Presentation is loading. Please wait.

Presentation is loading. Please wait.

The need for better security considerations guidance

Published byIris Sparks Modified over 5 years ago

Similar presentations

Presentation on theme: "The need for better security considerations guidance"— Presentation transcript:

1 The need for better security considerations guidance
Dan Romascanu (with Contributions from Andy Bierman and Pasi Eronen) IETF meeting Montreal, July 2006

2 Scope Need for more clear and detailed guidelines for security sections in protocol documents Discussed at the IESG retreat in May What is the range of applicability of BCP 61 (RFC 3365)? What's wrong with BCP 72 (RFC 3552)? Some ideas for improvement

3 Is anything wrong? About 35% of the DISCUSSes in the IESG documents review are security-oriented based on Bill Fenner’s statistics and direct observation of the IESG meetings many of them seem to be pretty fundamental, reflecting a gap between the level of understanding of the security requirements between protocol designers and security experts They come very late in the process, especially if security reviews were not performed in the document prior the discussion in the IESG Lack of consensus and consistency among security advisors Especially when it comes to applying the latest standards which may be work-in-progress RESULT Frustrating last-minute delays in getting protocol documents approved Lack of determinism in assessing how far a document is from completion Perception that security is ‘black magic’ – cannot be solved in a rational manner, better try to finesse Eventually – either ‘secure and late’ or ‘non-secure’ documents, and a lot of frustration and incertitude

4 What is the range of applicability of BCP 61 (RFC 3365)?
RFC Strong Security Requirements for Internet Engineering Task Force Standard Protocols The principal problem is that RFC 3365 is too ‘high level’ E.g. – I do not know what to do with: Yet we often require cryptographic technology to implement authentication and integrity of protocol messages. So if the question is "MUST we implement confidentiality?" the answer will be "depends". However if the question is "MUST we make use of cryptographic technology?" the answer is "likely". It really needs some implementation notes Including some sort of table to help a WG figure out which security feature requirements match which protocols to use

5 What's wrong with BCP 72 (RFC 3552)?
RFC Guidelines for Writing RFC Text on Security Considerations Timeliness A large number of references are obsoleted and updated RFC2402 obsoleted by 4302, 4305 RFC2535 is obsoleted by RFC4033, RFC4034, RFC4035, Updated by RFC2931, RFC3007, RFC3008, RFC3090, RFC3226, RFC3445, RFC3597, RFC3655, RFC3658, RFC3755, RFC3757, RFC3845  2406 is Obsoleted by RFC4303, etc., etc. (not to speak about work-in-progress – e.g and 4366 was referred in security reviews months before publication) over-emphasizes communications security. While the "Internet threat model" (bad guys in the network between two-or-more honest parties) in Section 3 is of course very traditional for cryptographic protocols (like IPsec and TLS), it maybe outright misleading for most IETF protocols. example: in RFC 4072 (Diameter EAP Application) security considerations section, the communication security threats are dealt with a single paragraph. The rest of the five _pages_ deals with threats arising from authenticated Diameter peers. Section 5 - Writing Security Considerations Sections is extremely ‘thin’ It is already thin wrt. Sections 3 (Internet Threat model) and Section 4 (common issues – actually requirements) and does not help a document author understand what is expected Not everything fits into a Security Considerations section Security needs to be embedded in the design of the protocol Extended security sections or separate documents (e.g. RFC 4261)

6 Some ideas for improvement
Update RFC 3552 Create a ‘living’ Web version that can be updated permanently to reflect later security documents Try to catch things earlier Enforce mandatory security reviews prior to the IESG review for any new protocol document early review process Increase the level of determinism by better documenting the security requirements A guidelines document about how to perform security reviews which could be used by the document authors to understand what they would expect Crafted on the example of what RFC 4181 is for MIB reviewers and MIB documents authors Adapt security requirements to the scope of the protocol Routing, signaling, provisioning, monitoring – each have different needs Better educational materials Revise EDU security material so that much more information is provided about when and how does strong security apply? ‘how to design security into protocols’? - today’s ‘Security Considerations Considerations’ section does not even mention RFC 3552!

Download ppt "The need for better security considerations guidance"

Similar presentations

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
Timeliness, Effectiveness, Quality and the IETF Aaron Falk

Timeliness, Effectiveness, Quality and the IETF Aaron Falk
Status of L3 PPVPN Working Group Documents Ross Callon Ron Bonica Rick Wilder.

Status of L3 PPVPN Working Group Documents Ross Callon Ron Bonica Rick Wilder.
Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.

Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Network Management Complexities Dan Romascanu (Contributed in discussions by Andy Bierman, David Harrington, Juergen Schoenwealder) IESG Retreat Boston,

Network Management Complexities Dan Romascanu (Contributed in discussions by Andy Bierman, David Harrington, Juergen Schoenwealder) IESG Retreat Boston,
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.

March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
Assessment on the implementation of the Mediterranean Strategy for Sustainable Development 2005 - 2010 Dr Nicola Cantore Overseas Development Institute,

Assessment on the implementation of the Mediterranean Strategy for Sustainable Development Dr Nicola Cantore Overseas Development Institute,
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.
Dime WG Status Update IETF#80, 1-April-2011. Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.

Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.
Disman – IETF 56 Alarm MIB Sharon Chisholm Dan Romascanu

Disman – IETF 56 Alarm MIB Sharon Chisholm Dan Romascanu
3777 drp 1 Arbiter Report: RFC 3777 Dispute Resolution Jan. 2008 Scott Bradner 12 March 2008.

3777 drp 1 Arbiter Report: RFC 3777 Dispute Resolution Jan Scott Bradner 12 March 2008.
Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.
Management Considerations Sharon Chisholm

Management Considerations Sharon Chisholm
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.

1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.
Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.

Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Similar presentations

Ads by Google