Re: [arch-d] Possible new IAB program on Internet trust model evolution

Guntur Wiseno Putra <> Sat, 01 February 2020 05:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D0F0012001A for <>; Fri, 31 Jan 2020 21:07:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z1nUn7B-82Bl for <>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 508DB120048 for <>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
Received: by with SMTP id q81so9574097oig.0 for <>; Fri, 31 Jan 2020 21:07:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Sch8ub/dQod7KZ8ggFeUL9LyHaCtvPwqU/NqziGECJ0=; b=HvVkxhOlpZRUR4kti/t2m64zvSZY9p5SPresuXOSi5ZSzWol+hblrykAdRK2xNVQAu zETbvZiQIl6LxOBt+1AjtXR6VS5JGyKOFRXXVxFb5RyeMWA8/0b9q+dqMUbPgLYZRhAT doRiW5/PW1cxE2U5wDiKXFJW47TybArfmh+eRzNdtTWoFTxBVoOc0ErB6ONkNneufwiD oaWmTmrhFtHMG9nhrHB9X9FjlnbVOlDU/so7jKlg5PURxlOn3y8YhYk+wPt0kCRt/BIF y3O1ipJtMDgjimAdaL6PvHSHbK7RTuLXfblT2Xmi4vsSZUY3QUMDBl6JeEHTIXCdbwPi a+HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Sch8ub/dQod7KZ8ggFeUL9LyHaCtvPwqU/NqziGECJ0=; b=ZmP8klKBFZoAAieGwAKkt1dHf4+kwElqwHQFKmN+CM8YPCJtk9oVO9ux9FlkViVCC4 1WZZJ4FfNjXgpGfDlombBMFmVIivT7r6AEJb0I56/O+pEoM36+mL6v6gyqnU2YIvekMH aWtB/UlslLLzh9DaI0HMM/TXuhmR5u/280yUmsbZgCTTmJ4+uPYEEHxf2eBjaiw1WekK /6rGEDAWTdpNQK2USAnyl68+6Nfx0No17vL0Psh913i36Kb0Qn/Xz+UF1yCHnrynxvmr uy0ErmwTkkhvhwO1E+9Z2XkEL5OXGWmZw2T2ymxrxYPuZShpfcpG5CySq9sRsUiP3vLx e6bA==
X-Gm-Message-State: APjAAAU+vBhx3CLtGI47dmgPq50CSBJBFDARmaFgStX70nzLdpQDop5B WQOzx8pWuepO/2uCoOPKllKwf0JZEUupqVQT2VI1QA==
X-Google-Smtp-Source: APXvYqyBasoZT0F1yA4t1BNYENYXg2BGKvSYtXqg9cP14SfDwbn6BHEQRbwti1XG6yvSn6IO5DlFMnmjRc4PcEBKEm0=
X-Received: by 2002:aca:f587:: with SMTP id t129mr6733739oih.143.1580533625548; Fri, 31 Jan 2020 21:07:05 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6830:1155:0:0:0:0 with HTTP; Fri, 31 Jan 2020 21:07:04 -0800 (PST)
In-Reply-To: <>
References: <> <>
From: Guntur Wiseno Putra <>
Date: Sat, 1 Feb 2020 12:07:04 +0700
Message-ID: <>
To: Eric Rescorla <>
Cc: Jari Arkko <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="0000000000004e7382059d7ca917"
Archived-At: <>
Subject: Re: [arch-d] Possible new IAB program on Internet trust model evolution
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 01 Feb 2020 05:07:09 -0000

Dear architecture-discuss,

Parts concerning with "the Internet security" today at Internet Society:

Internet Society 2020 Action Plan

- We believe deeply that the Internet must be open, globally-connected,
secure, and trustworthy.

- In 2020, we will continue to work towards realizing our vision by
building, promoting, and defending a bigger and stronger Internet.

 II. Strengthening the Internet

-- Promoting the Internet way of networking

-- Extending encryption

-- Securing global routing

-- Increasing time security

-- Leading by example with open standards and protocols

2020 Action Plan Projects

Strengthening the Internet

- Internet Way of Networking
- Encryption
- Securing Global Routing (MANRS)
- Time Security
- Open Standards Everywhere

Guntur Wiseno Putra

Pada Kamis, 30 Januari 2020, Eric Rescorla <> menulis:

> > There is relatively broad agreement that the roles and trustwortiness
> > of different endpoints in a protocol exchange are important
> > considerations. In specific cases there may be quite different
> > perspectives on the tradeoffs involved, e.g., to what extent privacy,
> > information centralisation, or the needs of enterprise networks should
> > be considered as the highest priority. And no doubt, other equally
> > valid perspectives exist.
> Actually, it's not clear to me that *any* of these are valid
> things to put in a threat model. Recall what 3552 says a threat
> model is:
>    A THREAT MODEL describes the capabilities that an attacker is assumed
>    to be able to deploy against a resource.  It should contain such
>    information as the resources available to an attacker in terms of
>    information, computing capability, and control of the system.  The
>    purpose of a threat model is twofold.  First, we wish to identify the
>    threats we are concerned with.  Second, we wish to rule some threats
>    explicitly out of scope.  Nearly every security system is vulnerable
>    to a sufficiently dedicated and resourceful attacker.
> But none of the things you list are really part of a threat model.
> Rather, they are weights one applies to various design considerations,
> but that's a consideration but that's a form of analysis that happens
> *after* you have a threat model, not part of the threat model itself.
> For instance, I don't think anyone thinks that privacy threats (e..g.,
> traffic analysis) aren't part of our threat model (and they're clearly
> part of the 3552 threat model). Now, as a matter of protocol design,
> we have often opted not to do much about these threats for practical
> reasons, but that's a different matter.
> As Brian said, the purpose of 3552 is to force protocol designers
> to describe the security properties of their protocols and the purpose
> the threat model section is to provide a common starting point for
> that analysis. IOW, it is an essentially tutorial function So to the
> extent to which an update for 3552 is needed, its purpose should be to
> make clear considerations which aren't otherwise obvious from the text
> in 3552. But that's not about a new threat model or about balancing
> but rather about documentation.
> -Ekr
> On Fri, Jan 24, 2020 at 3:50 AM Jari Arkko <> wrote:
>> The IAB are considering starting up a programme on Internet
>> trust model evolution as described in the link at the bottom of this
>> email.
>> We'd like to get feedback on that idea and the text. As you may
>> be aware, in 2019 a number of documents were published on
>> this topic and discussions held (on the mailing list, SAAG, side
>> meeting at IETF-106, workshops, etc). There’s also a virtual
>> meeting coming up on February 14th.
>> To be clear, any output from this program would be text offered
>> to the IETF for consideration - it is not within the IAB's remit, nor
>> that of an IAB program, to modify a BCP. Nonetheless, an IAB
>> program offers a good venue for this work, as it perhaps allows
>> for more focus on the evolving architecture aspect within this space.
>> The plan is for the new program to be entirely open for participation,
>> similar to how the current work has already been. That is, the mailing
>> list is open for all interested to join, meetings are open and listed
>> in the public agendas. The IAB will find a chair or chairs for the
>> group to stay organised.
>> There's no specific deadline for this, but the IAB will consider this
>> further in the next few weeks, so if you could take a few minutes
>> to share your thoughts on this that'd be great.
>> blob/master/
>> Stephen & Jari
>> _______________________________________________
>> Architecture-discuss mailing list