IETF Logo Mail Archive

Re: [Model-t] w3c also thinking about threat models

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 23 September 2019 18:07 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16C712004D for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 11:07:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4fV4zxxela7 for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 11:07:09 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07BE6120020 for <model-t@iab.org>; Mon, 23 Sep 2019 11:07:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 46cXMw6bF4zqldb for <model-t@iab.org>; Mon, 23 Sep 2019 11:07:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1569262028; bh=UAWg5NzTkpuskS0ZUAfE/ADWN253sLbGq3/SSILsFVs=; h=Subject:Cc:References:From:Date:In-Reply-To:From; b=GJtOP8RpMaVEGOCZbRofgzKNzyV8Q9FZ8x7Hln7tmgLUycdrcJH6bzLbkrsAmuGep a19xGy0jRCP+Ls5O2OI+HA1HTrMCoOHW+qVCAIOChWx6W9Iqa4dbpF/+Y5OVSqDU6o /iXxAyGLdNJylEhLxPCGo4yH+4Bhq833EtkFYnZ8=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [172.20.7.244] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 46cXMw3ZVczqldc for <model-t@iab.org>; Mon, 23 Sep 2019 11:07:08 -0700 (PDT)
Cc: model-t@iab.org
References: <a327c668-6a17-bb9f-318e-e3cea6c6c1d0@cs.tcd.ie> <624F4CA6-8D84-4BD8-A74C-E5AE22709F72@lastpresslabel.com> <A30308F8-D2A5-45CF-88D9-D65240972D51@gmail.com> <27c70832-a631-4622-6119-3a47928c634e@cs.tcd.ie> <49EC2254-981B-4B79-9116-AC24385C2287@gmail.com> <e22b6512-ec19-24dd-56fa-38ac87d1a321@cs.tcd.ie> <D68AA072-F5A6-4535-8CB3-AE9ADD07476D@huitema.net>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <65703c0a-9148-077f-53d8-4781419b6b50@joelhalpern.com>
Date: Mon, 23 Sep 2019 14:07:05 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <D68AA072-F5A6-4535-8CB3-AE9ADD07476D@huitema.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/4pa2UPxQD9tydM1DfsQSderGkCo>
Subject: Re: [Model-t] w3c also thinking about threat models
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 18:07:12 -0000

It seems pretty clear to me that if we take the view that everything is 
in scope, we will not produce any useful improvements in our current 
security considerations in any reasonably measurable time.

It seems to follow that if we want useful results, we had best find 
somewhere to draw a line and agree that we will deal with some 
well-defined scope.

Of course, if all people want is a place to complain about the 
interaction of architecture, protocol, implementation, and underlying 
hardware flaws, I guess we can just complain forever.

Yours,
Joel

On 9/23/2019 1:45 PM, Christian Huitema wrote:
> 
> 
>> On Sep 23, 2019, at 5:32 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>
>> Bret,
>>
>>> On 23/09/2019 15:41, Bret Jordan wrote:
>>>
>>> Given how nearly all attacks, campaigns, malware, and intrusion sets
>>> use the web or software connecting to the web
>>
>> Malware (ab)using the web doesn't imply anything about
>> what might be right or wrong with the current web security
>> model though. Same as malware doing that doesn't imply
>> anything about the security model for IP, which is also
>> in use in almost all such cases.
> 
> Au contraire!
> 
> The past decades should have taught us that bug happens and are exploited. That's very relevant for the Internet threat model. If a server is exploited, will clients and further servers fall off like dominoes? What kind of defense in depth have we built in the architecture? How do we isolate nodes when they are faulty? What remediation strategies do we have available ?
> 
> You can apply this analysis to multiple subsystems. For example, if a name server is compromised, can the attackers gain access to the domains that it serves? Can they obtain certificates?
> 
> -- Christian Huitema
>

v2.23.0 | Report a Bug | By Email