Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution

Jari Arkko <jari.arkko@piuha.net> Wed, 29 January 2020 17:59 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13BDA1208C9 for <architecture-discuss@ietfa.amsl.com>; Wed, 29 Jan 2020 09:59:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMKSkflp8DRu for <architecture-discuss@ietfa.amsl.com>; Wed, 29 Jan 2020 09:59:43 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 877A0120837 for <architecture-discuss@ietf.org>; Wed, 29 Jan 2020 09:59:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id D34DB6601DF; Wed, 29 Jan 2020 19:59:42 +0200 (EET)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c17HkwnHBIeu; Wed, 29 Jan 2020 19:59:40 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id 6667E660135; Wed, 29 Jan 2020 19:59:40 +0200 (EET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <16390A67-B502-4278-B93E-2642025F356D@cisco.com>
Date: Wed, 29 Jan 2020 18:59:39 +0100
Cc: architecture-discuss@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <385267B3-5524-44A1-825B-EC5AD22EE8E0@piuha.net>
References: <E2D709DC-DD01-4946-B2F1-7EE0E101DEF0@piuha.net> <dff1c31e-44d4-6045-aaeb-03ac1e855200@gmail.com> <CABcZeBOYsP+SBNdLqc-wmyJAs1A+hvWbKud_XfvDgi9zJVMD+w@mail.gmail.com> <CA+9kkMDFm7nboqQY2OjNvmcWxs_30d_5NtBv8Nd1eLBnWKBaBw@mail.gmail.com> <6a1a019b-8666-269c-56ca-ebae4b69e9e8@huitema.net> <C7FDAD8F-D66A-4618-9F87-B1BB9CEA191B@cisco.com> <CABcZeBPKFEEDqQEGXZAD87n5cCsA75+uMGp-brq0JXBoW91LjQ@mail.gmail.com> <96A32815-C313-4C08-90FF-DDAFAD591287@cisco.com> <CACsn0ck9PDAOhZrbBZ7e4UVU7eNiSgrfVO7JL9zaYaX3if2WVw@mail.gmail.com> <DCE750AF-6439-4961-A4DA-ED855807F68E@cisco.com> <CAOW+2dvf6hhcCimis8Q0RUCtY_-ZkaoC6p6t-HpOj5K6Q6O08w@mail.gmail.com> <16390A67-B502-4278-B93E-2642025F356D@cisco.com>
To: model-t@iab.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/kpcFfpW5jz7VGEVmM2uyjNZ5jFg>
Subject: Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 17:59:47 -0000

It occurs to me that Stephen and I made some assumptions that were not made explicit, and this has lead to some of the questions we’ve received. Perhaps it would be useful to be more explicit. In particular, we really want to extend the threat model, not take away anything that already exists, or start to reconsider the hugely important role of comsec. 

Maybe this change would better describe the scope:

OLD:

The model-t program provides an open venue for analysis of the
Internet threat model and has as a goal to produce a potential update
to BCP72 that defines an Internet threat model that better matches
today's reality.

NEW:

The model-t program provides an open venue for analysis of the
Internet threat model and has as a goal to produce a potential update
to BCP72 that defines an Internet threat model that better matches
today's reality. Specifically, the intent is to document why an update is
needed and provide a suggested update that could be considered by the
IETF. A potential BCP72 update would likely extend the set of threats
considered. Reducing the protection offered by current comsec
mechanisms is a non-goal. Similarly, re-consideration of the parts
of BCP72 that are outside the very narrow part on Internet threat
model is not in scope.

Jari