IETF Logo Mail Archive

Re: [Model-t] Review of draft-thomson-tmi

Martin Thomson <mt@lowentropy.net> Thu, 09 December 2021 05:44 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56CF93A0EA2 for <model-t@ietfa.amsl.com>; Wed, 8 Dec 2021 21:44:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=WY743aCr; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=F0TByjS2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZeVLeTutcDt for <model-t@ietfa.amsl.com>; Wed, 8 Dec 2021 21:44:23 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E1C13A0EA0 for <model-t@iab.org>; Wed, 8 Dec 2021 21:44:23 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 945E25C0310 for <model-t@iab.org>; Thu, 9 Dec 2021 00:44:21 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Thu, 09 Dec 2021 00:44:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=mmCEq fV8X00ztrm6QpRBqIeewzMCmaL5a26Op4nG3V4=; b=WY743aCrs1tGeurEywNTI WWOZWba3EjGTfYyqFXQD6mHz3cqwbb4KrdE3EdI0LQ0GF6WDbwNd8sgLrTj09D+u Uh4DvDpkwUsSHsBqLNihN0c6Ny1feLtnyu9zNQuIMRRXZcyTNvUIXD27tP9yRahu sQUPVRvW9mgkmI0LYdQ5yJ5gxvBs2RGPqziVVjFDYts4a485SaLuE+EMoofTo73v lvXgbglX2ZzALkld629XqdDGQmMF3dHlLxUpPJ5aHDnwIeubSH93IztKDP8hjIrp GMBXds/HewQhSBvsjbq2Ppe+UtzxuTBR8yhRuiHSN5dDu076Ci18rTDDg2UppisY Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=mmCEqfV8X00ztrm6QpRBqIeewzMCmaL5a26Op4nG3 V4=; b=F0TByjS2iNAOuUBrcElkLBdEkGaPxdoFEB6udQ1CPZRFDYehMCrBrUYP3 1sjnLbc1LqkhUrQ/2O0da6YWV7XxryfDbpg/zvqJ/T2MmWv+x9/MJqaG8B/M0q72 8bwiUD8qwPz/5ciA4JuVsFXHZGGcwqMff0FGXMMNfr10gOdZ6gSTZvxzb6FXwFlP coosJNNSw2xAZ3weaAZn5oMY9qp+SsRT4HbX0rdohtksGgOmk5Kv7G/uB1BWFSMr KruqWZufQmCGsnbDoL5flv4rpnJT272o65vQi75RSBZz6Bg0KSdj4CT5Zh7Eq4NO Pnf5WjvNBoMyq8waLI4iwgopr9ALQ==
X-ME-Sender: <xms:tZexYROmqEx7hY9p4Z6ob572BSXk2vz5Tgm2xWSweOMWFTgm-pii4A> <xme:tZexYT_kfQSQERDmzLlBjqEwJVT_EAcNOCFM1uky1xdScmG56YRziI3gO6lCwHYLj kzwSr41ueSxhswbdDk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrjeelgdekkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefgheefffevfedukeehve ekhedtjedutdetleettefgtedvhffgvdfhiedvheekveenucffohhmrghinhepmhhoiihi lhhlrgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:tZexYQQhHwjApd-QaOLjXFyECKzjBOtaYdPYVphbBKbCGeEvU_8bsA> <xmx:tZexYdsSfpn464b08vZsrYU1mNqybzM7Wwj8fYyEvOSTLVLfC3Gq4Q> <xmx:tZexYZeNxifnSPJRl-A32LIQS-qWcR4TZbK32QiF-Ya_L0d9USy2Ow> <xmx:tZexYTqg8vrWcT4RkQPKdrWtlXw6OtmNj8Wl7loWt7VinY9yx2Sq1A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6D3473C04A3; Thu, 9 Dec 2021 00:44:21 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4506-g4374de3f18-fm-20211208.001-g4374de3f
Mime-Version: 1.0
Message-Id: <1b002d17-04a8-44fa-a43b-025b77265a1d@www.fastmail.com>
In-Reply-To: <A473106B-6FC2-46E6-BEE1-8283E024A748@piuha.net>
References: <F2034CB3-D829-4C50-BC84-A89DE360FF7E@piuha.net> <1793552336.53819.1638947644889@appsuite-gw1.open-xchange.com> <CACsn0c=pKw6YpEVFC5Tw-h7YUD=BavvQFs3+qbaUZpjNWNs-pQ@mail.gmail.com> <A473106B-6FC2-46E6-BEE1-8283E024A748@piuha.net>
Date: Thu, 09 Dec 2021 16:44:03 +1100
From: Martin Thomson <mt@lowentropy.net>
To: model-t@iab.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/GDIhe4evFjo6KF3HajiwjKp0PbA>
Subject: Re: [Model-t] Review of draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 05:44:28 -0000

On Thu, Dec 9, 2021, at 01:21, Jari Arkko wrote:
> *) That we don’t have 100% trust can be for many reasons, either due to 
> potential attacks, lack of protection in the endpoints, or merely 
> differing interests. Often all three :-)

This "do you trust me?" view is something I think we're all agreeing about.  That is, trust is not Boolean, it should be contextual, purposeful, and limited in scope.  When it comes to protocol design, this is generally all we can say.

To some extent, I despair that we have to write down something like the data minimization principle.  But Mozilla had to [1] and we're considered a pioneer in that regard.  From a security perspective, it's an application of the principle of least privilege that I see being routinely ignored.  We should not judge the inclusion of new data on the basis that it might be useful. We should maintain a higher standard.  

QUIC was, I think, an example of that.  In the extreme, the spin bit is perhaps the most well-justified bit in any protocol (RFC 3514 being a possible exception), but that general design ethos was applied throughout and that had benefits in terms of efficiency and simplicity[2] as well as security.

Jari's draft goes further than I think is necessary - something I'll send a separate mail on - but I do think that a document on minimization could be a valuable contribution to the literature.


[1] https://www.mozilla.org/en-US/about/policy/lean-data/
[2] Yeah, it's hard to say that QUIC is simple, but it could have been MUCH worse.

v2.23.0 | Report a Bug | By Email