[Swan] [perpass] my synopsis of the BoF session outcome (fwd)

Paul Wouters paul at nohats.ca
Thu Nov 14 17:11:39 EET 2013 

Might be interesting to some.

Note especially that the homenet people have been awesome in defining
their standard access method to be "block all but IKE and ESP". They
really looked at good secure defaults!

Paul

---------- Forwarded message ----------
Date: Thu, 14 Nov 2013 09:45:33
From: Stephen Farrell <stephen.farrell at cs.tcd.ie>
To: perpass <perpass at ietf.org>
Subject: [perpass] my synopsis of the BoF session outcome


Hi all,

Here's what I took from the meeting notes and having
listened back to the recording. Overall, there was
a good bit more here that was concrete than I thought
was the case on the day, so thanks all for that!

I put the most vague first and the most concrete last.
Apologies in advance if I've annoyed you for how I've
characterised your valuable input:-)

As always, comments, discussion, volunteering are as
welcome as ever! Please start separate threads though
unless your follow-up is about the synopsis itself.

General thoughts/recommendations, some almost platitudinal:

- there's a tension between n/w mgmt & confid
- make middleboxes explicit
- write more code, connect with OSS communities
- think about how our code is implemented/operated, e.g. UPnP
- embedded ecosystem doesn't have updates, freezes in bugs,
   prevents deploying e.g. IPv6
- sometimes we get it wrong when we add too much security -
   e.g SIP wouldn't have been successful if we'd done
   security "right"
- successful crypto happens where the client just does it
   and doesn't have to ask, don't sacrifice usability
- better documented protocols have fewer security problems
- some protocols can't really be secured (e.g. DHCP) so
   shouldn't be used for lots of config stuff
- IPv6 + IPsec + RFC 6092 => IKE, ESP get in, could make
   things better?
- NAT is terrible:-)

Research topics, maybe for IAB w/s or IRTF?:

- it'd be good to have privacy metrics
- think through consequences of mitigations, there will
   be some
- if we get to OE, then how do we get from there to
   authentication when we want authentication
- problems handling security protocol failures (e.g. cert
   expiry)

Review stuff, hard to see such boring work being done:

- review old mouldy stuff (even in new docs), incl
   crypto uses
- e2e - maybe a survey of landscape is needed first?
- go look at why are existing protocols not being deployed?
- organised effort to privacy review existing protocols
   (directorate?)

Actionable maybe, nothing done yet:

- either find usable security folks to get involved or else
   make sure there's no UI, don't require large scale key mgmt
- maybe get servers (web) and CA people together to try
   develop some usable certification protocols
- same as above for DNS zone signing tools
- IETF should go beyond legislative definitions of personal
   data e.g. meta-data, define PII as privacy impacting
   information
- should we revise some security BCPs? which? how? who?
- (plenary) we should set the GAAP equivalent for
   security and privacy

Lots about OE, but quite actionable:

- define OE and how to do it - SF has asked someone if
   they'd write a HOWTO-pimp-my-protocol-with-OE draft,
   define it better and how to use it, and be careful with
   naming it to not imply you get more than you actually get
- OE: don't forget active attacks, they can also be somewhat
   pervasive
- OE: don't forget active attacks, they are worse attacks
- OE: don't forget active attacks, OE could be oversold
- OE: don't forget active attacks, they are more expensive
   and easier to detect
- OE: don't forget active attacks, cost increase may not be
   as good as you think, e.g. MITM to gather call records
- OE: don't forget active attacks, include ways to auto
   detect them (maybe after the fact)

Specific enough to have been actioned already:-)

- consider traffic analysis as part of protocol design
   (-> threat model?, asked Brian)
- define a "strong" RNG - a list has been setup for this
   that's, dsfjdssdfsd at ietf.org and has been announced
- reform privacy directive (asked, got 3-4 interested so
   far, not enough) if it happens, rfc6973 might help
   this time
   = got mail so far from:
       Scott Brim, Jim Fenton, Rhys Smith, Klass Wierenga
     more welcome
   = maybe include more, e.g. "privdir" review to be
     done when appsawg "adopts" or something?
- consider DNS confid, e.g. QNAMEs in DNS queries
   Bortzmeyer, Koch drafts, discussion with INT and OPS
   ADs ongoing for where to do that work

Regards,
S.
_______________________________________________
perpass mailing list
perpass at ietf.org
https://www.ietf.org/mailman/listinfo/perpass

More information about the Swan mailing list