Re: [Model-t] Review of draft-thomson-tmi
Mohit Sethi M <mohit.m.sethi@ericsson.com> Wed, 08 December 2021 14:58 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EBA3A09C7 for <model-t@ietfa.amsl.com>; Wed, 8 Dec 2021 06:58:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.154
X-Spam-Level:
X-Spam-Status: No, score=-4.154 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_ABOUTYOU=0.5, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EphCLlSb9QfV for <model-t@ietfa.amsl.com>; Wed, 8 Dec 2021 06:58:30 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70047.outbound.protection.outlook.com [40.107.7.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90CA83A09CD for <model-t@iab.org>; Wed, 8 Dec 2021 06:58:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sq3wRiS0BVBwJiiC5MRYglwfOM+WUmtbsmHsze0P3hZpwwOe7XgI1iTST8dCKObe4aye+l1cSyNv3la9k++/M+XaJJBp8kPwNvGWOgjnxYTGetITiVkLuvrKLLO9DHt4gswQn5dAggnUoI0Qrn0eGcYMvO2cnTtgJZDqRDLbHcI4xLGQpkPMok5nFhPl36sCzhvksCmf8r827YNavS6lK5rzGG/P0VRyR5B39gmj9CEOqKaHd13CXOrgcAsD4u4DOHc9IWcZ1eLaZ+qt3zGQwEexIDt43u1NK6n+Kuiz357FNbXnsUB0+rVY8PO9owILqpgJlV1bsxhJDlOPlIDUqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3DAq1SSz7LAIiM39pt0gvJzmDlnHYnfdV2hskTfU2iY=; b=EF7as3ungaTQFkzKIgqeb4v5+BcyZwEdiw/GfnLCKcyN82eiCYWY0qF8c3h2hWxCBZSnLO9Jh7glQkmL4JHsDxfpO2DGVt7ksAggLbOl2lVKxDaF+vXvgANHQnePOJ2zjnDFsWLLD1f5deXQ7GK5silL2lz+OT2qlyle4uofAEs3koPFIgVUo7RSBssmGQp/PX3/0zCdYbrhfEjHKFFouSps/Qweww7aY92eLI7OAX5ffc1hFhfzDAcG5IFFdBXyoMQvWZd+O+xlahSoiDZAv1YsQ00syWw9AuZgzjKQRiPtjR0pG5eSNIRtbuPh4GSTzJ7Lb0QnRZHoGNO0SLqVzA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3DAq1SSz7LAIiM39pt0gvJzmDlnHYnfdV2hskTfU2iY=; b=GSBQ/crRDaT0NhJimmzXQPZjpWzpSzSWaFpEzvcyBq+TjEtd7115cQTHgZrUuegf5bQCSUvpM8qHZVfGUKrXh7Rs/9ltrMuniE1LvmPcsvFoC0cUCukeIDX6XqSvgCu1v0zEoAfm52RGWPV6Mg3bViIzgvdeNJpmn7cNCe3rIVI=
Received: from DB9PR07MB7164.eurprd07.prod.outlook.com (2603:10a6:10:214::24) by DB9PR07MB7164.eurprd07.prod.outlook.com (2603:10a6:10:214::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.8; Wed, 8 Dec 2021 14:58:25 +0000
Received: from DB9PR07MB7164.eurprd07.prod.outlook.com ([fe80::5c5e:d5a4:adf5:d1cd]) by DB9PR07MB7164.eurprd07.prod.outlook.com ([fe80::5c5e:d5a4:adf5:d1cd%5]) with mapi id 15.20.4778.012; Wed, 8 Dec 2021 14:58:25 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Watson Ladd <watsonbladd@gmail.com>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
CC: Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>, "model-t@iab.org" <model-t@iab.org>
Thread-Topic: [Model-t] Review of draft-thomson-tmi
Thread-Index: AQHX7EQMwgwPqqii2kSk5J3B7B4L0Q==
Date: Wed, 08 Dec 2021 14:58:25 +0000
Message-ID: <545c28b5-ff72-5ce5-1b57-8658ff884de1@ericsson.com>
References: <F2034CB3-D829-4C50-BC84-A89DE360FF7E@piuha.net> <1793552336.53819.1638947644889@appsuite-gw1.open-xchange.com> <CACsn0c=pKw6YpEVFC5Tw-h7YUD=BavvQFs3+qbaUZpjNWNs-pQ@mail.gmail.com>
In-Reply-To: <CACsn0c=pKw6YpEVFC5Tw-h7YUD=BavvQFs3+qbaUZpjNWNs-pQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 81864ad8-60c0-4c49-a4c1-08d9ba5b2fa3
x-ms-traffictypediagnostic: DB9PR07MB7164:EE_
x-microsoft-antispam-prvs: <DB9PR07MB71642D5B77CB626690404B67D06F9@DB9PR07MB7164.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UDQ9Upe9kWVApzI+MN4ZGsyk7q6a+PFk8sroFw5iwwl/wCan2JeeKgDphkZuKXG0vP93CqVOphoQIhlMNVXkbkXG0NCwrv5CbI7VDX+pcxOgQLXeVtbx5Mq+IWVGTt7zGKJN0hJw5T5EJlxUISPgcuuQztz7SjOEAudLsZHOVM5F5AhCIvNfBqgYn6vTFm61KgCbXza36NPvJiLoI0n9q7RdA7bpR9eQrmaHPSOLd7aYuZHuo5U7yLSJyfOsqVfidS6mm/Rcq4lvLXXrReKJx6C7nKPNG/LXoTJMaJqynh6rYLF7DD6gte4bBC0eJX1frLaA0eG+ILW520OGfOV8bNU5vbtyN1ftbC9OrE7vFfVo/uWYKtMpgsbBs5sXv3HVHyZmM+vjRTyoQiMolFh/Hm9UxtXEgA0GLNQVvuwjUBnNC80lydM9AafDmg7vFhokiHobgcKPKcTjC00idXYWOo4So4ZHL230lTtXWfwRJsrd8KVBwbiF9z2nTsyohMTb4Cb9n3t6Wdl0Zilhlyvj7jtSduXJaiT0EGYcpQBlFtRcE5rnIY13+DYis9CNhxJD6rs83E6httl0Ma+vmXnaUSYMAM8oH7yA8le9/Jra593iTeusoVf3RvZ2EAXYB2WsVNn8qF+oJ59uZjeVZpZKD+Qg3iS95mwiCFnyy0fNcCfI24ng8+flzXw1uq3JYzWT93iEKQb6F3+r1lH0sDePsDdCZ47Gx7ZrDdYAkA1tEGCV6d/thBBb/0FxGMz60ZGjddo9uhs9prlYpkUJbh4VqrHKhhcxC4KR+l1xzsKUOgrURnviGNyxgiFWuC/POaZlU1r+HhVj66rBR5rR7A+6729HjAU70Tu8++llp+4evZM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR07MB7164.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(36756003)(86362001)(66946007)(91956017)(64756008)(186003)(66476007)(53546011)(6506007)(66574015)(31696002)(6486002)(83380400001)(6512007)(66446008)(66556008)(76116006)(31686004)(38070700005)(82960400001)(122000001)(8676002)(71200400001)(38100700002)(508600001)(8936002)(54906003)(110136005)(4326008)(5660300002)(2906002)(316002)(966005)(2616005)(43740500002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yr1Jc4hj2/MoVPmR1KC05C3pOQ4SgQV9bZdvrVdL9uAdpmTE0uIg6WwxyPzKbNERGF3tatOCBhCaiDe3TkMCkB4X46VgtsURNihSv99oWw04EryAbNjxR6XN7S5VPExnES5dthVIGKkFouYz6tEsAFZaP4NfK6xSi5OlKpLeAW5aD98Zsc1SBpYcoKvEnbMIP0t/k61KV3swkM8zvoJsvrKJB+gAs5R/ik5wdTK6/nbCa9qf8M34csb9fealqt4ZkY0kZ6bIA1WcZpo5uOCM/Li5dKSAEFIJ3qqe8dt824MdqtTlIR5UZXi8EwKDQmWSuqvkjTfQzG/r54UGnvooG+pNFZp85RiWYpURpr5AFPbZovriOu0x/eoG/0BLWa/Xy50ALmnTESpPNbaeRwseRdpI1E+IiaIsjCXpQa+dcyiz+nbxeEC5m4xFoNasyBzzPGeZGcRdBbV3fsFHhN3TfbeIQ5biIXdbEGYBQwhlV1zYyb9JlqrE55jCfvett41+awdhLwJkQ9fDi0oa98b/oWLi2vWGL04krTHfPVip+QDHGHA3xW0VkeLQ5TzvyqWZS6eaKQa0USpEp7+Ym1h6i6jfOXI9SUtaRDmeTMRaEKwE1W0LJAtyu4tAIVbMNIQ0K2RpD1e+rFdiQwVuMenyTWbB7BTbT40Hu/inZ5HVPUPBmyOhhHD9js4iJYQUayqnu9sme0/EWgRi2r2ivGSVhTz6e+7dTS2GSDTli/DdcwGncazDkKlajUOvqQxhzkrZ4goXDljqJemlhXYmdVow+sU/7AnyIRzqRTdGRzYe5BNQxkUAurLOpbqEsqKCocqGRVB7Fr8Qj4aBBr/Y2azrlnW4PEIAEAft0cgt7POIX0uDqv0Urri99PvB0wgexswh2uaqVkrcstMQa100xEmt4SFRRtbYf/nHepo6ENxMxwiZOrPvaXFlwpRd2z6a7VkNQlOgsyoFp93cNAlc8cEZ18bNyy34yQYUqcEclDLrCvSuQDs6ppHRSN0FHa/jh7tDTCDLCnIpVF2Na2TO2fAjsJ0ypZYpR1LrOX3uZIJ+YDEJ5DqX+vKNxufq3p7L2bTMc6xZMqV9ZmTZFQ7cCoaL9Sq3jM6FiT7dBtZJBPfeP/jnUMbo8ZsuNKD7Ntk8B33TdffQXSipsC18MIZ9dWs3mddLJuZ03QSbzx+HEN2OvMuR1h1VsZjxKHL+D8pTgdG5HKyzIfZeUlHR2F5j8ybSTTQsKFn+6DL3YzZFqictGG25H3XUNmY0xyPo8Uzn1t5DLqQSqJe8lYFlOjmpZDS+9zdGdszOc3SQEDwDS8vIVdwPJJ30xtyQJFmr4ED0G3ln0ICXRHYTC3BOm2fybRDQFcixarEuDITfJikI1zms6684RGWQEElzQ5YICTg2lj8rWd6JV3iYDNB+kQhJBPkLCRDsOaenIOg8opnQ1JUhR6X4lP31v5p4t54DsnpdMWDdx1PM6NGABqT1pUbuQO540IVzab+pn6tvqRYoC5KLF1NgTfYKIc4o/H1ia/am5VchyX9lvCyWhekwCKtlzTCSDq/y+s75nYQYUUJbJwqb9L5pvwm97+Evh2hkshS0r0+Lo+N0wmTCZqiwo1BRozaslqb+7J3SPHsz2JmmG1lh/EkrEMFepTJvTS7+LHwmRzmS/Yvx+KkTyZOu2wLIHW3ddc9EWEViQneQELSQqfaVhk8Y7dEmeGal2RrFxm+H1O3IlAn5UgtjeK1ZN4MtlPNQWw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <5C827B4473F1B54C998E6AC8C757DEF6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR07MB7164.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 81864ad8-60c0-4c49-a4c1-08d9ba5b2fa3
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2021 14:58:25.2992 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: X59BaJSBwrBVMmOcAgutFTD3Z/KHtRYCOJ/L/OT6F5ox8SAZJd+1H4Q29/NUhYCsFEtqA0WDwPTC8La8Kn8iI57mqCbfI+9gIY6RC8ZA/9I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7164
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/5xFoT_QH7xnu8IVgjBXgTaijztI>
Subject: Re: [Model-t] Review of draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 14:58:35 -0000
Initially, I had a similar opinion: if an endpoint is compromised -> game over. You can't do anything about communication security. But I changed my opinion after reading, understanding, and evaluating misbinding attacks: https://dl.acm.org/doi/abs/10.1145/3321705.3329813 (sorry for self-publicity). Essentially: an honest endpoint can prevent a compromised endpoint from involving another honest endpoint into the conversation to play confusing games on who is talking to whom. Protocols can build mitigations to prevent such games if an endpoint in a conversation is compromised. The same applies to Jari and Matrin's draft. If you tell less about yourself to the other endpoint, there is less information available to the attacker when the endpoint is eventually compromised. I think the goal of model-t is not to improve endpoint security. Its what bad things can a communication protocol prevent when an endpoint is compromised? --Mohit On 12/8/21 3:05 PM, Watson Ladd wrote: > On Wed, Dec 8, 2021 at 2:14 AM Vittorio Bertola > <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote: >> This is also why I would prefer to make recommendations on intermediaries only after having fully clarified the definitions above. There are cases in which intermediation is the only resort for a user to protect their privacy and security from misbehaving endpoints (e.g. a firewall or filter blocking IoT objects on the local network from connecting to undesired destinations, or preventing the unsuspecting user's browser to connect to a phishing page). We should first understand how the relationship between protocol intermediaries and endpoint intermediaries plays out in terms of user-centred objectives, and only then make recommendations. > I don't understand how the Internet Engineering Task Force can > meaningfully address endpoint security. Nor have I seen an example of > how 3552 updates would meaningfully address this, or changes in > protocols that would help either. If the product you want is Ware > report 2.0, that's potentially valuable, but not I think what we need > for the I part of the IETF. >
- [Model-t] Review of draft-thomson-tmi Jari Arkko
- Re: [Model-t] Review of draft-thomson-tmi Vittorio Bertola
- Re: [Model-t] Review of draft-thomson-tmi Watson Ladd
- Re: [Model-t] [EXT] Re: Review of draft-thomson-t… Vittorio Bertola
- Re: [Model-t] Review of draft-thomson-tmi Jari Arkko
- Re: [Model-t] Review of draft-thomson-tmi Mohit Sethi M
- Re: [Model-t] [EXT] Re: Review of draft-thomson-t… Watson Ladd
- Re: [Model-t] Review of draft-thomson-tmi Martin Thomson
- Re: [Model-t] Review of draft-thomson-tmi Martin Thomson
- Re: [Model-t] Review of draft-thomson-tmi Vittorio Bertola