IETF Logo Mail Archive

Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?

farzaneh badii <farzaneh.badii@gmail.com> Mon, 06 November 2023 13:07 UTC

Return-Path: <farzaneh.badii@gmail.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A1EC151717 for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 05:07:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfnhj0KvMDbk for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 05:07:05 -0800 (PST)
Received: from mail-oa1-x2b.google.com (mail-oa1-x2b.google.com [IPv6:2001:4860:4864:20::2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45F0C15C299 for <hrpc@irtf.org>; Mon, 6 Nov 2023 05:07:05 -0800 (PST)
Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-1f066fc2a28so2171214fac.0 for <hrpc@irtf.org>; Mon, 06 Nov 2023 05:07:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699276024; x=1699880824; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LFzuptvogGhlzk3IkV8Kg6MxPxM5r4TXeYE38agZM2Q=; b=ceeDaIFSHRoFS+aYuB7l+wrwJ3UR4TrN6DCYaTV79ivEzF1l47BnKjApi79i8phoY+ GlLIRhOiv5vKHrIA36gCmpSD9kLpUHd/QdJKZWYRPrzX8l95Pg6OUYZwvH8i7b+YEdrm DFvZ5F/FkSTULbd9FlqNN0gBVK9zoAkbM375rsIeMGtv7GXQSpeTVOxBRtLVv+f3Dgq2 cmesTDUNwzQIVb2IOh9KU2LtGNRDEk8NUcmlPSSRb99SVnqw2RmEsR3hUsroNYAVxvk5 90r32UNxO1t4X0vMZB4P5mXgHyLHYuyejc2INGzW8I+myL6du3a6Z38EeHuKSiafzxXq GXQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699276024; x=1699880824; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LFzuptvogGhlzk3IkV8Kg6MxPxM5r4TXeYE38agZM2Q=; b=kHZnrD9CT5hn7LNwI5pXNuFHaQTIpVIWWPKqFiZ+9tF4D0FaX5VhC34kZ8YAvsvmg3 NQq4UUBYN5AOYb+qEp8bXMPBpgufRC09M0C0iQZALJmaqf3UubokJtP7D3r3mLq5kSkq ZYDZ0bynIN/7+2SyKekeVsdYx/WtyFD4ODPraNsU9zPFmk1VRHGvLG+hymZZbCds2zb8 t/3lHy6Rz97ru78yFFcV5iv7X9z0Vsn2BGnJV3gT+K9Liaq7Nw7TtDqR7YIkJVJ3Yzpa QKjVX1h4lwXeilUPVyWKWZ0FIgQnyjU8V0Vwz9p+6bzqgNgs/o4uoZuUt4sZZFx1zelv csRQ==
X-Gm-Message-State: AOJu0YxL4E91wUHitHhIreCwDfJT5FFUwTMlien5sa8vYp1Ye8xrrPoK KkKFv6vVpJxWcxu0kNpxL5nTBaiMsHc5gB1N19s=
X-Google-Smtp-Source: AGHT+IGlq4LWVq/IFfmauXSNB4meTD0lO3NCxFV+NVBKcZoqoZ85vJndKpNkDI4ChC6DFzGjUz49g31Jt4Tkmrc3XQA=
X-Received: by 2002:a05:6871:8790:b0:1e9:cdad:4903 with SMTP id td16-20020a056871879000b001e9cdad4903mr36597689oab.50.1699276023947; Mon, 06 Nov 2023 05:07:03 -0800 (PST)
MIME-Version: 1.0
References: <50c88604c932b712b71eb5bd8034550c@acm.org>
In-Reply-To: <50c88604c932b712b71eb5bd8034550c@acm.org>
From: farzaneh badii <farzaneh.badii@gmail.com>
Date: Mon, 06 Nov 2023 08:06:27 -0500
Message-ID: <CAN1qJvDN2LK=Vk-RsEZMinSX8Yax7hkDE38p4khZKfv7gjcaUQ@mail.gmail.com>
To: Cory Francis Myers <cfm@acm.org>
Cc: hrpc@irtf.org
Content-Type: multipart/alternative; boundary="000000000000c866d306097b87b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/EhHRiNHmxCY45gzAcvsUsYjWY6A>
Subject: Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 13:07:09 -0000

Hi Cory,

I did not follow the presentation but the term "safety" is very ambiguous
and has different meanings in different contexts and most of the time it is
assumed that safety means cooperation with law enforcement (public safety).
Some of my work is in the "trust and safety" field and I keep facing this
challenge. "Threat models" will also expand the technical definition and it
might even expand it so much that we include disinfo operation and a host
of other non-technical ones or at least leave space for that.


Farzaneh


On Mon, Nov 6, 2023 at 6:46 AM Cory Francis Myers <cfm@acm.org> wrote:

> The requirement for a “Security Considerations” section originates in
> RFC 2223 “Requirements to RFC Authors”.  The RFC 7322 style guide adds
> sections for IANA and internationalization considerations.
>
> draft-irtf-hrpc-guidelines (how to think about human-rights
> considerations) is not quite like RFC 3552 (how to write “Security
> Considerations” sections)—because the *need* to think about as well as
> articulate the latter is taken for granted.  What would it take to:
>
> 1. Add a “Human Rights Considerations” section?
>
> 2. Add a “Privacy Considerations” *and* a “Safety Considerations”
> section (per Stephanie Mikkelson‘s slide today on safety, privacy,
> security by design[1])?
>
> 3. Broaden “Security Considerations” into “Threat Model
> Considerations”?[2]
>
>
> I’m oversimplifying on purpose!  My goal in asking this question is to
> understand the obstacles to establishing the parity of these criteria
> with security considerations.
>
> If I’m retreading old or fraught ground, as I suspect I may be, I’d
> welcome pointers into the archives.
>
>
> Sincerely,
>
> Cory Myers.
>
>
> [1]:
>
> https://datatracker.ietf.org/meeting/118/materials/slides-118-hrpc-unfpa-gbv-tech-guidance-00.pdf
> (slide 15)
>
> [2]: Although this risks framing all of these considerations as strictly
> meliorative of harms, rather than affirmative protections of affirmative
> rights.
>
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://mailman.irtf.org/mailman/listinfo/hrpc
>

v2.23.0 | Report a Bug | By Email