Security Threats and Risks for Open Pluggable Edge Services (OPES)
draft-ietf-opes-threats-03

Revision differences

Document history

Date Rev. By Action
2015-10-14
 03 (System) Notify list changed from <mrose+mtr.ietf@dbc.mtview.ca.us>, <hofmann@bell-labs.com> to <mrose+mtr.ietf@dbc.mtview.ca.us>
2004-09-24
 03 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2004-09-24
 03 Amy Vezza [Note]: 'RFC 3837' added by Amy Vezza
2004-08-31
 03 (System) RFC published
2004-02-09
 03 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2004-02-09
 03 Amy Vezza IESG state changed to Approved-announcement sent
2004-02-09
 03 Amy Vezza IESG has approved the document
2004-02-09
 03 (System) Last call text was added
2004-02-09
 03 (System) Ballot approval text was added
2003-12-12
 03 Ned Freed [Note]: 'Revised version received that addresses security<br>concerns; now good to go' added by Ned Freed
2003-12-12
 03 Ned Freed [Note]: 'Revised version needed to address additional security concerns' added by Ned Freed
2003-12-12
 03 Ned Freed [Note]: 'Revised version received that addresses security concerns; now good to go' added by Ned Freed
2003-12-10
 03 (System) New version available: draft-ietf-opes-threats-03.txt
2003-11-26
 03 Ned Freed State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Ned Freed
2003-11-26
 03 Ned Freed
The problem is the references in the document to doing hop-by-hop
encryption instead of end-to-end.  That's reasonable enough, since opes
can't peek through encryption.  But …
The problem is the references in the document to doing hop-by-hop
encryption instead of end-to-end.  That's reasonable enough, since opes
can't peek through encryption.  But how does the user request such a
thing, or how do you trick the browser into believing it?

A bad way -- a very bad way -- would be to have fake certificates
issued by some CA the browser probably trusts.  It might be possible to
do it -- in some cases -- by (consensually) rewriting the page that
points to the https:// content (assuming, of course, that the user
doesn't get the URL from somewhere else).  This rewriting isn't a great
solution, but it might be acceptable.  Of course, it does carry the
risk of confusing any user who looked at the status bar to see what URL
was next, or who looked at the URL of the nominally-secure page and
found some opes server's name.  Nevertheless, it's a scheme that can be
deployed without changes to browsers.

Ned quite correctly pointed out that this is an analysis document, not
a requirements or protocol document (though it does use SHOULD and MUST
in a few spots -- you may want to change that).  I do think that some
discussion of my concerns is warranted, if only to rule out fake
certificates -- that's a path we MUST NOT (to borrow from 2119) go down.
2003-11-26
 03 Ned Freed [Note]: 'Revised version needed to address additional security concerns' added by Ned Freed
2003-11-23
 03 Ned Freed [Note]: 'Further security area review underway' added by Ned Freed
2003-11-23
 03 Ned Freed Waiting on additional review from Steve Bellovin
2003-11-21
 03 Amy Vezza Removed from agenda for telechat - 2003-11-20 by Amy Vezza
2003-11-20
 03 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2003-11-06
 03 Ned Freed State Changes to IESG Evaluation from Publication Requested by Ned Freed
2003-11-06
 03 Ned Freed Intended Status has been changed to Informational from None
2003-11-06
 03 Ned Freed Placed on agenda for telechat - 2003-11-20 by Ned Freed
2003-02-10
 02 (System) New version available: draft-ietf-opes-threats-02.txt
2003-01-27
 01 (System) New version available: draft-ietf-opes-threats-01.txt
2002-12-23
 03 Jacqueline Hargest Shepherding AD has been changed to Freed, Ned from Alvestrand, Harald
2002-12-23
 03 Jacqueline Hargest Draft Added by Hargest, Jacqueline
2002-10-21
 00 (System) New version available: draft-ietf-opes-threats-00.txt