Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution

Toerless Eckert <tte@cs.fau.de> Wed, 29 January 2020 19:14 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19DF3120953 for <architecture-discuss@ietfa.amsl.com>; Wed, 29 Jan 2020 11:14:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.949
X-Spam-Level:
X-Spam-Status: No, score=-3.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtLdfpYFkAfo for <architecture-discuss@ietfa.amsl.com>; Wed, 29 Jan 2020 11:14:36 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEF6712095C for <architecture-discuss@ietf.org>; Wed, 29 Jan 2020 11:14:34 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id B044C548005; Wed, 29 Jan 2020 20:14:28 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id A7859440059; Wed, 29 Jan 2020 20:14:28 +0100 (CET)
Date: Wed, 29 Jan 2020 20:14:28 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Jari Arkko <jari.arkko@piuha.net>
Cc: model-t@iab.org, architecture-discuss@ietf.org
Message-ID: <20200129191428.GT14549@faui48f.informatik.uni-erlangen.de>
References: <CA+9kkMDFm7nboqQY2OjNvmcWxs_30d_5NtBv8Nd1eLBnWKBaBw@mail.gmail.com> <6a1a019b-8666-269c-56ca-ebae4b69e9e8@huitema.net> <C7FDAD8F-D66A-4618-9F87-B1BB9CEA191B@cisco.com> <CABcZeBPKFEEDqQEGXZAD87n5cCsA75+uMGp-brq0JXBoW91LjQ@mail.gmail.com> <96A32815-C313-4C08-90FF-DDAFAD591287@cisco.com> <CACsn0ck9PDAOhZrbBZ7e4UVU7eNiSgrfVO7JL9zaYaX3if2WVw@mail.gmail.com> <DCE750AF-6439-4961-A4DA-ED855807F68E@cisco.com> <CAOW+2dvf6hhcCimis8Q0RUCtY_-ZkaoC6p6t-HpOj5K6Q6O08w@mail.gmail.com> <16390A67-B502-4278-B93E-2642025F356D@cisco.com> <385267B3-5524-44A1-825B-EC5AD22EE8E0@piuha.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <385267B3-5524-44A1-825B-EC5AD22EE8E0@piuha.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/jjuRkKTfOolWQimzL3lpiehWvtM>
Subject: Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 19:14:39 -0000

Thanks, Jari

Now i read from the text you a) want more security not less, but
that you b) do not want to expand the scope outside the Internet
thread model, which i read from BCP72 section 3/3.1 as being about
secure point to point transport connections (*), maybe with secure
discovery/naming of the peer, but not including any multi-hop transitive
security of distributed applications such as web-proxies. Right ?
section 3.1 doesn't really shine on defining a clear model to
scope the Internet thread model.

How about the transitive security of systems like DNS or BGP ? And
if thats in scope, then why not web proxies or other distributed
applications ? (there are feasible answers, but those answers
would have to be part of a BCP72bis better explanation of the
thread model, and if the answers are as i think, then so too would
be security considerations of SDN controllers).

I think the charter scope you would like to see would be easier
explained by providing also two examples: something in-scope and
missing in BCP72, and an example that just barely is outside the
scope of your intended charter.

Cheers
    Toerless


On Wed, Jan 29, 2020 at 06:59:39PM +0100, Jari Arkko wrote:
> It occurs to me that Stephen and I made some assumptions that were not made explicit, and this has lead to some of the questions we???ve received. Perhaps it would be useful to be more explicit. In particular, we really want to extend the threat model, not take away anything that already exists, or start to reconsider the hugely important role of comsec. 
> 
> Maybe this change would better describe the scope:
> 
> OLD:
> 
> The model-t program provides an open venue for analysis of the
> Internet threat model and has as a goal to produce a potential update
> to BCP72 that defines an Internet threat model that better matches
> today's reality.
> 
> NEW:
> 
> The model-t program provides an open venue for analysis of the
> Internet threat model and has as a goal to produce a potential update
> to BCP72 that defines an Internet threat model that better matches
> today's reality. Specifically, the intent is to document why an update is
> needed and provide a suggested update that could be considered by the
> IETF. A potential BCP72 update would likely extend the set of threats
> considered. Reducing the protection offered by current comsec
> mechanisms is a non-goal. Similarly, re-consideration of the parts
> of BCP72 that are outside the very narrow part on Internet threat
> model is not in scope.
> 
> Jari
> 
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

-- 
---
tte@cs.fau.de