan 2010 21:35:13 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id o08LZD1N054482 for ; Fri, 8 Jan 2010 14:35:13 -0700 (MST) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id o08LKEfT001384; Fri, 8 Jan 2010 15:20:14 -0600 (CST) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id o08LKDpi001383; Fri, 8 Jan 2010 15:20:13 -0600 (CST) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Fri, 8 Jan 2010 15:20:13 -0600 From: Nicolas Williams To: David McGrew Message-ID: <20100108212013.GC1061@Sun.COM> References: <20100107222809.GA25747@shinkuro.com> <20100108144431.GB26259@shinkuro.com> <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu> <566303C7-A4F9-48B2-93E4-3F16FA394430@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <566303C7-A4F9-48B2-93E4-3F16FA394430@cisco.com> User-Agent: Mutt/1.5.7i Cc: secdir@ietf.org Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 21:35:17 -0000 On Fri, Jan 08, 2010 at 01:10:14PM -0800, David McGrew wrote: > I also agree with the compelling reasons that Steve and Paul have > articulated. +1 > I'm confused about one point, though. The IANA considerations section > in draft-ietf-dnsext-dnssec-gost-06 asks for GOST R 34.10-2001 and > GOST R 34.11-94 to be registered as OPTIONAL. Was there some > suggestion to make them mandatory? " 6.1. Support for GOST signatures DNSSEC aware implementations SHOULD be able to support RRSIG and DNSKEY resource records created with the GOST algorithms as defined in this document. ... 8. IANA Considerations ... Zone Trans. Value Algorithm Mnemonic Signing Sec. References Status {TBA1} GOST R 34.10-2001 GOST Y * (this memo) OPTIONAL ... Value Algorithm Status {TBA2} GOST R 34.11-94 OPTIONAL " Section 6.1 and 8 are in conflict. Nico -- From weiler+secdir@watson.org Sat Jan 9 07:37:00 2010 Return-Path: X-Original-To: secdir@core3.amsl.com Delivered-To: secdir@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3CF763A68CF for ; Sat, 9 Jan 2010 07:37:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHglOLFSV-IK for