ietf
[Top] [All Lists]

RE: Security for various IETF services

2014-04-07 14:51:46
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Christian 
Huitema
Sent: Sunday, April 6, 2014 4:30 PM
To: ietf(_at_)ietf(_dot_)org
Subject: RE: Security for various IETF services

I agree with those who've said a threat analysis is needed before
deciding access is limited to TLS or other secure alternative.

But we have that threat analysis, and the recommended mitigation is
precisely "encrypt everything." The "pervasive monitoring" threat is analyzed
by a number of perpass drafts, and Stephen has merely followed the
conclusions of that analysis. There is no need to repeat that analysis for 
each
and every tool that the IETF produces, and there is indeed a need for the
IETF as a whole to "lead by example."

I've been following this thread with some amusement, as it was clear that when 
the perpass draft took its unusual journey from personal draft submission to 
BCP the fallout would include things like an immediate call for all IETF 
services to be encrypted. At the same time, there are an equally well known 
number of attacks against TCP itself that make TCP the wrong substrate upon 
which to build "secure" communication channels. (Just a couple of well-known 
examples: the ease of session hijacking of established connection and SYN flood 
attacks against well-known servers, both of which lead to denial of service and 
potentially forcing the user to downgrade to an alternative channel for 
obtaining the information).

If the same level of urgency were shown towards a viable, and secure, 
replacement for TCP itself, then the calls for secure-only access to IETF 
services might make sense. Instead, it feels a lot like requiring stronger 
deadbolts on glass doors.

Matthew Kaufman