Re: [arch-d] deprecating Postel's principle- considered harmful

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hiya,

On 09/05/2019 01:04, Joe Touch wrote:
> 
> If you think you can manage the flood by inferring it was an attack,
> all you will accomplish is not protecting yourself from an
> accidentally flood.
That seems to make no sense at all to me. I doubt anyone
thinks they can manage DoS attacks by just "inferring."
If they do, they deserve all they get:-)

If someone deploys sensible countermeasures for that kind
of attack then I don't know of accidental behaviours that'd
not be as well handled by those. Or can you quote a concrete
example of such?

But perhaps there's no need really - it could be that you
are disagreeing with an argument that's not been made. The
argument I have seen made, and have made myself, is that
for a given attack behaviour, a network device cannot
sensibly allow/ignore some such events whilst protecting
against others since, at a given moment from a given
vantage point, it can't tell which is "ok" and which not.

So since those aren't distinguishable, no matter what you
think of what potential attackers, we ought treat the
behaviour as an attack. There have btw been people who
have argued that "it's ok that it's us breaking into
those systems as we are the good guys - you techies
should let us in and keep everyone else out."

So the "indistinguishable" argument I've seen used does
not seem to be the argument with which you're disagreeing.

I also don't recall that argument being used in the
context of deliberate vs. accidental threats myself. The
context is rather deliberate attack vs. "deliberate attack
but supposedly ok because we're on the same side." There
really is no way that GCHQ's attacks on Belgacom could
have been construed as an set of accidental events;-)

Cheers,
S.