[LACNIC/Seguridad] Theo De Raadt sobre IETF e Identificadores Numericos Predecibles (Fwd: Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice)

[Fernando Gont]

Si en el día de hoy solo pueden leer un mail, lean este de abajo.

P.S.: NO creo que haga falta explicar a que se dedica Theo...

Saludos,
Fernando




-------- Forwarded Message --------
Subject: Re: [Last-Call] Last Call: 
<draft-gont-numeric-ids-sec-considerations-06.txt> (Security 
Considerations for Transient Numeric Identifiers Employed in Network 
Protocols) to Best Current Practice
Date: Thu, 17 Dec 2020 01:15:13 -0700
From: Theo de Raadt <deraadt en openbsd.org>
To: Fernando Gont <fgont en si6networks.com>
CC: Christian Huitema <huitema en huitema.net>, Joe Touch 
<touch en strayalpha.com>, Eric Rescorla <ekr en rtfm.com>, 
last-call en ietf.org, draft-gont-numeric-ids-sec-considerations en ietf.org

Fernando,

Thanks for bringing this discussion to my attention.

This conversation makes me sad and frightened of the future.

I have been involved in teams since 1989 who attempted to crush
attackable numeric identifiers in all layers of software.  It started
with RPC XIDs, DNS IDs, TCP IDs, PIDs, UDP/TCP port numbers, pid
numbers, NTP timestamps, it just went on and on.  Sadly hundreds of
line-items in standards by IETF, ANSI, and POSIX contain no guidance on
numeric identifier selection, and for decades developers chose the
simplest solutions which generally satisfied the primarly property
("temporal uniqueness"), but failed to consider other desireable
properties (leading to guessability, replay, etc).

Users on the Internet have encountered thousands of attackpoints which
could have been twarted (or been made more difficult) with a bit of
careful consideration.

One path towards solving that problem is introducing crypto layers,
which introduces it's own weight.

Full crypto is not the only path.

Eventually, observance of all the problems converged on the need for
strong random numbers in every Unix subsystem (kernel, libraries,
applications).  So our team eventually introduced strong random numbers
into OpenBSD, and inserted utilization of these numbres into every nook
and cranny.  (Random numbers also showed up in a few other operating
systems but they did not use them in every nook and crany).  We made
per-protocol decisions to retrofit random numbers into each problematic
identifier.  We engaged experts where needed, we performed multi-year
interop tests.  It took a decade to make safe IDs the default.  Then it
took another decade each change to be accepted as safe and correct, and
land in Linux and other systems.

So here we are today -- many legacy layers (such as TCP, DNS, NTP, etc)
use safer numeric identifiers in a majority of implementations, but
often the standards documents have not been updated to state so.

I believe this BCP is being written because it is largely impossible to
update guidance in older documents, and I suspect on a daily basis we'll
see new documents being written which ignore this guidance.

At this point I need to mention two of the authors of this draft were
been involved in two seperate OpenBSD efforts, 20+ years ago, for DNS
IDs, and later for TCP IDs related to RST and ICMP.  In each case,
OpenBSD acted as an incubator for their ideas.

BUT WHAT I'M READING IN THIS THREAD ATTEMPTS TO COUNTER NEARLY A
GENERATION OF DEVELOPED WISDOM.

How did a few of you becomes so full of yourselves?

You suggest NO GUIDANCE is needed.

You suggest the guidance is HARMFUL (to your drafts, and to the whole
ecosustem).

In the last 20 years we learned a catagory of simple rules which could
have prevented SIGNIFICANT HARM, but it is written nowhere.

The BCP says a protocol identifiers must be checked for safety, but if
they are safe, the job is done.  The BCP provides a checklist against
past problems and details a set of choices good.  This is such a simple 
task,
where is the outrage coming from?

Those rules should be in an IETF document, to ensure that protocol 
developers
are aware of the guidance.

This process of trying to block the dissemination of guidance to future
protocol developers shocks me.

It makes the IETF teamwork look like a circus.

I believe some of you have an invisible agenda, and your claims for why
this draft is problematic is fake.

I recommend you stop behaving like children.

Please start acting like adults that want a better world, a safer world,
a world where every simple safety measure is considered.

I'd like to close with my theory about what underlies the bogus
criticism that is being provided:

I believe there are people amongst us who recognize that most
recommendations in this BCP collapse to requiring strong random number
generation in all relevant compute environments, and the crypto wars
have begun again and pervasive random numbers are a thread to such people.

As someone who went through the last crypto war, I really hope this BCP
goes through because it will make random numbers generators pervasive.