IETF Logo Mail Archive

Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution

Eliot Lear <lear@cisco.com> Sat, 25 January 2020 17:58 UTC

Return-Path: <lear@cisco.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7276C12006E for <architecture-discuss@ietfa.amsl.com>; Sat, 25 Jan 2020 09:58:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQa5f3l6549I for <architecture-discuss@ietfa.amsl.com>; Sat, 25 Jan 2020 09:58:09 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77002120048 for <architecture-discuss@ietf.org>; Sat, 25 Jan 2020 09:58:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5232; q=dns/txt; s=iport; t=1579975089; x=1581184689; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=MHVGZLB2YwMloGKtvfsM2b0yls7IiDU5qHSXBdcigm0=; b=YWDUeVzbpPys8BXKky2ityE/3H9sgy0DinSumMyQYrkFDHojhCqn2fjW pHfyVYb5LeyjlwYf8VHatN73UAm45j5iySbPeKXx0jFs3s3nDtRa5vY5O cKAaCDqdJykFx7LlSVO265MCdxkj1kViGE4zbnu0cK1t8HklcObsQ3ZIF 8=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CRAwD9gCxe/xbLJq1lHAEBAQEBBwEBEQEEBAEBgXuBfYEYVSASKo0XiBIlky2ICwIHAQEBCQMBAS8BAYRAAoJGOBMCAw0BAQQBAQECAQUEbYVDhV4BAQEBAgF5BQsLBBQuVwYTgyYBglsgqiaCJ4VKhGMQgTiBU4h4gW2CAIE4DBSCHi4+iAuCLASNchmJKYhwjzSCQ4JMgRySTxuOcIwMpj+DLgIEBgUCFYFpIoFYMxoIGxVlAYJBPhIYDZQkbwEOjRFAAzCOKgEB
X-IronPort-AV: E=Sophos;i="5.70,362,1574121600"; d="asc'?scan'208,217";a="22509684"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Jan 2020 17:58:05 +0000
Received: from [10.61.171.81] ([10.61.171.81]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 00PHw4mK021104 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 25 Jan 2020 17:58:05 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <C7FDAD8F-D66A-4618-9F87-B1BB9CEA191B@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_2E0DD6A3-D239-4CDD-AA6B-D714DD4F25C5"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Sat, 25 Jan 2020 18:58:04 +0100
In-Reply-To: <6a1a019b-8666-269c-56ca-ebae4b69e9e8@huitema.net>
Cc: Ted Hardie <ted.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, architecture-discuss@ietf.org, model-t@iab.org
To: Christian Huitema <huitema@huitema.net>
References: <E2D709DC-DD01-4946-B2F1-7EE0E101DEF0@piuha.net> <dff1c31e-44d4-6045-aaeb-03ac1e855200@gmail.com> <CABcZeBOYsP+SBNdLqc-wmyJAs1A+hvWbKud_XfvDgi9zJVMD+w@mail.gmail.com> <CA+9kkMDFm7nboqQY2OjNvmcWxs_30d_5NtBv8Nd1eLBnWKBaBw@mail.gmail.com> <6a1a019b-8666-269c-56ca-ebae4b69e9e8@huitema.net>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-Outbound-SMTP-Client: 10.61.171.81, [10.61.171.81]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/xKscoF7P7p3ilGqBT20MQb0VP0s>
Subject: Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2020 17:58:11 -0000


> On 25 Jan 2020, at 02:56, Christian Huitema <huitema@huitema.net> wrote:
> 
> 
> Phrasing that as "don't trust the endpoints" is probably inappropriate.
> 

Why?  They are the source of just about all compromise attacks.
> My personal worry is the cascading impact of end-point compromise. Take the example of a large network. Large network means multiple routers. If the multiple is high enough, we have strong risks that one of those will be compromised at some point. If we merely "trust the endpoints", then a single compromise of one of the endpoints means the game is over. But it does not have to be so. In an ideal world, implementations of the routing protocol should be able to detect aberrant behavior and isolate the compromised node. In practice, that's really hard.
> 
We sell product that does this today.  But it is hard, which is why people pay us.  Of course, it gets harder with encryption, but we even have product for that.  I prefer the other approach: tell us what good behavior looks like (manufacturer usage descriptions).

> But there are still general principles like "least amount of privilege" or "need to know basis" that could help.
> 
Indeed.
> I would really like that protocol designers think about that too, instead of merely asserting trust in the endpoints.
> 

How much is this the protocol and how much is the application?  The protocols most apps are using today are, ermmm, HTTP.

Eliot

v2.23.0 | Report a Bug | By Email