On 4/25/17 18:29, Eric Rescorla wrote:
On Tue, Apr 25, 2017 at 3:51 PM, Adam Roach <[email protected]
<mailto:[email protected]>> wrote:
- Section 5 also suggests keys be encrypted or obfuscated
on the device
that is to use them, presumably in a way that can be
decrypted or
unobfuscated using information also on the device. I don't
know what the
current security area thinking around this is, but given
that the
information needed to retrieve plaintext keys is
necessarily present on
the device, this seems like a fig-leaf that provides an
illusion of
security without providing any real benefit. That
mis-impression seems
potentially harmful.
I only added this at the behest of one of the other reviews.
The problem
with security is that there conflicting opinions, and as the
adage goes
“everybody’s got one.” I’ll defer to the Security ADs.
Right; that's what I meant by "I don't know what the current
security area thinking around this is." I'd be curious to have EKR
or Kathleen weigh in
What I took home here was that you would encrypt them and display the
encrypted
version instead of showing asterisks. Is that not what the thinking was?
By my reading, this is just talking about encrypting "on the disk"
storage on the device. Any processes involved in provisioning the values
or using them to process traffic would have access to the plaintext,
presumably by reading the encrypted form off disk, reading some keying
material off disk, and combining them to retrieve the plaintext key.
My concern is: if these process can extract the plaintext key from
information stored on the disk, then so can other processes on the same
device. Encryption in this case seems to provide the mere illusion of
security -- akin to installing an deadbolt keyhole on a door that has no
actual bolt attached.
/a
_______________________________________________
rtgwg mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/rtgwg
