Re: [Model-t] What are we trying to protect
Watson Ladd <watsonbladd@gmail.com> Wed, 07 August 2019 03:33 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2FBB1200B9 for <model-t@ietfa.amsl.com>; Tue, 6 Aug 2019 20:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AheEj3rLJF_p for <model-t@ietfa.amsl.com>; Tue, 6 Aug 2019 20:33:22 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B664912004A for <model-t@iab.org>; Tue, 6 Aug 2019 20:33:21 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id z15so58610319lfh.13 for <model-t@iab.org>; Tue, 06 Aug 2019 20:33:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZHuFYFYPiMo8Y/xFXSppnwF4jlJtDC4oVLvknggxmi8=; b=bf/h1mC0swc7ng8/9qvEVEj5o/5Cb/IxGVsB6Tyvubvym+EPnRwLR3pU4+DUwe00mT xQTztoQaxhXhZfo5l+4mnGim7HwMSYyHcdqxIz8o474mfRIXiKydZN29kmqSTloWyzT6 iyl7sVv+ftRQ/6VG/c8rchFnmdJ7x5m/bwT/YF1orGi1Tuw5ddKcHUR7+hVR7clFywBw MxKbhQaVVFH2Cm5mjgNSY8iBQZuA5ETaWJ1Wpjtahs8Ofe778EEr0FblrdQvR8SLK5jD HxJfRhzJMnB3D/DeGdnvcNmzDonQzTST+BtHUx7Tl+0RAOqCwAQLN/xo/gBQTYjiAhQn c40Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZHuFYFYPiMo8Y/xFXSppnwF4jlJtDC4oVLvknggxmi8=; b=tLTUG9d/FEV1dS1pGwzesx8s6wCzJZohCsRGJLaZuKtGHU8EcWIkuIqxmXx4S+YRMi 1RTsbju7m94HqOZAZPfshSu4EbC4Yowiraq+TynUYPeMV4N1b59Cuf6/x7FEGlajFSko cuYFoJFIQaGu0b5JVe/iAVc4qCf8feKouV0/WlK5+Unf8qaukAcyfjOWgwV2nkLRPGhu +ab/U0PY6S6TV9SNvCW1U2Y9JkP/QsgY24/796PXrSxJAIJa91p0F+pGBnDuuzFxmQ8Q YpURUYUaReUD6qTY02DiYOB8ZMPTkjxlEpdFJ2rXY/hU21lCG5g9ngticv89kDet9m/b msyQ==
X-Gm-Message-State: APjAAAV9YIPdDAxpdZzE55UznOZZlxh4ZC7YxUbmb0Z+LqXk6+wFRuh4 D67Xt9PN+VTByk68cOxd3Bjyz9uw4dJaxeIbeKo=
X-Google-Smtp-Source: APXvYqxwYYou89vj5BCzONVe3wxMVodVjzXS2eRFHl7j4Xwi6V9kgfaLG72+UP2R9o7u3/RRVZGMB4FQwgcr0LybShk=
X-Received: by 2002:a19:2297:: with SMTP id i145mr4461021lfi.97.1565148799777; Tue, 06 Aug 2019 20:33:19 -0700 (PDT)
MIME-Version: 1.0
References: <4a2324dfd4ba4780a18bcb3f3db7f7de@oc11expo23.exchange.mit.edu> <CAN40gSsibQDrs8yDUYP59U+ume-MMwUpiQ_q0F6t27vQEOt+qw@mail.gmail.com> <061F959D-CA86-46BD-BFE1-4CF8024E7F8D@mit.edu>
In-Reply-To: <061F959D-CA86-46BD-BFE1-4CF8024E7F8D@mit.edu>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 06 Aug 2019 20:33:07 -0700
Message-ID: <CACsn0c=HSg98Ed85rQuRgYU+HkgevsN9+xZC3pP8m=1qxAnu=A@mail.gmail.com>
To: Thomas Hardjono <hardjono@mit.edu>
Cc: Ira McDonald <blueroofmusic@gmail.com>, "model-t@iab.org" <model-t@iab.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/8LKLxxHtnPYK9wG8wfjElaanSmA>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 03:33:24 -0000
Kerberos and NFS are two notable exceptions. On Tue, Aug 6, 2019 at 5:38 PM Thomas Hardjono <hardjono@mit.edu> wrote: > > Hi Ira, > > I’m familiar with NEA — NEA & TNC (and NAP & NAC) are relatively recent. I’m talking about the majority of RFCs coming out of the Security Area since the mid-1990s. > > This was a core part of the End-to-End Principle (e.g. key management and handling of keys at the edges, out side the scope of the IETF). > > > > /thomas/ > > ___________________________________ > > On Aug 6, 2019, at 8:24 PM, Ira McDonald <blueroofmusic@gmail.com> wrote: > > Hi, > > I disagree with this characterization of the IETF's historic interest. > > IETF NEA (built on contributed TCG TNC protocols) is *all* about > the security and health of endpoints. And IETF NEA is now being > leveraged heavily in IETF SACM for that very reason. SACM is > of course *mostly* about the security and health of endpoints and > only incidentally about middleboxes. > > Cheers, > - Ira > > Ira McDonald (Musician / Software Architect) > Co-Chair - TCG Trusted Mobility Solutions WG > Co-Chair - TCG Metadata Access Protocol SG > Chair - Linux Foundation Open Printing WG > Secretary - IEEE-ISTO Printer Working Group > Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG > IETF Designated Expert - IPP & Printer MIB > Blue Roof Music / High North Inc > http://sites.google.com/site/blueroofmusic > http://sites.google.com/site/highnorthinc > mailto: blueroofmusic@gmail.com > PO Box 221 Grand Marais, MI 49839 906-494-2434 > > > > On Tue, Aug 6, 2019 at 5:45 PM Thomas Hardjono <hardjono@mit.edu> wrote: >> >> >> >>> 1) Attacking the system directly. >> >> >>> 2) Delivering an attack through a user-initiated session or exfiltrating data through said session >> >> >>> 4) Passive monitoring of all traffic >> >> >>> 5) Monitoring and tracking all user's traffic inside their session. >> >> >> Historically the IETF has focused on protocols and communications security. This was an explicit choice/decision of the IETF community in the mid-1990s. So, all the protocols we have (ISAKMP, IKE, IPsec, TLS, etc.) have addressed a threat model that was focused on the communications channel. The security of the end-point, such as a Client or device, was out of scope (until now, I guess, depending). >> >> If the IETF’s scope is going to be expanded, I’d suggest the IETF developing an abstraction model and terminology that helps discussion. Otherwise we end up boiling the ocean with too many words, use-cases and scenarios. >> >> At the Montreal SAAG meeting I mentioned the term end-point “state”. One way to map the above list of threats would be to express it abstractly in terms of state and the protection of state information/data. So, the above list could be mapped to something like this: >> >> (i) Unauthorized modification of end-point state. (i.e. attacking a client OS.). >> >> (ii) Unauthorized exfiltration of end-point state information (i.e. exfiltration of data, both system-data and user-data, from a machine). >> >> (iii) Malicious substitution of state in transit (i.e. hi-jacking a connection and doing a MITM). >> >> (iv) Unhindered reporting of end-point state information (i.e. authentic reporting from a MIB in a device). >> >> >> You get my point. It’s no longer just about protection of the communication channel and transport protocol resiliency. It’s now about the “stuff” at the end of the channel. >> >> >> — thomas — >> >> -- >> Model-t mailing list >> Model-t@iab.org >> https://www.iab.org/mailman/listinfo/model-t > > -- > Model-t mailing list > Model-t@iab.org > https://www.iab.org/mailman/listinfo/model-t -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono