ietf
[Top] [All Lists]

Re: [saag] : Review of: Opportunistic Security -03 preview for comment

2014-08-16 08:13:02
On Sat, Aug 16, 2014 at 04:48:54AM +0000, Viktor Dukhovni wrote:
Except that it is different.  There is no need to make a big "your
security may be degraded" fuss when doing better than expected.
However, when failing to achieve a security goal, and settling for
less, applications have tended to put up all sorts of warnings,
fussy dialogues, ...  And are often unwilling to do less that the
maximum, and simply fail.

The change of perspective is crucial to making progress.  Cleartext
is the baseline, not comprehensive protection.  You don't fall back
from comprehensive protection, when it is does not work out, ...
You do better than the baseline when that is possible, and just
works, without disrupting communication in the absence of an attack.

Yes.  This.  It would be good to have something which states this
explicitly in the introduction of the I-D.  A careful reader can infer
this, but I think it's good to state this explicitly.

Something else that I think would be good to include in the
introduction is as we improve from cleartext to "authenticated,
encrypted, and protected against passive and active active attacks",
that the way station of "protected only against passive attackers" is
a _still_ better than just staying at cleartext.

The second paragraph of the abstract:

   This document promotes designs in which cryptographic protection
   against both passive and active attacks can be rolled out
   incrementally as new systems are deployed, without creating barriers
   to communication.

... seemes to emphasize more the concept of "some of the time" and
doesn't spell out that the rollout might include protection against
passive attacks only as being (a) within the scope of this document,
and (b) desirable if the alternative is cleartext.

This is a design guide (manifesto), not not a protocol specification,
and setting things in the right perspective matters.

Something that might be useful along this front, if we can find an
appropriate reference, is the (possibly apocryphal, or maybe the
authorative source is classified, perhaps out of embarassment?  :-)
story about air force pilots who would deliberately disable their
fancy NSA-provided crypto gear because in a combat situation, when
friendly fire can really ruin your day (or not getting support to
ground forces who were using an incompatible crypto system),
communicating in the clear is far more important than not
communicating at all....

                                                - Ted

<Prev in Thread] Current Thread [Next in Thread>