Re: [Model-t] w3c also thinking about threat models
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 23 September 2019 19:44 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F29DA120020 for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 12:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8zL8AwDUT3S for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 12:44:38 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9189312000F for <model-t@iab.org>; Mon, 23 Sep 2019 12:44:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 671DCBE53; Mon, 23 Sep 2019 20:44:35 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upl2Df4TcwCI; Mon, 23 Sep 2019 20:44:34 +0100 (IST)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AE6E5BE51; Mon, 23 Sep 2019 20:44:33 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1569267873; bh=bXNlXAorKIXhtQvq7Xo3dn/q2jYDNgmsZTPXr909cOA=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=lWuKHOWzZHfIDJxO75kX98DPq5p+PQ3EHyOJ/E+CxAKk5Laf8xQ27eFaF4+ifNoYV WtelrHZpBNvBigEU+S2F0/vgPbIYE2Cz6WCrUFL3KO6qKKTzy/iXBupDRWrX4XzxaZ x6VsmroG8JmUvo936yql57LBF/7iZyXnm+CmQXDU=
To: Christian Huitema <huitema@huitema.net>
Cc: model-t@iab.org
References: <a327c668-6a17-bb9f-318e-e3cea6c6c1d0@cs.tcd.ie> <624F4CA6-8D84-4BD8-A74C-E5AE22709F72@lastpresslabel.com> <A30308F8-D2A5-45CF-88D9-D65240972D51@gmail.com> <27c70832-a631-4622-6119-3a47928c634e@cs.tcd.ie> <49EC2254-981B-4B79-9116-AC24385C2287@gmail.com> <e22b6512-ec19-24dd-56fa-38ac87d1a321@cs.tcd.ie> <D68AA072-F5A6-4535-8CB3-AE9ADD07476D@huitema.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <760ac8ab-d0c1-af88-5686-358816849268@cs.tcd.ie>
Date: Mon, 23 Sep 2019 20:44:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <D68AA072-F5A6-4535-8CB3-AE9ADD07476D@huitema.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="bpmVbMQ6PC1wHzZSbOGNyBprtTxqLWz0R"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/1psLxfMp--4l0y0Axxx1eqSAfMs>
Subject: Re: [Model-t] w3c also thinking about threat models
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 19:44:42 -0000
Hiya, On 23/09/2019 18:45, Christian Huitema wrote: > > >> On Sep 23, 2019, at 5:32 AM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: >> >> Bret, >> >>> On 23/09/2019 15:41, Bret Jordan wrote: >>> >>> Given how nearly all attacks, campaigns, malware, and intrusion >>> sets use the web or software connecting to the web >> >> Malware (ab)using the web doesn't imply anything about what might >> be right or wrong with the current web security model though. Same >> as malware doing that doesn't imply anything about the security >> model for IP, which is also in use in almost all such cases. > > Au contraire! > > The past decades should have taught us that bug happens and are > exploited. That's very relevant for the Internet threat model. If a > server is exploited, will clients and further servers fall off like > dominoes? What kind of defense in depth have we built in the > architecture? How do we isolate nodes when they are faulty? What > remediation strategies do we have available ? > > You can apply this analysis to multiple subsystems. For example, if a > name server is compromised, can the attackers gain access to the > domains that it serves? Can they obtain certificates? Sorry, I'm failing to see how what you say is contrary to what I said above. Can you explain? In case it helps: to clarify what I meant, ISTM the fact that HTTPS can be (ab)used for C&C or exfiltration doesn't mean that the threat model used in the design of HTTPS is broken. I also do agree that defence in depth is worth considering in this discussion, in particular how to handle DNSpionage and supply-chain type threats to which I guess you may be referring. But those two things don't seem to be in direct conflict to me. We may want to document threats like the latter so that implementers and protocol designers can better consider them, but that doesn't seem to imply anything much to me about the goodness or otherwise of the web security model. Cheers, S. > > -- Christian Huitema >
- [Model-t] w3c also thinking about threat models Stephen Farrell
- Re: [Model-t] w3c also thinking about threat mode… Dominique Lazanski
- Re: [Model-t] w3c also thinking about threat mode… Bret Jordan
- Re: [Model-t] w3c also thinking about threat mode… Stephen Farrell
- Re: [Model-t] w3c also thinking about threat mode… Bret Jordan
- Re: [Model-t] w3c also thinking about threat mode… Watson Ladd
- Re: [Model-t] w3c also thinking about threat mode… Bret Jordan
- Re: [Model-t] w3c also thinking about threat mode… Stephen Farrell
- Re: [Model-t] w3c also thinking about threat mode… Dominique Lazanski
- [Model-t] scope (was: Re: w3c also thinking about… Stephen Farrell
- Re: [Model-t] w3c also thinking about threat mode… Christian Huitema
- Re: [Model-t] w3c also thinking about threat mode… Joel M. Halpern
- Re: [Model-t] w3c also thinking about threat mode… Watson Ladd
- Re: [Model-t] w3c also thinking about threat mode… Stephen Farrell
- Re: [Model-t] w3c also thinking about threat mode… Christian Huitema
- Re: [Model-t] w3c also thinking about threat mode… Bret Jordan
- Re: [Model-t] w3c also thinking about threat mode… Watson Ladd