Re: [arch-d] Possible new IAB program on Internet trust model evolution

Guntur Wiseno Putra <gsenopu@gmail.com> Sat, 01 February 2020 05:07 UTC

Return-Path: <gsenopu@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F0012001A for <architecture-discuss@ietfa.amsl.com>; Fri, 31 Jan 2020 21:07:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z1nUn7B-82Bl for <architecture-discuss@ietfa.amsl.com>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 508DB120048 for <architecture-discuss@ietf.org>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
Received: by mail-oi1-x234.google.com with SMTP id q81so9574097oig.0 for <architecture-discuss@ietf.org>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Sch8ub/dQod7KZ8ggFeUL9LyHaCtvPwqU/NqziGECJ0=; b=HvVkxhOlpZRUR4kti/t2m64zvSZY9p5SPresuXOSi5ZSzWol+hblrykAdRK2xNVQAu zETbvZiQIl6LxOBt+1AjtXR6VS5JGyKOFRXXVxFb5RyeMWA8/0b9q+dqMUbPgLYZRhAT doRiW5/PW1cxE2U5wDiKXFJW47TybArfmh+eRzNdtTWoFTxBVoOc0ErB6ONkNneufwiD oaWmTmrhFtHMG9nhrHB9X9FjlnbVOlDU/so7jKlg5PURxlOn3y8YhYk+wPt0kCRt/BIF y3O1ipJtMDgjimAdaL6PvHSHbK7RTuLXfblT2Xmi4vsSZUY3QUMDBl6JeEHTIXCdbwPi a+HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Sch8ub/dQod7KZ8ggFeUL9LyHaCtvPwqU/NqziGECJ0=; b=ZmP8klKBFZoAAieGwAKkt1dHf4+kwElqwHQFKmN+CM8YPCJtk9oVO9ux9FlkViVCC4 1WZZJ4FfNjXgpGfDlombBMFmVIivT7r6AEJb0I56/O+pEoM36+mL6v6gyqnU2YIvekMH aWtB/UlslLLzh9DaI0HMM/TXuhmR5u/280yUmsbZgCTTmJ4+uPYEEHxf2eBjaiw1WekK /6rGEDAWTdpNQK2USAnyl68+6Nfx0No17vL0Psh913i36Kb0Qn/Xz+UF1yCHnrynxvmr uy0ErmwTkkhvhwO1E+9Z2XkEL5OXGWmZw2T2ymxrxYPuZShpfcpG5CySq9sRsUiP3vLx e6bA==
X-Gm-Message-State: APjAAAU+vBhx3CLtGI47dmgPq50CSBJBFDARmaFgStX70nzLdpQDop5B WQOzx8pWuepO/2uCoOPKllKwf0JZEUupqVQT2VI1QA==
X-Google-Smtp-Source: APXvYqyBasoZT0F1yA4t1BNYENYXg2BGKvSYtXqg9cP14SfDwbn6BHEQRbwti1XG6yvSn6IO5DlFMnmjRc4PcEBKEm0=
X-Received: by 2002:aca:f587:: with SMTP id t129mr6733739oih.143.1580533625548; Fri, 31 Jan 2020 21:07:05 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6830:1155:0:0:0:0 with HTTP; Fri, 31 Jan 2020 21:07:04 -0800 (PST)
In-Reply-To: <CABcZeBOF33VQ6SNdWGV15hLhW370gEkx16AwYY3ft3jfL2=kLg@mail.gmail.com>
References: <E2D709DC-DD01-4946-B2F1-7EE0E101DEF0@piuha.net> <CABcZeBOF33VQ6SNdWGV15hLhW370gEkx16AwYY3ft3jfL2=kLg@mail.gmail.com>
From: Guntur Wiseno Putra <gsenopu@gmail.com>
Date: Sat, 1 Feb 2020 12:07:04 +0700
Message-ID: <CAKi_AEvPceibcFv97dj0Buv+zLOH6f2Lp6CSs++UMc9-LEsEng@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Jari Arkko <jari.arkko@piuha.net>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>, "model-t@iab.org" <model-t@iab.org>
Content-Type: multipart/alternative; boundary="0000000000004e7382059d7ca917"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/ynnumdgAu2qQQwSpgCCGS_EYYM4>
Subject: Re: [arch-d] Possible new IAB program on Internet trust model evolution
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Feb 2020 05:07:09 -0000

Dear architecture-discuss,

Parts concerning with "the Internet security" today at Internet Society:

Internet Society 2020 Action Plan

- We believe deeply that the Internet must be open, globally-connected,
secure, and trustworthy.

- In 2020, we will continue to work towards realizing our vision by
building, promoting, and defending a bigger and stronger Internet.

 II. Strengthening the Internet

-- Promoting the Internet way of networking

-- Extending encryption

-- Securing global routing

-- Increasing time security

-- Leading by example with open standards and protocols


https://www.internetsociety.org/action-plan/2020/


2020 Action Plan Projects

Strengthening the Internet

- Internet Way of Networking
- Encryption
- Securing Global Routing (MANRS)
- Time Security
- Open Standards Everywhere


https://www.internetsociety.org/action-plan/2020/projects/


Regard,
Guntur Wiseno Putra

Pada Kamis, 30 Januari 2020, Eric Rescorla <ekr@rtfm.com> menulis:

> > There is relatively broad agreement that the roles and trustwortiness
> > of different endpoints in a protocol exchange are important
> > considerations. In specific cases there may be quite different
> > perspectives on the tradeoffs involved, e.g., to what extent privacy,
> > information centralisation, or the needs of enterprise networks should
> > be considered as the highest priority. And no doubt, other equally
> > valid perspectives exist.
>
> Actually, it's not clear to me that *any* of these are valid
> things to put in a threat model. Recall what 3552 says a threat
> model is:
>
>    A THREAT MODEL describes the capabilities that an attacker is assumed
>    to be able to deploy against a resource.  It should contain such
>    information as the resources available to an attacker in terms of
>    information, computing capability, and control of the system.  The
>    purpose of a threat model is twofold.  First, we wish to identify the
>    threats we are concerned with.  Second, we wish to rule some threats
>    explicitly out of scope.  Nearly every security system is vulnerable
>    to a sufficiently dedicated and resourceful attacker.
>
> But none of the things you list are really part of a threat model.
>
> Rather, they are weights one applies to various design considerations,
> but that's a consideration but that's a form of analysis that happens
> *after* you have a threat model, not part of the threat model itself.
> For instance, I don't think anyone thinks that privacy threats (e..g.,
> traffic analysis) aren't part of our threat model (and they're clearly
> part of the 3552 threat model). Now, as a matter of protocol design,
> we have often opted not to do much about these threats for practical
> reasons, but that's a different matter.
>
> As Brian said, the purpose of 3552 is to force protocol designers
> to describe the security properties of their protocols and the purpose
> the threat model section is to provide a common starting point for
> that analysis. IOW, it is an essentially tutorial function So to the
> extent to which an update for 3552 is needed, its purpose should be to
> make clear considerations which aren't otherwise obvious from the text
> in 3552. But that's not about a new threat model or about balancing
> but rather about documentation.
>
> -Ekr
>
>
>
>
> On Fri, Jan 24, 2020 at 3:50 AM Jari Arkko <jari.arkko@piuha.net> wrote:
>
>>
>> The IAB are considering starting up a programme on Internet
>> trust model evolution as described in the link at the bottom of this
>> email.
>>
>> We'd like to get feedback on that idea and the text. As you may
>> be aware, in 2019 a number of documents were published on
>> this topic and discussions held (on the mailing list, SAAG, side
>> meeting at IETF-106, workshops, etc). There’s also a virtual
>> meeting coming up on February 14th.
>>
>> To be clear, any output from this program would be text offered
>> to the IETF for consideration - it is not within the IAB's remit, nor
>> that of an IAB program, to modify a BCP. Nonetheless, an IAB
>> program offers a good venue for this work, as it perhaps allows
>> for more focus on the evolving architecture aspect within this space.
>>
>> The plan is for the new program to be entirely open for participation,
>> similar to how the current work has already been. That is, the mailing
>> list is open for all interested to join, meetings are open and listed
>> in the public agendas. The IAB will find a chair or chairs for the
>> group to stay organised.
>>
>> There's no specific deadline for this, but the IAB will consider this
>> further in the next few weeks, so if you could take a few minutes
>> to share your thoughts on this that'd be great.
>>
>> https://github.com/intarchboard/model-t-charter/
>> blob/master/model-t-charter-00.md
>> https://www.iab.org/mailman/listinfo/model-t
>>
>> Stephen & Jari
>>
>> _______________________________________________
>> Architecture-discuss mailing list
>> Architecture-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/architecture-discuss
>>
>