Recall petitions as an attack vector (was: Re: AD Sponsorship of draft-moonesamy-recall-rev)
John C Klensin <john-ietf@jck.com> Sun, 21 April 2019 23:52 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D92E1202E2; Sun, 21 Apr 2019 16:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXbsjy3-fMX9; Sun, 21 Apr 2019 16:52:00 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A541E1202E0; Sun, 21 Apr 2019 16:52:00 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1hIMFa-0006CO-FB; Sun, 21 Apr 2019 19:51:58 -0400
Date: Sun, 21 Apr 2019 19:51:52 -0400
From: John C Klensin <john-ietf@jck.com>
To: "Salz, Rich" <rsalz@akamai.com>
cc: ietf@ietf.org, IESG <iesg@ietf.org>
Subject: Recall petitions as an attack vector (was: Re: AD Sponsorship of draft-moonesamy-recall-rev)
Message-ID: <9CFEC395A6391260AFC93DBF@PSB>
In-Reply-To: <2BCCA51C-C993-491B-8162-52110B63CF1B@akamai.com>
References: <6.2.5.6.2.20190405085139.0d5c39b0@elandnews.com> <54510B49-175B-4CE6-9319-1F9A4803940E@cooperw.in> <033d01d4f52f$c6f2dca0$54d895e0$@olddog.co.uk> <BB40F115-46E8-4EF3-ABDE-15ABB33B4ACA@akamai.com> <C11980900F520E0EFCC83CEB@PSB> <A18C5417-F40B-4DC4-B6AB-BA0A592D15D3@cooperw.in> <A88B303ADC96DADCB138B3E7@PSB> <2BCCA51C-C993-491B-8162-52110B63CF1B@akamai.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/_WP76vjOLQ-jEGqvTMAMbhHNBLc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Apr 2019 23:52:03 -0000
--On Sunday, April 21, 2019 16:35 +0000 "Salz, Rich" <rsalz@akamai.com> wrote: >> If one were trying to disrupt the IETF, mount a DoS > attack, or impose large costs on the community, the need > to work that far in advance would be a significant > deterrent given that other, faster and easier mechanisms > are readily available. > > There are national-scale attackers which probably find it > cheap to get people doing this. I wasn't commenting on "cheap". I contend that either the scenario Alissa explained or my "just attack the IETF's decision-making mailing list" one would be cheap. The question is whether an attack on the recall procedure would be sufficiently more attractive way to attack the IETF (by someone motivated to that - state actor or otherwise) to justify the needed eight months or a year of advanced planning rather than getting more or less instant gratification. My guess is no, but there may be circumstances and scenarios I haven't thought about and, as you say, YMMD. > It's not a threat model I worry about but YMMV. Yep. john
- AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Alissa Cooper
- RE: AD Sponsorship of draft-moonesamy-recall-rev Adrian Farrel
- Re: AD Sponsorship of draft-moonesamy-recall-rev Aaron Falk
- Re: AD Sponsorship of draft-moonesamy-recall-rev Loganaden Velvindron
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Brian E Carpenter
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Benjamin Kaduk
- Re: AD Sponsorship of draft-moonesamy-recall-rev Spencer Dawkins at IETF
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Alissa Cooper
- Re: AD Sponsorship of draft-moonesamy-recall-rev Alissa Cooper
- Re: AD Sponsorship of draft-moonesamy-recall-rev Michael StJohns
- Re: AD Sponsorship of draft-moonesamy-recall-rev Spencer Dawkins at IETF
- Re: AD Sponsorship of draft-moonesamy-recall-rev Michael StJohns
- Re: AD Sponsorship of draft-moonesamy-recall-rev Benjamin Kaduk
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Scott O. Bradner
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Gaming email [was: AD Sponsorship of draft-moones… Brian E Carpenter
- Re: Gaming email [was: AD Sponsorship of draft-mo… Stephen Farrell
- Re: Gaming email [was: AD Sponsorship of draft-mo… Brian E Carpenter
- Re: AD Sponsorship of draft-moonesamy-recall-rev Spencer Dawkins at IETF
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Salz, Rich
- Recall petitions as an attack vector (was: Re: AD… John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Eric Rescorla
- Re: AD Sponsorship of draft-moonesamy-recall-rev Michael StJohns
- Re: AD Sponsorship of draft-moonesamy-recall-rev Keith Moore
- Re: AD Sponsorship of draft-moonesamy-recall-rev Salz, Rich
- Re: AD Sponsorship of draft-moonesamy-recall-rev Kathleen Moriarty
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Salz, Rich
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Andrew G. Malis
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Dave Taht
- Re: AD Sponsorship of draft-moonesamy-recall-rev Eric Rescorla
- Re: AD Sponsorship of draft-moonesamy-recall-rev Eliot Lear
- Re: AD Sponsorship of draft-moonesamy-recall-rev Salz, Rich
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Salz, Rich
- Re: AD Sponsorship of draft-moonesamy-recall-rev Joel M. Halpern
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Brian E Carpenter
- Re: AD Sponsorship of draft-moonesamy-recall-rev Keith Moore
- RE: AD Sponsorship of draft-moonesamy-recall-rev Adrian Farrel
- RE: AD Sponsorship of draft-moonesamy-recall-rev Adrian Farrel
- Re: AD Sponsorship of draft-moonesamy-recall-rev Stewart Bryant
- Re: AD Sponsorship of draft-moonesamy-recall-rev Andrew G. Malis
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Stewart Bryant
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Stewart Bryant
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Nico Williams
- Re: AD Sponsorship of draft-moonesamy-recall-rev Michael StJohns
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Benjamin Kaduk
- Re: AD Sponsorship of draft-moonesamy-recall-rev Andrew G. Malis
- Re: AD Sponsorship of draft-moonesamy-recall-rev Andrew Sullivan
- Re: AD Sponsorship of draft-moonesamy-recall-rev Alissa Cooper
- Re: AD Sponsorship of draft-moonesamy-recall-rev Alissa Cooper
- RE: AD Sponsorship of draft-moonesamy-recall-rev Adrian Farrel
- Re: AD Sponsorship of draft-moonesamy-recall-rev Michael StJohns
- Re: AD Sponsorship of draft-moonesamy-recall-rev 'Andrew Sullivan'
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- RE: AD Sponsorship of draft-moonesamy-recall-rev Adrian Farrel
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Suresh Krishnan
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Eric Rescorla
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Spencer Dawkins at IETF
- Re: AD Sponsorship of draft-moonesamy-recall-rev Eric Rescorla
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Brian E Carpenter
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev Suresh Krishnan
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Stephen Farrell
- Re: AD Sponsorship of draft-moonesamy-recall-rev John C Klensin
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev S Moonesamy
- Re: AD Sponsorship of draft-moonesamy-recall-rev Pete Resnick
- Re: AD Sponsorship of draft-moonesamy-recall-rev Theodore Ts'o
- Re: [Eligibility-discuss] AD Sponsorship of draft… John C Klensin
- Re: [Eligibility-discuss] AD Sponsorship of draft… Loganaden Velvindron
- Re: [Eligibility-discuss] AD Sponsorship of draft… Iyedi Goma
- Re: [Eligibility-discuss] AD Sponsorship of draft… John C Klensin
- Remote participant fees (was : Re: [Eligibility-d… John C Klensin
- Re: [Eligibility-discuss] AD Sponsorship of draft… Abdussalam Baryun
- Re: [Eligibility-discuss] AD Sponsorship of draft… Behcet Sarikaya
- Re: [Eligibility-discuss] AD Sponsorship of draft… Keith Moore
- Re: [Eligibility-discuss] AD Sponsorship of draft… Pete Resnick
- Re: [Eligibility-discuss] AD Sponsorship of draft… John C Klensin
- Re: [Eligibility-discuss] AD Sponsorship of draft… Abdussalam Baryun
- Re: [Eligibility-discuss] AD Sponsorship of draft… Michael StJohns
- ietf meeting fees Keith Moore
- Re: ietf meeting fees Michael StJohns
- Re: ietf meeting fees Brian E Carpenter
- Re: ietf meeting fees Phillip Hallam-Baker
- Re: ietf meeting fees Bob Hinden
- Re: ietf meeting fees Michael Richardson
- Re: ietf meeting fees John C Klensin
- Re: ietf meeting fees Andrew Sullivan
- Re: ietf meeting fees Livingood, Jason
- Re: ietf meeting fees George Michaelson
- Re: ietf meeting fees Abdussalam Baryun