Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?
Cory Francis Myers <cfm@acm.org> Tue, 07 November 2023 06:39 UTC
Return-Path: <cfm@mail.mayfirst.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81C9DC16F400 for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 22:39:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bh3Q-CJ2zlp5 for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 22:39:14 -0800 (PST)
Received: from priority.relay.mayfirst.org (priority.relay.mayfirst.org [162.247.75.206]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47783C15107E for <hrpc@irtf.org>; Mon, 6 Nov 2023 22:39:12 -0800 (PST)
Received: from route.relay.mayfirst.org (route.relay.mayfirst.org [209.51.180.238]) by priority.relay.mayfirst.org (Postfix) with ESMTP id 4SPdq34P1Qz7tbT for <hrpc@irtf.org>; Tue, 7 Nov 2023 06:39:11 +0000 (UTC)
Received: from filter.mayfirst.org (mailfilter002.mayfirst.org [209.51.169.92]) by route.relay.mayfirst.org (Postfix) with ESMTP id 4SPdq349x4zLh; Tue, 7 Nov 2023 06:39:11 +0000 (UTC)
Received: from filter.mayfirst.org (localhost [127.0.0.1]) by filter.mayfirst.org (Postfix) with ESMTP id 4SPdq242k7z1x5t; Tue, 7 Nov 2023 06:39:10 +0000 (UTC)
X-Spam-Language: en
X-Envelope-From: <cfm@mail.mayfirst.org>
Received: from mail.mayfirst.org (mailcf001.mayfirst.org [209.51.180.236]) by filter.mayfirst.org (Postfix) with ESMTPS id 4SPdq10NRYz1x5l; Tue, 7 Nov 2023 06:39:09 +0000 (UTC)
X-Mayfirst-Relay: priority
Date: Tue, 07 Nov 2023 07:39:05 +0100
From: Cory Francis Myers <cfm@acm.org>
To: farzaneh badii <farzaneh.badii@gmail.com>
Cc: hrpc@irtf.org
Message-ID: <ZUnbiZ/XiWzh9Apd@net>
References: <50c88604c932b712b71eb5bd8034550c@acm.org> <CAN1qJvDN2LK=Vk-RsEZMinSX8Yax7hkDE38p4khZKfv7gjcaUQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="3LQnv5WUHgQuIwud"
Content-Disposition: inline
In-Reply-To: <CAN1qJvDN2LK=Vk-RsEZMinSX8Yax7hkDE38p4khZKfv7gjcaUQ@mail.gmail.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ZjQdZMtyJ5sfRN2_RNAm3qFs8pE>
Subject: Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2023 06:39:14 -0000
On Mon, Nov 06, 2023 at 08:06:27AM -0500, farzaneh badii wrote: > I did not follow the presentation but the term "safety" is very ambiguous > and has different meanings in different contexts and most of the time it is > assumed that safety means cooperation with law enforcement (public safety). > Some of my work is in the "trust and safety" field and I keep facing this > challenge. "Threat models" will also expand the technical definition and it > might even expand it so much that we include disinfo operation and a host > of other non-technical ones or at least leave space for that. I think that this expansion, including these differences and ambiguities, is exactly what I'm advocating here. Having to anticipate and articulate the baseline security goals and risks of a protocol---that is, just the ones we've been able to think about in advance---is good for its security posture. Shouldn't the equivalent hold for other values and criteria too? We might well find that there are conflicts among them. Indeed, I'm not persuaded that security considerations are *without* differences and ambiguities. My interest is in having to document them: first in order to (have to) think and talk them through; then in order to inform implementation, operation, and future standards work, just as the conventional technical considerations do. My original message preceded yesterday's dult BoF, but there's resonance with the discussion there about testing and perhaps even measuring the impact of a new protocol. That suggestion was for an empirical approach; this is for merely a theoretical and imaginative one. This said: Hannes, I take your "considerations sections considered harmful" :-) caution seriously. And, Ekr, I take for granted your points that what I'm proposing can't happen within the IRTF and would be unlikely to succeed in the IETF. --- cfm.
- [hrpc] from “Security Considerations” to “Threat … Cory Francis Myers
- Re: [hrpc] from “Security Considerations” to “Thr… Eric Rescorla
- Re: [hrpc] from “Security Considerations” to “Thr… hannes.tschofenig
- Re: [hrpc] from “Security Considerations” to “Thr… farzaneh badii
- Re: [hrpc] from “Security Considerations” to “Thr… hannes.tschofenig
- Re: [hrpc] from “Security Considerations” to “Thr… 'Cory Francis Myers'
- Re: [hrpc] from “Security Considerations” to “Thr… Corinne Cath
- Re: [hrpc] from “Security Considerations” to “Thr… Cory Francis Myers