IETF Logo Mail Archive

Re: [Model-t] What are we trying to protect

Eric Rescorla <ekr@rtfm.com> Sun, 04 August 2019 05:08 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB89120059 for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 22:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrE4hdmcPE2b for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 22:08:45 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B86A12004F for <model-t@iab.org>; Sat, 3 Aug 2019 22:08:44 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id d24so76389779ljg.8 for <model-t@iab.org>; Sat, 03 Aug 2019 22:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OAtOeTslkbHsqcEXWL2dGwl2DdmI6tyquiVz74FfUbU=; b=eClMFqk+3JqEhdqkfEuE39R5z6j2FY+lmsbRBnpyHa4gopXQGRRGjFnwAxWumMm325 +Wh/65iIEhdzrbenfAQsCI0X7t13wo7FlAihjTX/x+xiVGTcq6GiNpJAj8Bzx9RHSvfW LxrtFiqn5vuXIu9R0+V/vs2w6huBwSF2FkD8Uu/kB2Xwti82BVOnh4Zy0dbaCs5hF74e GgOxe7ufPqVZnGxUNLaALRhBgbyACt8gmbrAJ8bSz9NLik3UZKQrTazwWNCphVcFZuK4 Ff6yS7Fb2Cb/oGWfdBLGYuPi39Hof67orsvgl/jRiBdLqxX8+MX9FkEZ0UogaHwW4FSs N2Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OAtOeTslkbHsqcEXWL2dGwl2DdmI6tyquiVz74FfUbU=; b=N6OCBUV7noVr5ZIQ2LWjGboGF5u2asRynj5hZ2QnKlV31eb1LaQLmjsScl5hE1Cg/v n4fxwoPbIXUowoDdcqBP4M7q+Xih/sDFnZZWFD4B8tbwsBznoUkNg9/ePxBe2sPWtxpp KAQB5G0XQ4fuOHoa3XN5qX1/+zWLKmIUJy6WqAIf0KcLbH2UskvknImXwPncijDLOhFY 4algYwsWfr06jkrvNuRmMDt0l5ZOmn/MYU6WosJPDuh/PIz5lDVI60iyrREpDak0e/GX X1hN3SW/KG63SY9QtK5xN8HxcrEYLEQoOiH0/wgdvAjTputjbQDR8p+mWFImnSQfiuMk eEKA==
X-Gm-Message-State: APjAAAWrcLFfsTNGcrCxxBaSdJXaYskoqVH50ECS3bXvO5KgYmWC/0FK ek8/SKrwcBXv9crEnl2STOuFd/ZPgq5ZDM47fNI=
X-Google-Smtp-Source: APXvYqzrPI7UIWrl++n/k5fWKQWYJk+/FSWr9lOymTlp+elF5rxe3tRPPcXpLU8Ra5SJRyQVMfy5AyAMRZH4WtcKujY=
X-Received: by 2002:a2e:8892:: with SMTP id k18mr4631060lji.239.1564895322714; Sat, 03 Aug 2019 22:08:42 -0700 (PDT)
MIME-Version: 1.0
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net> <06F0AE14-4413-4022-A804-C1B58E2702CE@fugue.com> <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com> <9a1555ca-6699-75f1-683e-2a3a2a539a11@cs.tcd.ie> <fbb6866d-87af-abea-42b4-8bb45959ea6a@huitema.net> <A8ABBBFF-9967-4F3B-974F-2DC5953D5DD9@gmail.com>
In-Reply-To: <A8ABBBFF-9967-4F3B-974F-2DC5953D5DD9@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 03 Aug 2019 22:08:04 -0700
Message-ID: <CABcZeBOKnaa7t3Nc=uq4sB2OQ+uKp=+_LHqX3bBBmpy3RY3dCA@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: Christian Huitema <huitema@huitema.net>, model-t@iab.org
Content-Type: multipart/alternative; boundary="000000000000d247a4058f43952c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/2nLDRLxwwGETshez47VYUDvJieY>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Aug 2019 05:08:47 -0000

his seems like a reasonable problem statement for the overall problem of
computer security, but not really for IETF.

To take a concrete example memory reading attacks like Spectre are a threat
to user data and something that browser vendors spend a fair amount of
energy working on, but they're mostly not in scope for IETF [0]. There's
nothing wrong with that, it's just division of labor.

-Ekr

[0] I say "mostly" because (a) we need to take the security implications of
these kinds of attacks in our protocol designs and (b) there might be some
small pieces of IETF work like CORB, though that seems to be mostly being
done elsewhere.

On Sat, Aug 3, 2019 at 2:47 PM Bret Jordan <jordan.ietf@gmail.com> wrote:

> Protection of end users’ data
>
> Protection of an organization’s data
>
> Protection of devices owned by an end user or an organization
>
> Protection of network equipment
>
> Protection of SCADA system
>
> Protection of critical infrastructure
>
> Protection of IoT and soon to be released 5G devices
>
> Protection of cost optimized controllers
>
>
> The problem we have had in the past is we want to call this one of the
> following, but each one does not encompass the full picture.
> 1) Computer security
> 2) Data security
> 3) Information security
> 4) Communication security
> 5) Network security
> 6) Application security
> Etc, etc,
>
> So if you way we are just dealing with communication security or
> information security we are missing a significant piece of the pie.
>
>
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
> can not be unscrambled is an egg."
>
>
> Reading this thread, I think that we are missing a step. We cannot
> define attacks without defining first the assets that need to be
> protected. Different actors probably have different views on that, such as:
>
> 1) Continuous operation of the Internet
>
> 2) Continuous operation of a specific Internet provider
>
> 3) Continuous availability of an Internet Service
>
> 4) Continuous connectivity for a given user
>
> 5) Protection of databases used by services and enterprises
>
> 6) Protection of the personal data of users
>
> Do we have agreement on what we are trying to protect?
>
> -- Christian Huitema
>
>
> --
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t
>
>
> --
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t
>

v2.23.0 | Report a Bug | By Email