IETF Logo Mail Archive

Re: [Model-t] draft-thomson-tmi

Christian Huitema <huitema@huitema.net> Tue, 14 July 2020 14:45 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DE133A0827 for <model-t@ietfa.amsl.com>; Tue, 14 Jul 2020 07:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTKU8H6ALlnf for <model-t@ietfa.amsl.com>; Tue, 14 Jul 2020 07:45:15 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0273A079E for <model-t@iab.org>; Tue, 14 Jul 2020 07:45:15 -0700 (PDT)
Received: from xse363.mail2web.com ([66.113.197.109] helo=xse.mail2web.com) by mx169.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jvMB7-000I0D-Fg for model-t@iab.org; Tue, 14 Jul 2020 16:45:10 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4B5jwQ6qFyz1H5R for <model-t@iab.org>; Tue, 14 Jul 2020 07:44:54 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jvMAw-0001d6-Qr for model-t@iab.org; Tue, 14 Jul 2020 07:44:54 -0700
Received: (qmail 6796 invoked from network); 14 Jul 2020 14:44:54 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.46.169]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <model-t@iab.org>; 14 Jul 2020 14:44:54 -0000
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Thomson <mt@lowentropy.net>, model-t@iab.org
References: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com> <1164022876.4302.1594630518489@appsuite-gw2.open-xchange.com> <004e5fc9-e284-4c84-8a3c-7872ceb1d20b@www.fastmail.com> <a5838569-2b93-e982-1c9f-df773456c494@huitema.net> <CABcZeBOjcSJAt4G3q87ew3UNrLS2YkSN-+=TTUm6RVW22jfaLg@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <8d7b79d6-22f6-2212-d3c1-9b6580cea009@huitema.net>
Date: Tue, 14 Jul 2020 07:44:54 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOjcSJAt4G3q87ew3UNrLS2YkSN-+=TTUm6RVW22jfaLg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------65CA83F5D53253A30AF995D1"
Content-Language: en-US
X-Originating-IP: 66.113.197.109
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.61)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0ZZlDYW4q2llG44Qh0NJtYKpSDasLI4SayDByyq9LIhVRY4x7cmFfw+m oJy0DEMYUkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDXz6Yli32IJdAuJ3ivsC2SsRX qYbtEQV1z/L435ZRxFS5S69BvEKkf1amm3fMImbB+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxph9w6EwXICYy0ePXtGEMhqrmZ/a0xedHgxK4bNgL90SSmU6UgOqKJ9sMwhVoOBGSAIboXtx P9OF0EfNs5TqNq2Yhy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw 5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf BaU/iegBU8ZoVN8Qrp33SLbI6vQ4dJWg4nuZrRf7bMi0WRR6pZ+nWcCb4WZWkVrYezNd1V+B+YBX 0SU68ek9wyYNR7nSKrZbQsAM8hGlAkv+YXlQiOyIRazNjLvclnGzlTC8ZgkR3laIWqvAxiBHuIuS y5fCAlEk0VWYCfLPqkWXifMRxLdrXFACVO3tx78u0bG7If2TCVSfok6okgkKSBQ5UFi/cEQJ2wGw CbE5ivrQv3Y9ufzQXjnzSXChKWk/itcbicJsIPcuIsWKPu4X2JMp047GsHDdfqb5R4VemuUI6bcE ARsm0De6PaZO6/JToEyx4tmc5OljkPSpPXAVjl2oMr8a1xm0wfXUFMjTH2DyD8i5kO5bZlYFvf25 LVONYbYifH5OzZCwIgD/xDehea09OpnwSuobZrrGExMR7eTbBjMGDKI3ijhhJn7Muv/NHXl0o++8 3wM=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/B-mRJh94Wg5EDFRb2YYd1i6f1Rk>
Subject: Re: [Model-t] draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 14:45:17 -0000

On 7/14/2020 5:44 AM, Eric Rescorla wrote:
>
>
> On Mon, Jul 13, 2020 at 9:33 PM Christian Huitema <huitema@huitema.net
> <mailto:huitema@huitema.net>> wrote:
>
>     On 7/13/2020 5:25 PM, Martin Thomson wrote:
>
>>     On Mon, Jul 13, 2020, at 18:55, Vittorio Bertola wrote:
>>>     I think that this really depends on who you are and how you see the 
>>>     world. There are people who are more afraid of the endpoints, given how 
>>>     hard it has become to be able to know and choose who you (the 
>>>     applications and devices you use) communicate with - so these people 
>>>     would like to become intermediaries, or install intermediaries, to 
>>>     regain control of their communications. 
>>     I did not claim that this was addressing all of the problem.  I agree that not being able to trust endpoints that you bought and are responsible for maintaining is a real problem.  I disagree with the idea that more intermediation is any sort of solution.
>
>     Yes. There is a privacy argument that it is important to be able
>     to inspect what comes out of the device, in order to shine a big
>     light on possible privacy abuses. There are also two classes of
>     counter arguments: first, that weakening the data protection of
>     these devices plays in the hands of a variety of bad actors; and
>     second, that in the case of competent device makers, inspecting
>     the traffic won't reveal much.
>
>     Take the example of a cloud-backed security camera. Inspecting the
>     traffic will show that it is sending streams of video images to
>     the cloud service. That won't be a surprise, because that's
>     exactly what the device is sold for: send the images to a remote
>     service, so the users can check the security of their home from
>     their cell phone in the office. At the same time, just knowing
>     that will not tell you that the images are harvested to feed a
>     facial recognition database, or that they are made available to
>     the police. That kind of abuse happens in the back end. And yes,
>     there are real life examples of door-bell cameras doing exactly
>     that. And of course we could define the same scenarios for
>     thermostats, light bulbs and many more.
>
>     Asking the device makers for a way to inspect their traffic of
>     such devices won't give you much, and the back doors required for
>     enabling that are almost guaranteed to be abused by hackers. What
>     you really want is some form of control on what happens to your
>     data once they reach the cloud.
>
> I agree that that would be good. Another approach is to have the
> devices be open source so that one can determine what it is they do,
> rather than attempting to reverse engineer it from the traffic.


Open source the software is indeed a good idea but software these days
is only partly on the device. Take the example of the doorbell camera.
If you open source the software, you will verify that what it does is
sending video streams to the cloud. You will not see that the cloud
itself is forwarding the streams to the police, or doing face
recognition and extracting meta-data to document your social graph. If
the problem is in the cloud, the solution has to address the cloud.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email