IETF Logo Mail Archive

[Model-t] Possible 3552 changes

Jari Arkko <jari.arkko@piuha.net> Fri, 14 February 2020 16:01 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1B31208A1 for <model-t@ietfa.amsl.com>; Fri, 14 Feb 2020 08:01:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfSXPF6tV9Vs for <model-t@ietfa.amsl.com>; Fri, 14 Feb 2020 08:01:13 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id B0D8F12085C for <model-t@iab.org>; Fri, 14 Feb 2020 08:00:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 7FDFA6601DA for <model-t@iab.org>; Fri, 14 Feb 2020 18:00:53 +0200 (EET)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JuGd2m0gliwL for <model-t@iab.org>; Fri, 14 Feb 2020 18:00:52 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id 6C9F16600C4 for <model-t@iab.org>; Fri, 14 Feb 2020 18:00:52 +0200 (EET)
From: Jari Arkko <jari.arkko@piuha.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <81A6066A-AEA0-4AD7-B8D2-5C652F568734@piuha.net>
Date: Fri, 14 Feb 2020 18:00:41 +0200
To: model-t@iab.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/5etNuxqfdilN2Ize_NNxDUYVbdw>
Subject: [Model-t] Possible 3552 changes
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 16:01:21 -0000

Working backwards for a bit, I wanted to take a look of the possible options we have for an eventual update of RFC 3552. I was able to identify three possible approaches to these changes.  See below for them.  Do people have a feel of what kind of eventual update style would be desirable? The exact wordings below are examples, but there seems to be possibilities to do a very minimal change and a very large, lengthy guideline change.


OPTION 1. Simple

For instance, ddraft-arkko-farrell-model-t-02 section 6 suggests this:

  OLD:

      In general, we assume that the end-systems engaging in a protocol
      exchange have not themselves been compromised.  Protecting against
      an attack when one of the end-systems has been compromised is
      extraordinarily difficult.  It is, however, possible to design
      protocols which minimize the extent of the damage done under these
      circumstances.

   NEW:

      In general, we assume that the end-system engaging in a protocol
      exchange has not itself been compromised.  Protecting against an
      attack of a protocol implementation itself is extraordinarily
      difficult.  It is, however, possible to design protocols which
      minimize the extent of the damage done when the other parties in a
      protocol become compromised or do not act in the best interests
      the end-system implementing a protocol.

----

OPTION 2. Adding more material about endpoints and core issues

In draft-arkko-farrell-model-t-02 this is also in section 6.


   NEW:

      The design of any Internet technology should start from an
      understanding of the participants in a system, their roles, and
      the extent to which they should have access to information and
      ability to control other participants.

   NEW:

   3.x.  Other endpoint compromise

      In this attack, the other endpoints in the protocol become
      compromised.  As a result, they can, for instance, misuse any
      information that the end-system implementing a protocol has sent
      to the compromised endpoint.

----

OPTION 3. Adding even more material about guidelines, areas of concern,
recommendations of techniques to use.

We  have not seen proposals for this yet at least.

v2.23.0 | Report a Bug | By Email