idnits 2.17.1 draft-vcgtf-crypto-assets-security-considerations-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (June 7, 2018) is 2150 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Nakajima 3 Internet-Draft Mercari, Inc. 4 Intended status: Informational June 7, 2018 5 Expires: December 9, 2018 7 General Security Considerations for Crypto Assets Exchange 8 draft-vcgtf-crypto-assets-security-considerations-00 10 Abstract 12 This document discusses the threat, risk, and controls on the 13 followings; Online system of crypto assets exchange that provides the 14 exchange service to its customer (consumers and trade partners); 15 assets information (including the private key of the crypto assets) 16 that the online system of a crypto assets exchange manages; Social 17 impact that can arise from the discrepancy in the security measures 18 that are implemented in the online system of a crypto assets 19 exchange. 21 This document is applicable to the crypto assets exchanges that 22 manages the private key that corresponds to the crypto assets. It 23 includes the organizations that outsources the key management to 24 another organization. In such a case, the certain recommendations 25 applies to those outsourcers. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on December 9, 2018. 44 Copyright Notice 46 Copyright (c) 2018 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Scope of this document . . . . . . . . . . . . . . . . . . . 3 63 3. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 64 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 5. Basic description of a model online system of a crypto assets 66 exchange . . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 5.2. A basic model of online system of a crypto assets 69 exchange and its functional components . . . . . . . . . 3 70 5.3. The flow leading to the sending of the transaction . . . 4 71 5.4. Types of keys that are used for signature and encryption 4 72 5.4.1. Type of keys . . . . . . . . . . . . . . . . . . . . 4 73 5.4.2. A flow for the key generation and the key usage . . . 4 74 5.4.3. On the usage of multiple keys . . . . . . . . . . . . 4 75 5.4.4. On the suspension of keys . . . . . . . . . . . . . . 4 76 5.5. On the characteristics of crypto assets on Blockchain and 77 distributed ledger technologies . . . . . . . . . . . . . 4 78 5.5.1. General . . . . . . . . . . . . . . . . . . . . . . . 4 79 5.5.2. The importance of the private key used for signing . 4 80 5.5.3. Diversity of implementations . . . . . . . . . . . . 4 81 5.5.4. Risk on the unapproved transactions . . . . . . . . . 4 82 6. Basic objectives for the security management of crypto assets 83 exchanges . . . . . . . . . . . . . . . . . . . . . . . . . . 4 84 7. Approaches to basic security controls . . . . . . . . . . . . 4 85 8. Sector specific security management controls for crypto 86 assets exchanges . . . . . . . . . . . . . . . . . . . . . . 5 87 8.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 5 88 8.2. On the direction of the information security management . 5 89 8.3. On the controls for key recovery . . . . . . . . . . . . 5 90 8.4. On the controls against theft and leakage of the private 91 key for signing . . . . . . . . . . . . . . . . . . . . . 5 92 8.5. On the illegal operation of the private key for signing . 5 93 8.6. On the illegal operation against the assets data . . . . 5 94 8.7. On the user authentication . . . . . . . . . . . . . . . 5 95 8.8. On the withdrawal of the coins . . . . . . . . . . . . . 5 96 8.9. On the transfer of the crypto assets to an unused address 5 98 9. Remaining issues . . . . . . . . . . . . . . . . . . . . . . 5 99 10. Security Considerations . . . . . . . . . . . . . . . . . . . 5 100 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 101 12. Normative References . . . . . . . . . . . . . . . . . . . . 5 102 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 5 103 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 105 1. Introduction 107 TODO Introduction 109 2. Scope of this document 111 In this document, crypto assets exchange operators which hold a 112 private key of crypto assets. 114 3. Conventions and Definitions 116 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 117 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 118 "OPTIONAL" in this document are to be interpreted as described in BCP 119 14 [RFC2119] [RFC8174] when, and only when, they appear in all 120 capitals, as shown here. 122 4. Terminology 124 o Wallet 126 o Fork of blockchain 128 5. Basic description of a model online system of a crypto assets 129 exchange 131 5.1. General 133 In this clause, a model online system of a crypto assets exchange 134 that is used to explain the concepts and provisions in this document 135 are explained. 137 5.2. A basic model of online system of a crypto assets exchange and its 138 functional components 140 Followings are the basic model of a crypto assets exchange that this 141 document deals with. 143 5.3. The flow leading to the sending of the transaction 145 5.4. Types of keys that are used for signature and encryption 147 5.4.1. Type of keys 149 5.4.2. A flow for the key generation and the key usage 151 5.4.3. On the usage of multiple keys 153 5.4.4. On the suspension of keys 155 5.5. On the characteristics of crypto assets on Blockchain and 156 distributed ledger technologies 158 5.5.1. General 160 5.5.2. The importance of the private key used for signing 162 5.5.3. Diversity of implementations 164 5.5.3.1. On the cryptographic algorithms used by crypto assets 166 5.5.3.2. On the possibility of the forking of the Blockchain 168 5.5.3.3. Rollback by reorganization 170 5.5.3.4. The treatment of the forked crypto assets 172 5.5.4. Risk on the unapproved transactions 174 5.5.4.1. General 176 5.5.4.2. The handling of the unapproved transactions 178 5.5.4.3. Transaction failures caused by the vulnerabilities of the 179 implementation or the specification of the crypto assets 181 6. Basic objectives for the security management of crypto assets 182 exchanges 184 7. Approaches to basic security controls 185 8. Sector specific security management controls for crypto assets 186 exchanges 188 8.1. General 190 8.2. On the direction of the information security management 192 8.3. On the controls for key recovery 194 8.4. On the controls against theft and leakage of the private key for 195 signing 197 8.5. On the illegal operation of the private key for signing 199 8.6. On the illegal operation against the assets data 201 8.7. On the user authentication 203 8.8. On the withdrawal of the coins 205 8.9. On the transfer of the crypto assets to an unused address 207 9. Remaining issues 209 10. Security Considerations 211 TODO Security 213 11. IANA Considerations 215 This document has no IANA actions. 217 12. Normative References 219 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 220 Requirement Levels", BCP 14, RFC 2119, 221 DOI 10.17487/RFC2119, March 1997, 222 . 224 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 225 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 226 May 2017, . 228 Appendix A. Contributors 229 Author's Address 231 Hirotaka Nakajima 232 Mercari, Inc. 234 Email: hiro@awa.sfc.keio.ac.jp