IETF Logo Mail Archive

Re: [Model-t] model-t@iab.org list description

Ted Lemon <mellon@fugue.com> Sat, 03 August 2019 18:37 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B49E12011E for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 11:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TS1Yfo-CSPe3 for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 11:37:40 -0700 (PDT)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF031200D6 for <model-t@iab.org>; Sat, 3 Aug 2019 11:37:40 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id k10so8124384qtq.1 for <model-t@iab.org>; Sat, 03 Aug 2019 11:37:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9xZ9ZQSz8F33uOYSAFxHJ1GTVf0Svupchum8j+0gSv4=; b=LiaDGx3/X9U5mSGfz9qSdPbbse65YbYeOE2B8/4ignCZo2NhSHH6Y8DgPRBvPdq2Pm sO7mAQvjhmSCbP1h3Dl/fKdv1h9BjUiWR/Ly6JHIzeUjf9Qvq2Bf9tH+DtkrJYbj+wOh maFpn9WMQlqiZ0qM8juxY1xWfSeLzBrJ6XilqNsWdoLt8UjGk9uxWSVxbLQ5Peo2xjLr Y/PmfdBIuagGKjwsgMITkHR39tVsXI6NxslgPfk9iDedw+FrEb/gnl2pZDaB8sSSz91Y hYpLNkZYFEqnDJnLWq+yAuE8e7VesLKrsRj7N2S7HXWsdRY3EjoE845VdYyDfrWMl3Qi KdoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9xZ9ZQSz8F33uOYSAFxHJ1GTVf0Svupchum8j+0gSv4=; b=U4Z4zu4huN4r9COnb87RdMI5Ecqe5h2iJa8wpfkNRz96K4leZrriAHwt8f3EBe72o5 xEucuOMtUs0FQDyEonX81mP59VLZjVe2Hf8h5nc+mvGM1s2ufo01U0R0MzadntL9Htd8 NtM+UJTGEusQ21PfolBAIHHLlSpF0MFwFMs+NAuRG07lURYPOpe2tF2F6ZMAUkIVvueR hBRJHty4crKMzu3VdsAC2stjZYsYiMN2wZthjzTGli7tqo5Se9l83X98/SzcjZj2rlKT 2C1xUVi8wCMrXFQF3UopSJjrADsFrrj+Whk1/YgTeOxMzCoSsVccvQw7KxvzOZeZcHZk K26g==
X-Gm-Message-State: APjAAAV3+PcofsgUnv+5mLxbQsFti9lZ7U3l2yiIsWa9caNtrvmW4g7d X81VOnoExMAEQ8V8zWYk6CF5yHEYKf3WTg==
X-Google-Smtp-Source: APXvYqzu9WBowkbj5/tCWZg/hJ42x6FNgzx7lILYRor7PfiMDA0BtAW1A1qKTxQwphWHL98dF+XHwQ==
X-Received: by 2002:ac8:29a4:: with SMTP id 33mr97794837qts.1.1564857459395; Sat, 03 Aug 2019 11:37:39 -0700 (PDT)
Received: from [10.0.30.11] (c-73-186-137-119.hsd1.ma.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id x2sm33358801qkc.92.2019.08.03.11.37.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Aug 2019 11:37:38 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-CBE7DDF5-B9C0-4B4C-8978-5143C8E769FE"
Mime-Version: 1.0 (1.0)
From: Ted Lemon <mellon@fugue.com>
X-Mailer: iPhone Mail (16G77)
In-Reply-To: <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com>
Date: Sat, 03 Aug 2019 14:37:38 -0400
Cc: Jim Fenton <fenton@bluepopcorn.net>, model-t@iab.org
Content-Transfer-Encoding: 7bit
Message-Id: <40A8E8F0-ACF7-40DA-BE78-58483751FBB4@fugue.com>
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net> <06F0AE14-4413-4022-A804-C1B58E2702CE@fugue.com> <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/FpRqeuSU7Hz7Q0a_d8FPJGOiod0>
Subject: Re: [Model-t] model-t@iab.org list description
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 18:37:44 -0000

Bret, I appreciate that this is a special area of technical expertise and that it has a domain-specific vocabulary. That is what the word “jargon” means. 

The reason I raised this concern is not that I can’t go out and learn this jargon. It’s that if the goal of this effort is to help the IETF to do a better job of reasoning about threats, the IETF has to be able to understand the output. 

There is already great work going on in this space amongst the experts. If this is to just be another such effort, I don’t think it will accomplish your stated goals.  So I’m being deliberately pedantic here because I would like to see the output of this effort actually change how the IETF reasons about threats. That’s going to require some foundational documents. The fact that you didn’t point me at an RFC or draft to answer my question tells me that I’m not wrong to be concerned. 

Sent from my iPhone

> On Aug 3, 2019, at 1:39 PM, Bret Jordan <jordan.ietf@gmail.com> wrote:
> 
> Ted,
> 
> This is not jargon, this is the language that is used in this space. If we are going to write a document or come up with text to help improve a document that deals with this domain, then we should probably know and understand the domain. Attacks against network connected devices (endpoints, network equipment, IoT devices, etc) are all in scope.  So when we work on designing solutions for interconnected systems, we need to understand this space.  Designing technologies without taking this space into consideration is very problematic.  
> 
> We have many in this group that work in this space and have very detailed knowledge of it.  If you have specific questions, I am sure many of us would be willing to help fill in the gaps.  
> 
> IMO, the key to our work is to help improve the IETF’s understanding of risks, threat actor TTPs, attack surface, etc.  This space has evolved a lot recently, and has definitely changed since 3552 was first written.  Further, given the upcoming market shift to 5G enabled devices and its changing attack surface, this work is prudent at this time.  Gone are the days of “Escargot Model” (a term I started using back in the late 80s / early 90s) of security. 
> 
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
> 
>> On Aug 3, 2019, at 11:12 AM, Ted Lemon <mellon@fugue.com> wrote:
>> 
>> Yes. It would also be good to avoid domain-specific jargon. Presumably the goal here is to provide something of value to the whole community, not something that only people who are familiar with a very specific vernacular can use. 
>> 
>> Of course, I might be mistaken about the intended scope of this work, so if this sounds wrong it would be good to get consensus on that. 
>> 
>> Sent from my iPhone
>> 
>>>> On Aug 3, 2019, at 12:52 PM, Jim Fenton <fenton@bluepopcorn.net> wrote:
>>>> 
>>>> On 8/2/19 9:24 PM, Bret Jordan wrote:
>>>> 
>>>> To borrow your words…  “If we are going to take security seriously”…
>>>> we need to understand and document the full attack surface.  So let
>>>> us start listing them out.  Here are four.
>>>> 
>>>> 
>>>> Attack: Active remote attack
>>>> Exposure: Full compromise of system and data
>>>> Client Knowledge: Potential indicators may be visible
>>>> Protection Possibilities: Deploy both client and network level protections
>>>> Headwinds: Client based protections are usually inadequate
>>>> Severity: High
>>>> Kill-Chain Phase: Lateral Movement
>>> 
>>> [etc.]
>>> 
>>> Perhaps we need to decide what we consider a threat model to be. I see
>>> Bret's list as a collection of specific attacks (tactics), while I
>>> consider a threat model to be at a higher level than that, e.g., whether
>>> nation-states, or supply chain threats, should be part of that model.
>>> 
>>> When I was working on the draft that became RFC 4686 (DKIM Threat
>>> Analysis), Russ Housley gave me some very good coaching about how to
>>> structure that. He suggested that it should describe:
>>> 
>>> - The nature and location of the bad actors
>>> - What the bad actors' capabilities are
>>> - What they intend to accomplish via their attacks
>>> 
>>> How do we want to define threat model?
>>> 
>>> -Jim
>>> 
>>> 
>>> 
>>> -- 
>>> Model-t mailing list
>>> Model-t@iab.org
>>> https://www.iab.org/mailman/listinfo/model-t
>

v2.23.0 | Report a Bug | By Email