Usability RE: Write an RFC Was: experiments in the ietf week
What I am trying to get at here is the problem of usability. Security is no use to me to stop Internet crime if everyone either turns it off or is unable to use it. The layered model is a big problem here because the lower layers abstract away the user. There is no user interface, there are no user oriented use cases and as a result the protocols fail to deliver the necessary information to the upper layers to allow the user to make sure that they are safe. 3. Do Not Verify Server Cert and we won't verify yours :) OK, it is a good idea to turn on confidentiality and integrity. But this is not something that is really going to help solve the evil twin WiFi attack out in the general population. Its a pretty insidious attack as the effects are localized and we can't measure the frequency. If we are going to do experiments then we should be providing feedback to the relevant parties. Pointing out to the IEEE that WiFi security fails basic principles of security usability - the user does not have sufficient information to distinguish the intended connection from the twin - would be a useful purpose. Of course, going round pointing out this sort of thing to others would make it incumbent on us to fix the same problems in our protocols. -Original Message- From: Patrik Fältström [mailto:[EMAIL PROTECTED] Sent: Mon 24/03/2008 10:30 PM To: Hallam-Baker, Phillip Cc: Russ Housley; IETF Discussion Subject: Re: Write an RFC Was: experiments in the ietf week On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote: I am willing to have a go at it next time round but only if I have some idea what I am expected to have on my machine and what authentication indicata I am to expect. As it stands there is no way for me to evaluate an authentic or inauthentic experience. I don't know what authentic looks like. I have no trust anchor. This email message sent to me was enough of a trust anchor to use 802.1x. Specifically as the instructions are the same as IETF-70 and previous meetings. http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html Sure, the mail was not signed, but I also asked a friend at the meeting what he used. And as we both had the same instructions, we trusted that. If we wanted to, we could have asked someone actually running the network, but we did not feel we had to. Patrik ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Write an RFC Was: experiments in the ietf week
Phillip does have a point regarding 802.1x authentication, which is typically used to authenticate the user to the service, and not vice versa. Conceivably a person could set up an evil access point that advertises the same beacon as the official access points, and has 802.1x enabled to accept the same shared user name and password (which is also well publicized). One way that could make this much more secure from the user viewpoint would be for every attendee to receive an individual 802.1x user name and password, perhaps printed on the back of their name tag. Presumably an evil access point would not have access to these names and passwords, so users can be sure that they are attaching to an official access point. But as this would create much more work for the NOC and admin staff, I'm not advocating we do that. Cheers, Andy On Mon, Mar 24, 2008 at 10:30 PM, Patrik Fältström [EMAIL PROTECTED] wrote: On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote: I am willing to have a go at it next time round but only if I have some idea what I am expected to have on my machine and what authentication indicata I am to expect. As it stands there is no way for me to evaluate an authentic or inauthentic experience. I don't know what authentic looks like. I have no trust anchor. This email message sent to me was enough of a trust anchor to use 802.1x. Specifically as the instructions are the same as IETF-70 and previous meetings. http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html Sure, the mail was not signed, but I also asked a friend at the meeting what he used. And as we both had the same instructions, we trusted that. If we wanted to, we could have asked someone actually running the network, but we did not feel we had to. Patrik ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Write an RFC Was: experiments in the ietf week
Yes, a security experiment is not so interesting without an attack. I would like an evil twin access point to be set up with a cert that says 'evil twin' and measure how much traffic goes through it. This is frequently done at BlackHat albeit not necessarily in a manner that complies with human subjects criteria. Its not much of a security experiment if you only measure whether people can deploy it. From: Andrew G. Malis [mailto:[EMAIL PROTECTED] Sent: Tue 25/03/2008 9:05 AM To: Patrik Fältström Cc: Hallam-Baker, Phillip; IETF Discussion Subject: Re: Write an RFC Was: experiments in the ietf week Phillip does have a point regarding 802.1x authentication, which is typically used to authenticate the user to the service, and not vice versa. Conceivably a person could set up an evil access point that advertises the same beacon as the official access points, and has 802.1x enabled to accept the same shared user name and password (which is also well publicized). One way that could make this much more secure from the user viewpoint would be for every attendee to receive an individual 802.1x user name and password, perhaps printed on the back of their name tag. Presumably an evil access point would not have access to these names and passwords, so users can be sure that they are attaching to an official access point. But as this would create much more work for the NOC and admin staff, I'm not advocating we do that. Cheers, Andy On Mon, Mar 24, 2008 at 10:30 PM, Patrik Fältström [EMAIL PROTECTED] wrote: On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote: I am willing to have a go at it next time round but only if I have some idea what I am expected to have on my machine and what authentication indicata I am to expect. As it stands there is no way for me to evaluate an authentic or inauthentic experience. I don't know what authentic looks like. I have no trust anchor. This email message sent to me was enough of a trust anchor to use 802.1x. Specifically as the instructions are the same as IETF-70 and previous meetings. http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html Sure, the mail was not signed, but I also asked a friend at the meeting what he used. And as we both had the same instructions, we trusted that. If we wanted to, we could have asked someone actually running the network, but we did not feel we had to. Patrik ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Write an RFC Was: experiments in the ietf week
Phillip, write an Internet Draft prior to the experiment, +1 *IPv6 Next Steps* The Philadelphia IPv6 outage tested one specific aspect of the transition - is there an IPv6 network on the other side to connect to in due course, is it possible to run a pure IPv6 network? I think that that is one useful data point to test but not the only significant data point. In particular the biggest problem we have is the exhaustion of IPv4 space. The most important network test to make in my view is whether current generation machines work acceptably on an IPv6+NATv4Share connection for typical end user tasks. I agree, and I think that's been the focus of many folks working in this space. Lets see what we can come up with for Dublin. By 'acceptably' I mean ZERO-click administration. No configuration tweaks whatsoever. If a product does not run out of the box it has failed. *Secure WiFi Connection* I would like to see some demonstration of the fact that the default WiFi configuration on all existing platforms provides zero protection against an 'evil twin' WiFi attack. Using WPA protection has little value unless you have mutual authentication. The current specs don't allow for that. Is there something missing from ietf.1x ssid support that we've had for years? It uses IETF standards, too... Jari ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Write an RFC Was: experiments in the ietf week
Phillip: Have you tried the SSID at the IETF meetings that is configured to make use of 802.1x? Russ At 01:49 PM 3/24/2008, Hallam-Baker, Phillip wrote: Secure WiFi Connection I would like to see some demonstration of the fact that the default WiFi configuration on all existing platforms provides zero protection against an 'evil twin' WiFi attack. Using WPA protection has little value unless you have mutual authentication. The current specs don't allow for that. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Write an RFC Was: experiments in the ietf week
Well I would submit that there is a major problem there on the security usability front. Don't make me think. My tolerance for network configuration is vastly greater than the typical user. This has to all just work, just like my Apple Mac did on the home network the day I bought it. Not like my Apple Mac this morning which for some unaccountable reason no longer sees the machines it acknowledged before and gives me precisely zero information to allow me to determine the cause. From: Jari Arkko [mailto:[EMAIL PROTECTED] *Secure WiFi Connection* I would like to see some demonstration of the fact that the default WiFi configuration on all existing platforms provides zero protection against an 'evil twin' WiFi attack. Using WPA protection has little value unless you have mutual authentication. The current specs don't allow for that. Is there something missing from ietf.1x ssid support that we've had for years? It uses IETF standards, too... Jari ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Write an RFC Was: experiments in the ietf week
I am willing to have a go at it next time round but only if I have some idea what I am expected to have on my machine and what authentication indicata I am to expect. As it stands there is no way for me to evaluate an authentic or inauthentic experience. I don't know what authentic looks like. I have no trust anchor. -Original Message- From: Russ Housley [mailto:[EMAIL PROTECTED] Sent: Mon 24/03/2008 3:22 PM To: Hallam-Baker, Phillip Cc: IETF Discussion Subject: Re: Write an RFC Was: experiments in the ietf week Phillip: Have you tried the SSID at the IETF meetings that is configured to make use of 802.1x? Russ At 01:49 PM 3/24/2008, Hallam-Baker, Phillip wrote: Secure WiFi Connection I would like to see some demonstration of the fact that the default WiFi configuration on all existing platforms provides zero protection against an 'evil twin' WiFi attack. Using WPA protection has little value unless you have mutual authentication. The current specs don't allow for that. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Write an RFC Was: experiments in the ietf week
On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote: I am willing to have a go at it next time round but only if I have some idea what I am expected to have on my machine and what authentication indicata I am to expect. As it stands there is no way for me to evaluate an authentic or inauthentic experience. I don't know what authentic looks like. I have no trust anchor. This email message sent to me was enough of a trust anchor to use 802.1x. Specifically as the instructions are the same as IETF-70 and previous meetings. http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html Sure, the mail was not signed, but I also asked a friend at the meeting what he used. And as we both had the same instructions, we trusted that. If we wanted to, we could have asked someone actually running the network, but we did not feel we had to. Patrik ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf