IETF Logo Mail Archive

Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?

hannes.tschofenig@gmx.net Mon, 06 November 2023 13:10 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C82C17C8A3 for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 05:10:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAD_ENC_HEADER=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EtWEdnDGPbt9 for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 05:10:18 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E9AAC17C506 for <hrpc@irtf.org>; Mon, 6 Nov 2023 05:10:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1699276213; x=1699881013; i=hannes.tschofenig@gmx.net; bh=m7y3eRnKYrYM93IsCUqjZWckcWzSETuVtaJEdqdf6wg=; h=X-UI-Sender-Class:From:To:Cc:References:In-Reply-To:Subject: Date; b=BF4lw8o4UUcC847HpQPUzBTr2KgW2WEECJYdGAMnfsHSeQNO06xtzRe1Suz8JTLB uzfvoWJalAHdNptqboHQLQynLS8IhUWC2aCrQ/CoYmdnz46H0JK759HmFXcb8k9Ug WnN4NJLyMJGaBnX6VR7p7yPosMUM8cCYyVVVcDMu6OYrEedZbNPMYBxEwf4EWg+Xb c1x9ORjxO83/TKA0dvTttw3hB22MghJc4JOhpXJUPArVqrUnK8vx7ZLxPl++36JCV xhD+vFZl7QL8QAYSZP9y6c2fwO76K0KS8UcOSD9mTvby9QtYSkGQcvv5+Dlm9bhcn Xztd/IVCiGsHAHYyxA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([90.181.163.50]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N6KUd-1rSe5c2h5d-016eoC; Mon, 06 Nov 2023 14:10:13 +0100
From: hannes.tschofenig@gmx.net
To: 'farzaneh badii' <farzaneh.badii@gmail.com>, 'Cory Francis Myers' <cfm@acm.org>
Cc: hrpc@irtf.org
References: <50c88604c932b712b71eb5bd8034550c@acm.org> <CAN1qJvDN2LK=Vk-RsEZMinSX8Yax7hkDE38p4khZKfv7gjcaUQ@mail.gmail.com>
In-Reply-To: <CAN1qJvDN2LK=Vk-RsEZMinSX8Yax7hkDE38p4khZKfv7gjcaUQ@mail.gmail.com>
Date: Mon, 06 Nov 2023 14:10:12 +0100
Message-ID: <01fd01da10b2$93fe9890$bbfbc9b0$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01FE_01DA10BA.F5C6AA10"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQH+A4JTuTF1jMhRD26KCLBz7DuzwQFblJIUsBqBSpA=
Content-Language: de-at
X-Provags-ID: V03:K1:ED22cSIY3QxrC321mz8wqpw0VhHt4mEQ2gkkma6i28/nE+eORR2 HpcEyX0WXIkuZMObE/uhUa/Vy3pMnCDUNkv/iCKcaPT+ZUN99hCAfBqzBFWuNqao91DyNam yQ/gSBZqGKNKs96SQzICbC3tWaU5XFxwMJBW2tBy28Ayk5caPQnnPtnfReJkb3zmflaZ7JX QWfzssVR8ImEOxGWhw7Yg==
UI-OutboundReport: notjunk:1;M01:P0:IJdX9cF8k9w=;PYIev20rz/bEQ72F8yzuDE2BESS TWGU/IHziZCMtP9FGIbGpPdntS3N+eZZ9Y5e6YAe/nSVdrE1vGTSCUGmYSXGNv6jX8UALFFFg 4//WDquNPsDPGkinPIwTUpLkxNrhDEXrq9BOsKsI+4K+nc/ZELewf0DpYOmsoduY8tpOVeddO omBHGdWMccShxrfxudB4D0sK/Hs6egXRRb7HFIT0QNJjYm2kc3T/qoZAZt1XIRvlsQgadH22a u3+Y6/XxvKWAR97Gr/88eayHKyBLRU59n3isKOv0J4vLNwUaJfyqqY+n84tzDSkB8Q88VGKE6 w4JsPpurC4fBneAuE/WvFoCn4m/ZBWZvnztHHUlazYo0XUIa5CO/wLuP1WkOzwgHJUZ5L0b3d C/46y0Gnj/EAvzT9bQEXhXFZQO9UAmNTyS6VpC9l29n/fNTNCJ8+yYwWMXW4wprTOknnop5j6 GXqpJY77G6rFxpp/npPDfrefBVMPpCUDo36xPll7514b9bBWZw1EC92roOPQqOof7lACc74go xxSGu2zK9dhu0lcFX47t6gaYL2w1CjetAZvZa/I5tAkAvh8Alw0kuT9BzzI7DdDGs5OKu/4QB urb0o9W4c92gZNRvmFni+t5tjlj6F6DW1RXfgbGLLBHdgCWaF8xUNDr+PZ74uNxx9T/SrJjSt PlT8KCEba/HD4uGpGrKdDo+buWvfqhbd+Gtj3Dozp8qQzG31Yy4CSJfXDQrgt0ZVVnon2YBlb nsu0HHhtwqwcgCy6jKAf7KzqjwIeVt7B5rGyuLIjwv2e+LlLwpn7XiNZm5dYIhwl+m36jsVbB jP7ugh2/I72Hxp9Q9YTaeIrFBlf6t16R2ik8XxbecFWkmaJvIdx+IhSHlpPsNIloPt8cEUn+d 4e9Td9i90ygJgWJHT2qYad2YM6jWcBVl+radiIIms4BSeNjaQsG9VHFyxqTv9FX9ni3f5q19x UCkYN6vyT/MQRkidfwtK9BXX52I=
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/opeb82aN7N8Ir1r2FzKtebEy2A4>
Subject: Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 13:10:23 -0000

Hi Cory, Hi all, 

 

Where are the presentation slides that talk about “safety”?

I am curious what the recommendations / guidelines are but I was unable to attend the meeting due to a conflict.

 

Ciao

Hannes

 

 

From: hrpc <hrpc-bounces@irtf.org> On Behalf Of farzaneh badii
Sent: Montag, 6. November 2023 14:06
To: Cory Francis Myers <cfm@acm.org>
Cc: hrpc@irtf.org
Subject: Re: [hrpc] from “Security Considerations” to “Threat Model Considerations”?

 

Hi Cory,

 

I did not follow the presentation but the term "safety" is very ambiguous and has different meanings in different contexts and most of the time it is assumed that safety means cooperation with law enforcement (public safety). Some of my work is in the "trust and safety" field and I keep facing this challenge. "Threat models" will also expand the technical definition and it might even expand it so much that we include disinfo operation and a host of other non-technical ones or at least leave space for that. 

 

 

Farzaneh 

 

 

On Mon, Nov 6, 2023 at 6:46 AM Cory Francis Myers <cfm@acm.org <mailto:cfm@acm.org> > wrote:

The requirement for a “Security Considerations” section originates in 
RFC 2223 “Requirements to RFC Authors”.  The RFC 7322 style guide adds 
sections for IANA and internationalization considerations.

draft-irtf-hrpc-guidelines (how to think about human-rights 
considerations) is not quite like RFC 3552 (how to write “Security 
Considerations” sections)—because the *need* to think about as well as 
articulate the latter is taken for granted.  What would it take to:

1. Add a “Human Rights Considerations” section?

2. Add a “Privacy Considerations” *and* a “Safety Considerations” 
section (per Stephanie Mikkelson‘s slide today on safety, privacy, 
security by design[1])?

3. Broaden “Security Considerations” into “Threat Model 
Considerations”?[2]


I’m oversimplifying on purpose!  My goal in asking this question is to 
understand the obstacles to establishing the parity of these criteria 
with security considerations.

If I’m retreading old or fraught ground, as I suspect I may be, I’d 
welcome pointers into the archives.


Sincerely,

Cory Myers.


[1]: 
https://datatracker.ietf.org/meeting/118/materials/slides-118-hrpc-unfpa-gbv-tech-guidance-00.pdf 
(slide 15)

[2]: Although this risks framing all of these considerations as strictly 
meliorative of harms, rather than affirmative protections of affirmative 
rights.

_______________________________________________
hrpc mailing list
hrpc@irtf.org <mailto:hrpc@irtf.org> 
https://mailman.irtf.org/mailman/listinfo/hrpc

v2.23.0 | Report a Bug | By Email