Re: [arch-d] Possible new IAB program on Internet trust model evolution

Brian E Carpenter <> Fri, 24 January 2020 19:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 025C212011E for <>; Fri, 24 Jan 2020 11:46:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6a5P2bMU_wtu for <>; Fri, 24 Jan 2020 11:46:52 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 53EE9120858 for <>; Fri, 24 Jan 2020 11:46:52 -0800 (PST)
Received: by with SMTP id s64so1636026pgb.9 for <>; Fri, 24 Jan 2020 11:46:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Az2Kkbjs2kzUtVWge3eLMIk1jN0NnpaYkKw/6D/hvAE=; b=epazG/oqJLxe5Zes4PBGz/QqxgulCiU17ConJMS3r5f/8E+q4ctzBchEqcC+5x3uU5 Kx6nguBKB+tWSmN6mkTsBzBVPINDgYz7emHsPQqsJY96Qsm1qIIVboUbU6kjBK3BwJLE IeVEVYCRN4OZPzOXlhm8qf13d6O3ccIRLnEatGRgcvFf+eddRCbxG/LyhkEJrlXZiu8f 9NHOKkQLkWMTGw4jXJM40uviKHo9ah3+u1KutCcEarr0eUVqsfZKH89CqvqvaLtrJedL WLG45+a7XX9/iTOnO5gcc96YnKL55TjXbN3TbMuwEiMju+Y3XaQ36nySJJfHJEUy1O0h ojMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=Az2Kkbjs2kzUtVWge3eLMIk1jN0NnpaYkKw/6D/hvAE=; b=SXdGAbByOMlWFFOxJOuD7Mdfivl6fTETLMzl8OfYNtAilM0uUhz0PPOUGkGm26OGPG nr0xp3VMBp60EzFvHE4DpIRMvtic4oF2/l4b5FQ2FGV0NqKz7IXd/xkLZI1HQXPQgxDM qbZZ97NTCYS33mKWuLcuxuKl+3wkzxBd7tvmNoyoO9CWjfm/Zfckdt2WyJqg2aw92Oxa x9U853SiNpy0V6C4AVFXn65RGb3jukqui+1fBD9iflglzd8ihQr8AqPx76eJHBb5H0/K 3A1vlc9gCuyhqzVkn5IH8nnADtht+p9cyxH1CbF6SLxJ864v5yTK7IMGXnUe0Bc3SrTd 5jTw==
X-Gm-Message-State: APjAAAW6XGVkayrC94GGs+qioK+v7mJIQXEtQkTqHhuDaRs1hBnfV7LC rTYu1qyh96aMqULhiqBJYEhK1q/J
X-Google-Smtp-Source: APXvYqzy7HU6gQc6/gBl4/JL/F9NWhA/w2Vf+gMptDEgYWnQ6YaKeYuMF2vz8R1t3ItrtA0xkWlb5A==
X-Received: by 2002:a65:4c82:: with SMTP id m2mr5656645pgt.432.1579895211390; Fri, 24 Jan 2020 11:46:51 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id 136sm7343202pgg.74.2020. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Jan 2020 11:46:50 -0800 (PST)
To: Jari Arkko <>,,
References: <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Sat, 25 Jan 2020 08:46:46 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [arch-d] Possible new IAB program on Internet trust model evolution
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 24 Jan 2020 19:46:55 -0000


I'm confused. What we have in RFC3552 is very intentionally guidance for
RFC writers on what they need to cover in their RFCs. Its specific purpose
was to get rid of "Security considerations are not discussed in this memo." 
Its purpose was not primarily to define an abstraction like a "trust model"
or a "threat model" (the draft charter seems a bit vague about which of those
it means).

I really do not want to see the pragmatic purpose of RFC3552 lost in the
effort to define these abstractions. I don't think that is the intention,
but the text seems to imply that RFC3552 was mainly a description of a
generic threat model, which it wasn't.

I am not against an IAB effort to analyse how the threat and trust models
(plural) have evolved since the security workshop [RFC2316] that ultimately
led to RFC3552. That seems like a good idea. An update of "Guidelines for
Writing RFC Text on Security Considerations" also seems like a good idea.
But the draft charter text seems to conflate these two separate lines of

Incidentally, while writing the above it occurred to me why the phrase
"IAB program" has always slightly disturbed me. Really the proposal is
a virtual IAB workshop (whereas RFC2316 came from three days in a room
together in Murray Hill, NJ). A good idea, but not a program.


On 25-Jan-20 00:49, Jari Arkko wrote:
> The IAB are considering starting up a programme on Internet
> trust model evolution as described in the link at the bottom of this
> email.
> We'd like to get feedback on that idea and the text. As you may
> be aware, in 2019 a number of documents were published on
> this topic and discussions held (on the mailing list, SAAG, side
> meeting at IETF-106, workshops, etc). There’s also a virtual
> meeting coming up on February 14th.
> To be clear, any output from this program would be text offered 
> to the IETF for consideration - it is not within the IAB's remit, nor 
> that of an IAB program, to modify a BCP. Nonetheless, an IAB 
> program offers a good venue for this work, as it perhaps allows 
> for more focus on the evolving architecture aspect within this space.
> The plan is for the new program to be entirely open for participation,
> similar to how the current work has already been. That is, the mailing
> list is open for all interested to join, meetings are open and listed
> in the public agendas. The IAB will find a chair or chairs for the
> group to stay organised.
> There's no specific deadline for this, but the IAB will consider this
> further in the next few weeks, so if you could take a few minutes 
> to share your thoughts on this that'd be great.
> Stephen & Jari
> _______________________________________________
> Architecture-discuss mailing list