Minutes IETF109: saag
minutes-109-saag-00

Meeting Minutes Security Area Open Meeting (saag) AG
Title Minutes IETF109: saag
State Active
Other versions plain text
Last updated 2020-12-09

Meeting Minutes
minutes-109-saag

## WG Reports

[mostly already sent via email, and some sessions had yet to occur]
[no noteworthy updates from the IAB Model-T program]

## AD reports

Ben Kaduk - AD-sponsored drafts are in progress, albeit slowly.
draft-gont-numeric-ids-sec-considerations is about ready for IETF LC;
draft-foutil-securitytxt had an IETF LC but needs me to review the outcome.
OPENPGP is in the re-chartering process.
With Jim's passing, ACE has a co-chair vacancy.
Roman Danyliw - and not just for ACE; in general, if you have interest in being
a WG chair, please let us know.  Other highlights: vulnerability disclosure
guidelines for the IETF LLC and the IETF (protocols) in progress; we have a
last-resort alias that goes to Ben and me. I also want to plug our list of
"common DISCUSS topics" I'll also highlight that our "publication requested"
queues are both empty, a good change from recent times.  We tend to operate
first-come-first-served but are happy to reorder on request.

Ira McDonald - Is there a second WG chair for CBOR to replace Jim Schaad.
BK - CBOR is not in SEC area, but believe something is in the works

DKG - On the vulnerability disclosure topic;  I know there is a PGP key
published to send disclosure to, but its not published in common PGP key
servers or in WKD.  Are there plans to do either/both of those.
RD - absolutely coming; doc not yet published, still in GitHub, but that is on
the list of things as the document progresses DKG - if any help is needed,
reach out

RD - Thank you to the secdir reviewers -- they make a big different and we ant
to publicly acknowledge them.
BK - yes, huge thank you.  We tried hard to make this list complete, but if we
missed you it is our mistake.

## MITM/on-path terminology

BK - link to Michael Richardson's thread about what the "man in the middle"
terminology actually means, including his summary.  "On path" also may have
trouble, and there may not even be a single path.  Distinctions between
multiple classes of attack can be useful, and it would be useful to have clear
terminology to talk about them.  [Sets the stage a bit more, but ...] help?

Paul Hoffman - some similar conversations happening in DPRIVE right now;
willing to edit document, but not full decider; would be useful to have within
the next 9-12 months for a few WGs

Jonathan Hoyland - we should look to academia, sure there are some papers on
this; maybe limiting to 3 attacker types isn't sufficient; can get much more
complicated w/ relays
BK - can you or someone look through the literature?
JH - I can look through the literature

Joe Salowey - Is this something that would go along with the model-T work?
BK - right now not that's not clear to us; it's something model-T could or
should be thinking about but we may want something before model-T is done.

Jim Fenton - I'm confused about the problem to be solved: is this a question
of inclusive terminology, or possibly a finer grained definition of what a
MITM attack is?  If it is in terms of inclusive terminology - then there is
also work in the IETF terminology GitHub repo.  I don't know who's managing
that.
BK - the primary problem is that when you say "MITM", not everyone is thinking
the same thing; want everyone to understand the term.  Any inclusivity topics
would be a separate effort.

JH - If we're doing terminology should we be looking at RFC4949 (relayed for
Mohit from Jabber) BK - let's take that to the list, I'm not prepared for that
right now.

Hannes Tschofenig - we ue a lot of terms, I would like them aligned or at
least mappable to academic literature and what is used for formal analysis
BK - yes, that would be good

Paul Hoffman - to answer Jim Fenton - the other reason why it's important to
have good terminology is not only so that we have useable terms, but also so
that people can read our materials and find term definitions; I recently wrote
a paper recently and used MITM and got some interesting responses from
security novices but people who understand the internet.  One is, if there's
something in the middle, that is a machine and it's there all the time, not
necessarily a person; another is, coming from Doh, that the MITM are rarely
really in the middle, they're close to an edge; e.g. security admins putting
in proxies on their users.

Robert Moskowitz - do we need to differentiate between peer wise, multi-user,
broadcast, different communication types.  Is that a factor?
BK - we're just brain storming this, so reasonable to consider
RD - Two other things we heard: we should check things we've published already
in the IETF, and we should check for consistency and not publish something in
conflict.
BK - should this get split off into another mailing list outside of the SAAG
list?  **ADs will check in a few weeks on SAAG**
[The jabber log at https://www.ietf.org/jabber/logs/saag/2020-11-19.html has a
robust discussion of this topic]

## Requirements for Building a PKI

BK - Thanks for this talk.  Lots of good discussion in the jabber, and I think
we may have extracted a promise from Phill to give his sense of the history
here.  The second half of the talk is still useful.

PHB - Many details of the talk were wrong; Netscape didn't have a chain check
because it took a non-trivial # of seconds to connect to a website at the time
(stated vaugely); the crypto we use here is from the 90s, or really even has
its origins in Loren Kohnfelder's thesis from the 70's which was the blueprint
for PKIX.  For some things blockchains may be useful, let's use the right
tools for the topic.

David Schinazi - thanks Ryan for this talk; we should have some more
historical talks at IETF.  I learned a huge amount today.

Fraser Tweedale - Can you briefly talk about the topic of GREASE
Ryan - GREASE is hard because you need the cooperation of the CA as well as
the presenter and recipient of the CA; so you need a 3-party communication
problem; likely easier for something like S/MIME, but for TLS you have
1-cetificate and 1 shot to get it right; so it's risky to accept GREASE
certificates - who might break the world first; what CA will issue a GREASE
certificate.

## Open Mic

Kirsty P - could we use this time to talk about the vulnerability disclosure
policy: in particular timescale for publication?  How to harness
skills/knowledge in IETF to improve it. This is a v1, missing some things -
what will happen when for v2?
RD - this really documents the "as is" in the IETF; it doesn't try to change
anything other than adding an email address;  it doesn't really get IETF to
best practice, there could be a lot more work to be done to get IETF to
best-practice and that would involve consensus building;  IETF should probably
its own dog food, for example about to publish "security.txt" if the  IETF
should publish that.  We also can think about how much we want to reach out to
the implementation community and let them know about updates.
BK - are these evolutions that you (Roman) will be driving
RD - We need a community-based approach.  Something that came out of the
conversation of current work is whether we have a place for that conversation
to occur; I want to drive that consensus and get a mailing list for that
conversation.
Kirsty P - thanks, that sounds like a good plan

Dave Waltermire - I work on CVE outside of IETF as a CVE board member; want
other organizations to become a CVE numbering authority for creating CVE's;
has the IESG considered being a CVE numbering authority, issuing CVE's for
RFCs
RD - that's a good idea, we haven't talked about it, but it's come back as
feeback to the IESG.  What we're doing right now is not so bold as that, but
it's good fodder for IESG being better at vuln mgmt in general
DW - willing to help that if IESG is interested

PHB - blockchain is a hot topic in crypto; but I would urge people to start
looking at the threshold crypto world; next US administration will be looking
at consequences from Snowden, insider threats, etc.; I made a set of training
videos covering how threshold crypto works and will put up slides soo
BK - sounds good, post note to saag when slides are ready.

Chris Lemmons - I would second having CVE's for RFC's;  Where a tool gets made
and defines RFC's that it relies on and then can get notifications of CVE's RD
- Yes, if IESG goes that way, it makes sense to have that machine readable and
distributed for automated consumption CL - it's not simple, but there have
definitely been vuln's in RFCs

DKG - I'm more wary about assigning CVE's to RFC's; more likely to be assigned
to certain sections of an RFC, which may not be implemented in a tool; or
about how a tool is used in the world, or might be between intersection of
different RFCs.  I don't see how we can represent that for machine consumption
CL - this is a common problem w/ CVE's and not unique to RFCs; CVE's on
independent libraries often declare a vuln on a particular usage which might
not apply for everyone; (a) this may not be solveable for this problem and (b)
that might be okay that it isn't solveable, it shouldn't stop us from
producing easily digestable mechanisms.
RD - CVE's can refer to vulns across RFC's; RFC's vary a bit, this is why we
need conversation on the list.
DW - The CVE program is working on CVE v5 which includes a lot more metadata
in the vulnerability record and open to having more robust metadata to work
through these challenges; please work with us on CVE definition and don't
define your own record format; I will post to list
BK - good to have a forum for people to engage with you
RD - does CVE board have other SDO's on board?
DW - no, there is no SDO w/ issuing authority; it goes to entity of last
resort, currently MITRE
Joe Salowey - CVE format current is not perfect now and not entirely
automatible; but its encouraging that its still getting improved; it would be
good if IETF worked to improve that and get CVE better.  What kinds of things
do we want to be able to say, what protocols had problems, why, etc.
BK - looking to Dave W. to post more information on how to engage.
DW - will do
Hannes - OAUTH looked at security incidents related to OAUTH and they were
fairly complicated; first problem is to learn about the incidents at the
necessary level of detail; requires a lot of time to understand how the
vulnerability happened; some incidents took months to analyze, especially if
it involves custom variants of the protocol; who will do this?  this is really
tough.
RD - Yes, this can be really challenging; for people who come to IETF and
finding CVE's related to RFCs; also Hannes is being modest -- OAUTH is the
only WG with a defined vuln handling method in its charter.
BK - yes, its likely that WG's will have to get involved in handling this.
Confidential disclosure may not be a thing.
CL - inevitably there will be disclosures against closed WG's; need to plan
for that occurance too.
Sean Turner - reminds me of errata -- it's hard to get errata fixed against
closed WG's; vuln's will be really hard to deal with; as former chair of WG
wanted to stop getting notices on vulns because had to keep confidentiality,
etc.
DW - we're trying to dispell that all vulnerabilities need a fix; sometimes it
may be okay to publish a vulnerability even though there won't be a fix; maybe
that could be motivation to move to a newer protocol that doesn't have
vulnerabilities.
Hannes - As an example, OAUTH relied on JWT's but many implementations didn't
have policy checks on the JWT's (e.g., having the NULL ciphers); is that an RFC
vulnerability (maybe NULL cipher shouldn't be included); but then IETF needed
to try to reach out to MANY implementators of these systems and that was a
problem; it's a huge ecosystem and the long tail is really hard to solve; but
the fundamental protcol was fine and still in use.
DW - agree, and that's a classic problem in the space; another reason to
publish a CVE is to be able to publish guidelines around compensating controls
and implementation guidance; can generate an awareness campaign.
BK - thanks to Chris Inacio for taking minutes.

### meeting end