Re: [Model-t] w3c also thinking about threat models

Watson Ladd <watsonbladd@gmail.com> Mon, 23 September 2019 14:52 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D247A12009E for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 07:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InDEmW92Jcm9 for <model-t@ietfa.amsl.com>; Mon, 23 Sep 2019 07:52:11 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3197D12006D for <model-t@iab.org>; Mon, 23 Sep 2019 07:52:11 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id m7so14031470lji.2 for <model-t@iab.org>; Mon, 23 Sep 2019 07:52:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pqndrnmxwejI1ZLP57GjsO4GYEZJAdNA5xOnsoP8g0g=; b=hImCBroc7ug+v5YDcFc1xYROfGl/WSMFK4g/a4Jy2XBy7+snOlkUV4dbBR1UBsg6+2 TQM4vCGICXDxHrIykAqctw7LHVChakebXJc9REQP/visVIEH5Ijml8HLLs9YYnmFiRWG pMxqPHmYv4VJwLNB579AxLAtC0FJZzIJAgCciZgT0hFkYAO1bYFJw5gr8pvuiskqBN8d lj9gMM4AY2i/zfoD8J2JdvnW8jaHPbWLLrJr3891W5pFbGmAwROK81WMGvAGd4ZqF4Et Mw3h0ieoLiPX09LYDaeXUFEEk/LzbM4dh4SPzLHEU5vm9XIeKG+bIgJVdnxRthHiulHv FhNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pqndrnmxwejI1ZLP57GjsO4GYEZJAdNA5xOnsoP8g0g=; b=YpBduwe2EPlbUhPnwC53UYfN//Sl+5GbEQfUpJAAUt+u1pDnnJ2b3caGx3X91UnN43 AN29pexfQrieLhBLgqRrRj7sbJhkx6XzHW+iDHV9Gr0qdKqK41KphPjIarc0q53M8sLT hzLozOR+5kxNkyR6Um3z5Nx0w7HCZaX/JEM5E0Mm2PO1JkRAlnYNkCS2Wap2h0FnPH26 mf8EIv9oQl/OSVOP8hJirkCntMePmAsOuzWUrjcAUFqzykEiR3VIYLTyycFJN702cLZG z5CCx0OiFIw6d4oCq7XxqPEts5DvbNH7eNz5bHqqbm8kq5TqjjhGd6X94Nh9i7ChQvM4 +Gmw==
X-Gm-Message-State: APjAAAWOUyAeMK5wIvlsRwFa5zAmWE2AmQco3o1g07J0/AbEouwAvi4l sxWEuNn1hqkiHVp+6ogDvIdb+jq3FIxbz5SS02U=
X-Google-Smtp-Source: APXvYqw3WejWH/A4K1AVUOq40kNhVhwUVFiipYlvKmGILgNyFxmQ10cGweXO6nZmmDC5y6Tf66xcWV4PMSppaC5xSH8=
X-Received: by 2002:a2e:85d2:: with SMTP id h18mr1595453ljj.18.1569250329240; Mon, 23 Sep 2019 07:52:09 -0700 (PDT)
MIME-Version: 1.0
References: <a327c668-6a17-bb9f-318e-e3cea6c6c1d0@cs.tcd.ie> <624F4CA6-8D84-4BD8-A74C-E5AE22709F72@lastpresslabel.com> <A30308F8-D2A5-45CF-88D9-D65240972D51@gmail.com> <27c70832-a631-4622-6119-3a47928c634e@cs.tcd.ie> <49EC2254-981B-4B79-9116-AC24385C2287@gmail.com>
In-Reply-To: <49EC2254-981B-4B79-9116-AC24385C2287@gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 23 Sep 2019 07:51:54 -0700
Message-ID: <CACsn0cnT9nNKzAb7bewuSUPE=u=rocDpzbkOgrqXAZ+iGf+TUw@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dominique Lazanski <dml@lastpresslabel.com>, model-t@iab.org
Content-Type: multipart/alternative; boundary="00000000000070282c0593399085"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/Cd9Q5CdE-JlXWrGQXw763zdtk94>
Subject: Re: [Model-t] w3c also thinking about threat models
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 14:52:14 -0000

On Mon, Sep 23, 2019, 7:41 AM Bret Jordan <jordan.ietf@gmail.com> wrote:

> > the web has a reasonably worked out security model
>
>
> Given how nearly all attacks, campaigns, malware, and intrusion sets use
> the web or software connecting to the web to either compromise victims,
> exfiltrate personal or private information from victims, or destroy
> victims’ information I think one could easily argue that your statement
> that there is "a reasonably worked out security model" is false.
>

An RCE vulnerability due to memory safety issues isn't a a result of not
thinking about the security model.


>
>
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
> can not be unscrambled is an egg."
>
> On Sep 20, 2019, at 2:01 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
> On 20/09/2019 18:48, Bret Jordan wrote:
>
> Yes, privacy is just one facet.
>
>
> Sure, it's clearly true that privacy is not everything
> in the IETF context, nor in w3c either. I guess the
> argument for putting more focus on privacy in w3c might
> be that the web has a reasonably worked out, (even if
> imperfect) security model (the SOP etc), but that the
> web has been pretty awful for privacy. Well, that's an
> argument I'd make, not sure if the people involved in
> the w3c work would:-)
>
> S.
>
>
>
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
> can not be unscrambled is an egg."
>
> On Sep 20, 2019, at 11:12 AM, Dominique Lazanski <dml@lastpresslabel.com>
> wrote:
>
>
>
> On 20 Sep 2019, at 11:26, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
>
> Hiya,
>
> Hope we all had a nice summer break from this
> discussion, but I'd like to try see if we can
> get back at it, so I've added reviewing the
> various drafts folks have posted to my todo
> list - I hope to send some comments/reviews
> in the next week-ish.
>
> In the meantime, it looks like w3c are also
> thinking about threat models [1] which is
> interesting.
>
> Cheers,
> S.
>
>
> Thanks for kick starting this list again especially after the summer!
>
> Interesting W3C work, but I would add that they are only looking at
> privacy threat models so they have that covered. Perhaps we should look at
> system security threat models since W3C has kicked off their work
> specifically on privacy. That way we can be more holistic about the work.
>
> Looking forward to the discussions.
>
> Dominique
>
> --
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t
>
>
>
>
> <0x5AB2FAF17B172BEA.asc>
>
>
> --
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t
>