Re: [Model-t] draft-thomson-tmi

Russ Housley <housley@vigilsec.com> Mon, 13 July 2020 19:30 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 965F53A0064 for <model-t@ietfa.amsl.com>; Mon, 13 Jul 2020 12:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P2H7iQjrZUMI for <model-t@ietfa.amsl.com>; Mon, 13 Jul 2020 12:30:38 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 959943A003E for <model-t@iab.org>; Mon, 13 Jul 2020 12:30:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 04A23300B79 for <model-t@iab.org>; Mon, 13 Jul 2020 15:30:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id KrmCDfsHmbnp for <model-t@iab.org>; Mon, 13 Jul 2020 15:30:28 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 7700E300A55; Mon, 13 Jul 2020 15:30:28 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com>
Date: Mon, 13 Jul 2020 15:30:29 -0400
Cc: model-t <model-t@iab.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <426A3989-D323-42E4-84F3-8593170F2F54@vigilsec.com>
References: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/-uUIancW7nl7ONvyEJtm0Ie5mlc>
Subject: Re: [Model-t] draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 19:30:41 -0000

#2 has pros and cons.  When one connects to a new public wi-fi, some proxies are often offered to reduce latency.  the choice may be to accept these proxies in order to use the service at all.  So, "control" is an interesting choice of words.  However, it would be really useful to always identify the proxies that are involved. 

Russ

> On Jul 13, 2020, at 12:32 AM, Martin Thomson <mt@lowentropy.net> wrote:
> 
> There have been a lot of discussions recently about the threat model, but I thought that I would contribute something concrete.
> 
> This is an attempt to capture what I believe to be the principles behind some of the more prominent recent protocol design efforts.  In some ways this is a broader take than that in RFC 8558, which was a discussion of transport protocols.  QUIC very much embodies these principles, but I could point to a number of other efforts across the IETF.  The principles I recommend are:
> 
>   1.  Prefer designs without intermediaries
> 
>   2.  Failing that, control which entities can intermediate the protocol, and
> 
>   3.  Limit actions and information that are available to intermediaries
> 
> The draft is here: https://datatracker.ietf.org/doc/html/draft-thomson-tmi-00
> A live HTML version is here: https://martinthomson.github.io/tmi/draft-thomson-tmi.html
> And if you feel motivated to contribute, on GitHub: https://github.com/martinthomson/tmi
> 
> This might not be the right venue to discuss something like this, but as this came out of discussions in Singapore, I thought I would share it here.  This is less about the threat model than a specific response to some of the threats we've discussed; to that end, it probably isn't in the charter of this group, but I hope that it informs discussion.
> 
> -- 
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t