This article is more than 1 year old

Security? Don't bother until it's needed says RFC

Would 'some protection most of the time' be an improvement?

All-or-nothing approaches to security are part of what's making it so hard to achieve acceptable protection, a new RFC suggests.

Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don't have the same capabilities, the connection fails – can result in users avoiding encryption, for example, because it's too inconvenient; or administrators switching off because user problems are too frequent.

If it's easy to gracefully upgrade the security available to an end user, rather than the often fatal downgrade when there's an interop or capability mismatch, adoption should increase he argues.

“Security services that work reliably (when not under attack) are more likely to be deployed and enabled by default”, the RFC states.

Hence Dukhovni suggests where suitable (more on “suitable” shortly), the assumption should be reversed: peers assume that their starting point is cleartext, check each others' advertised security capabilities, and incrementally work up to the best security they're both able to support.

“An [opportunistic security] protocol is not falling back from comprehensive protection when that protection is not supported by all peers; rather, [opportunistic security] protocols aim to use the maximum protection that is available”, he writes.

Protocols designed on such a basis would make it easier to use security, and thus encourage its adoption.

“Until now, the protocol designer has viewed protection against both passive and active attacks as the default, and anything short of that as 'degraded security' or a 'fallback'”, he writes.

Explaining why the opportunistic view may be better in the larger context, he writes:

“Failure to encrypt may be more often a symptom of an interoperability problem than an active attack. In such a situation, occasional fallback to cleartext may serve the greater good. Even though some traffic is sent in the clear, the alternative is to ask the administrator or user to manually work-around such interoperability problems.”

Dukhovni notes that opportunistic security protocols must assume that explicit security policies take precedence over the opportunistic protocol.

As with all RFCs, this one will be subject to discussion and may go nowhere, but El Reg will be interested in how readers see it. ®

More about

TIP US OFF

Send us news


Other stories you might like