[cryptography] CICM Scope

Novikov, Lev lnovikov at mitre.org
Mon Aug 15 17:19:56 EDT 2011


(Cross-posted on the Cryptography mailing list at randombit.net)

I've been doing a bit of reading based on the comments we've received.

The results of the BOF at IETF 81 suggested we should broaden our
scope and discuss the impact of the CICM Model, particularly Security
Domain Separation, on (2 or more) existing IETF protocols.

Here are the suggestions we've heard to-date (in no particular order):
  * IPsec (suggested by almost everyone)
  * TLS (via Paul Hoffman, David McGrew)
  * AEAD (in RFC 5116; via David McGrew)
  * VPN establishment crypto protocols (via Alfonso De Gregorio)
  * Domain Security Services (as in RFC 3183; via Alfonso De Gregorio)

** Alfonso:
  Can you elaborate on which protocols you had in mind regarding VPN?

It seems clear that, at the very least, we should look at IPsec.

Perhaps first, however, we should put together a crisper version of
draft-lanz-cicm-lm "CICM Logical Model" which we can then use as the
basis for analysis to address questions like: (via David McGrew)

  * What benefit does the CICM model provide in cases where there
    isn't a strict separation between security domains?

  * How can the CICM model operate if only one of the communicating
    parties uses the model?

  * What is the impact of having queues between plaintext and
    ciphertext on:
    - latency
    - jitter
    - retransmission timers
    - TCP startup time
    - bufferbloat

  * What is the impact of not providing return codes to a secure-side
    application sending a packet? What about "no route to host" and 
    MTUs?

  * Regarding applying the CICM model to IPsec:
    - How would it map onto the IPsec Security Association Database?
    - Where do the different parts of the IPsec architecture reside?
    - How is information that needs to cross domains (e.g., TOS byte)
      handled?
    - How is ICMP handled?

At a higher level, we could also address questions such as:

  * How can we further push responsibility for performing cryptography
    correctly into the crypto (e.g., being responsible for
    initialization vectors)? (via David McGrew)

  * How can we improve integrity guarantees between security domains
    or among system-level components? (via Alfonso De Gregorio)

  * How can we improve the practice of transmitting and storing data 
    at mixed levels of sensitivity? (via Joe Mitola)

Other ideas / questions?

Are there other people / WGs we should get involved?

Lev



More information about the cryptography mailing list