IETF Logo Mail Archive

Re: [Model-t] What are we trying to protect

Christian Huitema <huitema@huitema.net> Mon, 05 August 2019 15:12 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08499120098 for <model-t@ietfa.amsl.com>; Mon, 5 Aug 2019 08:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yn2qYa5MND8X for <model-t@ietfa.amsl.com>; Mon, 5 Aug 2019 08:12:05 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D19F12004A for <model-t@iab.org>; Mon, 5 Aug 2019 08:12:05 -0700 (PDT)
Received: from xse402.mail2web.com ([66.113.197.148] helo=xse.mail2web.com) by mx65.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1hueeY-000AYq-Pa for model-t@iab.org; Mon, 05 Aug 2019 17:12:03 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 462Lmb45xGz2j5L for <model-t@iab.org>; Mon, 5 Aug 2019 08:10:23 -0700 (PDT)
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1huecx-0005C3-F4 for model-t@iab.org; Mon, 05 Aug 2019 08:10:23 -0700
Received: (qmail 30567 invoked from network); 5 Aug 2019 15:10:22 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.58.46.251]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <model-t@iab.org>; 5 Aug 2019 15:10:22 -0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <DA015630-9751-423F-A6D9-CEB01B4E6612@gmail.com>
Date: Mon, 05 Aug 2019 08:10:21 -0700
Cc: Ted Lemon <mellon@fugue.com>, Eric Rescorla <ekr@rtfm.com>, Dominique Lazanski <dml@lastpresslabel.com>, model-t@iab.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A58A1E0-83E9-4FD2-8317-FB60E4A05B84@huitema.net>
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net> <06F0AE14-4413-4022-A804-C1B58E2702CE@fugue.com> <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com> <9a1555ca-6699-75f1-683e-2a3a2a539a11@cs.tcd.ie> <fbb6866d-87af-abea-42b4-8bb45959ea6a@huitema.net> <A8ABBBFF-9967-4F3B-974F-2DC5953D5DD9@gmail.com> <CABcZeBOKnaa7t3Nc=uq4sB2OQ+uKp=+_LHqX3bBBmpy3RY3dCA@mail.gmail.com> <86157132-D401-4033-A72B-AD4859DB6696@lastpresslabel.com> <CABcZeBPBy+6W-Yg4vMF1aCyNkE7XAJ81HaM75hKa--gRnpUVbg@mail.gmail.com> <f8782dce-970a-fb11-372b-bc122878308b@huitema.net> <ADAEE6C9-4974-4955-95E6-603B9A857BF9@fugue.com> <DA015630-9751-423F-A6D9-CEB01B4E6612@gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
X-Originating-IP: 66.113.197.148
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0YiRRkpbHZ8F3zevhEShTfypSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDXz6Yli32IJdAuJ3ivsC2SsRX qYbtEQV1z/L435ZRxFSGPbOAkJzPQL7lzlsgQJSJ+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxpgwWbxrOZCJSMpTl/yE2fo2Jw5EvNm+2xR8sCqhXMfwqgZ6weYgSzquK2hxskqXvy8woCTx LKweTbuJ+19zsyHVGVmhMAaQ/AfCRwRe7yHm5oY+NYmsSGn+svMubxnbgm1cr18FZBEPC2/c16Xd 7sC9aC4xteE1WLqGS9YoqrsZ2DyteN0e+ECCv9/f+GPymkgDVo7QBKA4MctKq4ifYPcXFRL2K3LA EfDXVOdt7wDbuhdxf5Dwg9wMBX5ckCo48ayVGvgdM/14NhEhsQ0jllqEE9ykbJ7I9co1MAEE3ruN Xsm8UJsAPvDcVSKtDCYkioPY5Qx4fJOk03R5fJtf/Dv/dkIzS7m4GUpXCY1Y3j3ildfnW8v9hNbj nl3Rzjvd6/g70giG2SKIQNipfk0emfOGJGh1dm1fOh0OcDMnDRpT8JfFStnqj/XcQ5JbCI+5QJ8x iMxSpkvqIEtRL3s4ePxvne6Agjui5gKB/Byw/yqfyPKY2AXNZGS5G93aGyH8MqMlOQRMVMd0HCeT skOZ5TL8m8VlCxerdgGKSHen2A2nRjXg724gFzhHYUe+7aKm0vWEjknX/vI93kPGLC3VzLvjTi+J 2sBvM/O0p+zizleC4va6FPcpDHjXMKZJK8+chibBwAq7uVhOIJwxHQ4Ejy497cTs80/2FnZg/IMs IAdedSzLrjsyfTPCYbMCLdmf5h2vfxw3Qvb2Glio5Cia/9Kfg4kJ0WtAYbrpe3OOAtQNb87OBHCz Hbokiue7PjVB1S6AQRz4SqXhOP5fdiQt7lu5Jm5nk4BSgYHOJJgUtm67rBRli6kULE5BQDZnPvvF VsQ=
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/ECAEWcSGw1Zem-UVvIXx0o1rL6o>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2019 15:12:07 -0000

 

> On Aug 5, 2019, at 7:07 AM, Bret Jordan <jordan.ietf@gmail.com> wrote:
> 
> I fully get that many here do not understand the attack lifecycle at the same level or understand what an intrusion set is and how that relates to threat actor techniques, tactics, and procedures (or their modus operandi). I also know that most here probably do not track threat actor activity.  But some of us do.  We need to bring some of this knowledge and expertise in to the IETF to help insure that we design things that improve overall security for end users on the internet.

I am sure that some of us do understand the struggle against progressive penetration of organizations networks and eventual looting of customer data and corporate secrets. On the other hand, the IETF is not going to opine on specific techniques like isolation of credentials or monitoring active directory servers, or on the signal to noise ratio of intrusion detection systems. I want to wait until we have an actual list of goals and assets, but I suspect that we will need limits.

Some things might be in scope, though. Many of the penetration attacks start with phishing campaigns, using either web access or email. And SMTP is probably in scope. But phishing through social networks would not be.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email