Opportunistic Security: Some Protection Most of the Time
draft-dukhovni-opportunistic-security-05

The information below is for an old version of the document
Document Type Active Internet-Draft (individual in sec area)
Last updated 2014-11-25 (latest revision 2014-10-27)
Stream IETF
Intended RFC status Informational
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Doc Shepherd Follow-up Underway
Document shepherd Paul Hoffman
Shepherd write-up Show (last changed 2014-08-25)
IESG IESG state Approved-announcement to be sent::Point Raised - writeup needed
Consensus Boilerplate Yes
Telechat date
Responsible AD Stephen Farrell
Send notices to ietf-dane@dukhovni.org, draft-dukhovni-opportunistic-security@tools.ietf.org, saag@ietf.org
IANA IANA review state IANA OK - No Actions Needed
IANA action state None
Network Working Group                                        V. Dukhovni
Internet-Draft                                                 Two Sigma
Intended status: Informational                          October 27, 2014
Expires: April 30, 2015

        Opportunistic Security: Some Protection Most of the Time
                draft-dukhovni-opportunistic-security-05

Abstract

   This document defines the concept "Opportunistic Security" in the
   context of communications protocols.  Protocol designs based on
   Opportunistic Security use encryption even when authentication is not
   available, and use authentication when possible, thereby removing
   barriers to the widespread use of encryption on the Internet.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 30, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Dukhovni                 Expires April 30, 2015                 [Page 1]
Internet-Draft           Opportunistic Security             October 2014

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Background  . . . . . . . . . . . . . . . . . . . . . . .   2
     1.2.  A New Perspective . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   5
   3.  Opportunistic Security Design Principles  . . . . . . . . . .   5
   4.  Example: Opportunistic TLS in SMTP  . . . . . . . . . . . . .   7
   5.  Operational Considerations  . . . . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   9
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

1.1.  Background

   Historically, Internet security protocols have emphasized
   comprehensive "all or nothing" cryptographic protection against both
   passive and active attacks.  With each peer, such a protocol achieves
   either full protection or else total failure to communicate (hard
   fail).  As a result, operators often disable these security protocols
   when users have difficulty connecting, thereby degrading all
   communications to cleartext transmission.

   Protection against active attacks requires authentication.  The
   ability to authenticate any potential peer on the Internet requires
   an authentication mechanism that encompasses all such peers.  No IETF
   standard for authentication scales as needed and has been deployed
   widely enough to meet this requirement.

   The Public Key Infrastructure (PKI) model employed by browsers to
   authenticate web servers (often called the "Web PKI") imposes cost
   and management burdens that have limited its use.  With so many
   Certification Authorities (CAs), not all of which everyone is willing
   to trust, the communicating parties don't always agree on a mutually
   trusted CA.  Without a mutually trusted CA, authentication fails,
   leading to communications failure in protocols that mandate
   authentication.  These issues are compounded by operational
   difficulties.  For example, a common problem is for site operators to
   forget to perform timely renewal of expiring certificates.  In Web
   PKI interactive applications, security warnings are all too frequent,
   and end-users learn to actively ignore security problems, or site
   administrators decide that the maintenance cost is not worth the
   benefit so they provide a cleartext-only service to their users.

Dukhovni                 Expires April 30, 2015                 [Page 2]
Internet-Draft           Opportunistic Security             October 2014

   The trust-on-first-use (TOFU) authentication approach assumes that an
Show full document text