[Model-t] Model-t Perspective and Method Questions
"Rezaki, Ali (Nokia - DE)" <ali.rezaki@nokia.com> Wed, 23 October 2019 14:43 UTC
Return-Path: <ali.rezaki@nokia.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89B721200E6 for <model-t@ietfa.amsl.com>; Wed, 23 Oct 2019 07:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P43M9q0c22GB for <model-t@ietfa.amsl.com>; Wed, 23 Oct 2019 07:42:59 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50118.outbound.protection.outlook.com [40.107.5.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F25120822 for <model-t@iab.org>; Wed, 23 Oct 2019 07:42:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gmuY/LZFORyISZJsVbb6O8397nkPQIYTtQh2HH0NAXfUncOCDEenTmAnj4NC5oceAJuBY9Yvm7M87Hfdk2SxM3DKua7HDT78jnE9S6zzmUP+WPWWOoYKyo9/o9MdH4aXr3WYsP6NWdNpMaXDGM6FqiF1ggC4XLrJk34SzydiozhhckdZX9cpikNtJYVzZBLhEN87Fh2Q+HcZAqpOuZpZngLoENXqLG+DXDVSTWXIP2f03R+/I6yRvYpBzrI0JYRUTBZLNcURUtjDCgNZ+qwN2lH4+aqFNf/Y1DR0JJcNQ/fEa/B3i7BQB8f7ZxbsX7oGbVmxGPL/VIv4el38XVwX5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0kFldc3OAuP5FRkXg6XZCZEiHjKO1ed+DeQ1Bm1VIlk=; b=L3/q+jjEyXG7kjWfY9fsjz5+ZaNF2NwOtjvLG12pFGRPw31GPsM+5gk0iUGJYA8V9Kg+1JJH/tjj7/119iz8ktEPiqkDxvIfQJXmteZjCqd2XgwZCULaENINEgICe4hYfR+R6LZkBgWSoBF/pfn2rF8QU6P0XeJwS+4F/uxBsMf/nf3Wc3FoAmI2O5yWHS9EeHzfpjRLWKz9f6gge0a2FW50TgHPJ3FttXRSgFME6aA0vPJ6D8iva41lEaU+S4VF0jOAnQjdxWz/w/5EZO2CWxK8bkPYUKATf0Hs54rkpr07yigpF/3/fxzKZxX/83sIGSsrB8KUdU8ibttEoXPrHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0kFldc3OAuP5FRkXg6XZCZEiHjKO1ed+DeQ1Bm1VIlk=; b=abcYvtz/Kjy6BitCWPmwKjwo8CL39PrU1XWWTu5QeZWxT/m1t5IiCbT6JTQw+vhhiTmaWnl6Gp1645ZRnGs2FfOVHsEBCakDo4jEba2dgH2rpNTz5EfgtqN+wkMM0Ux8JuCnRI3moyvjIqSAc/zFCswPMdabFqJXqfKgqm+lF3E=
Received: from HE1PR0701MB2953.eurprd07.prod.outlook.com (10.168.95.140) by HE1PR0701MB2218.eurprd07.prod.outlook.com (10.168.30.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.14; Wed, 23 Oct 2019 14:42:55 +0000
Received: from HE1PR0701MB2953.eurprd07.prod.outlook.com ([fe80::156d:cafe:dc0d:c613]) by HE1PR0701MB2953.eurprd07.prod.outlook.com ([fe80::156d:cafe:dc0d:c613%3]) with mapi id 15.20.2387.016; Wed, 23 Oct 2019 14:42:55 +0000
From: "Rezaki, Ali (Nokia - DE)" <ali.rezaki@nokia.com>
To: "model-t@iab.org" <model-t@iab.org>
Thread-Topic: Model-t Perspective and Method Questions
Thread-Index: AdWJrkVpsio8zy3WTn2tQl85jfl9wA==
Date: Wed, 23 Oct 2019 14:42:55 +0000
Message-ID: <HE1PR0701MB2953A82FC4D71E30A5AA9FB8936B0@HE1PR0701MB2953.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ali.rezaki@nokia.com;
x-originating-ip: [131.228.32.165]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 41710e07-eb4e-49cd-5589-08d757c74aa2
x-ms-traffictypediagnostic: HE1PR0701MB2218:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB221841AE159D468C0C57B7E8936B0@HE1PR0701MB2218.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 019919A9E4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(136003)(346002)(396003)(39860400002)(199004)(189003)(6436002)(2351001)(2906002)(7696005)(3846002)(25786009)(81166006)(33656002)(102836004)(8936002)(55016002)(99286004)(9686003)(6506007)(5640700003)(8676002)(6116002)(71190400001)(71200400001)(81156014)(186003)(2501003)(476003)(74316002)(486006)(26005)(305945005)(7736002)(86362001)(66574012)(316002)(14444005)(256004)(14454004)(5660300002)(52536014)(478600001)(66066001)(66446008)(66476007)(6916009)(76116006)(66946007)(64756008)(66556008); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0701MB2218; H:HE1PR0701MB2953.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6q/BA/uH0qzPgZ0k5c+Kv73kESCPCt9UTfIjOS67Yrabh9RVeHSIZwrl5lCfcLuOqKtxcoaCPqUEBYeCbrbLn4RJ4DSozCWsVTLoi7FUsFQ75SASy9eaAQtTf/MiAE3h61SsUyZM7gJ8jF1z5mP2Q50ZgJPkYnzHmvYVpPrK4kqwu3Yqh64CYsy3Q9hEwJXbnAbjnD2byOgQrRYvhxNeaXybObJ5OCdgYFXK7VCxAFHgA/b5NQWs54ugTLKZc8IG3HohCoFiHurkKO3ljYgVkFTx5xcelhEZ8vNxkRXLzckq5UqA9J6znrDUEXr3QDKl3sg51kWHkUhQA5d+MwzgzSDZlJr+cpx8QYxV+X16mLyIqBKUKMfr2NgVh2s1uAfQSitE68mdDQ5jUNfuoVn+vHPhLbtRwJrl6Vc+fi67kWaA3ywzD2lkN6hrebqUko3V
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 41710e07-eb4e-49cd-5589-08d757c74aa2
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2019 14:42:55.7186 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xurkU8PPbuGv6Ef7Rlk9pT/9tC6iJDn08ERLb53Cdoyilb5LYG6FQ/f49MlX2UitIG8Low5Vt090ER4VcQtglQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2218
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/J8g3WcbqK3ma_tREXu-ZVoYTPVg>
Subject: [Model-t] Model-t Perspective and Method Questions
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 14:43:01 -0000
Hello! This is a short contribution about the perspective and method of the Model-t efforts, informed by the drafts submitted to the recent IAB DEDR workshop and the discussions so far on the Model-t mailing list: Starting from the basics of BCP 72, would it be fair to say that BCP 72 helps RFC authors to determine the security risks for users of the protocol content they are producing? BCP 72 does this by providing a catalog of threats that communications and systems could face and asks the RFC authors to design protocols without vulnerabilities that could be exploited by these threats, thereby avoiding the associated risks. Any residual risks due to unmitigated vulnerabilities are to be documented as part of the “Security Considerations” section. BCP 72 informs RFC authors of the threats they should consider. It includes an Internet threat model and definitions. Definitions and assumptions of end-systems and the communications channel between them play a key role in the resulting threat model. BCP 72 assumes that end-systems are generally uncompromised while the communication channel between them most likely is. A question for the Model-t discussion is: has the threat landscape changed significantly enough, to warrant the creation of a new Internet threat model, so that this can be used to inform RFC authors, enabling them to mitigate vulnerabilities in their protocols that could otherwise be exploited by these new sets of threats. As the definitions of end-systems and communication channels play a central role in BCP 72, it is worthwhile to see what changes happened in these domains over the years. For example, the protocol stacks of end-systems are significantly affected by the interplay among roots-of-trust, increased number of virtualized layers and applications such as browsers, with which most of the services used on and between the end-systems and over the Internet and in the cloud are accessed - and often using E2E encryption. Considering these changes, where would an end-system begin and a communication channel end? How are these changes co-existing with the end-to-end principle? Do these developments change the definitions used in BCP 72 and the associated assumptions, also impacting the vulnerabilities and threats accounted for in existing IETF protocols? To make things more concreate, it might be helpful if examples could be given of attacks that exploited vulnerabilities in IETF protocols that could not have been prevented by the current threat model in BCP 72. Cases where an updated BCP 72 could address a previously unaccounted for threat and enable the mitigation of a vulnerability and risk in an IETF protocol would have a clear significance for Model-t efforts and would help define criteria for potential changes. If RFC’s had vulnerabilities since they did not take BCP 72 recommendations into account, that’s a different lesson outside of Model-t scope. Vulnerabilities resulting from specific implementation failures not found in the RFC specs would also be excluded. The IETF protocols already created and being worked on give a rather well-defined scope to this effort. Beyond making IETF protocols less vulnerable, IETF security community also has the aim of creating security protocols to make Internet communications, processes and assets less vulnerable, as seen with the work on TLS versions over the years, among others. The perceived threat model would have a bearing on what security measures are being developed at the IETF. These security measures would also be in areas already being covered by IETF work. For example, in the case of TLS, IETF had already been developing Transport Layer protocols and securing the Transport Layer was also within that scope. This also follows from the horizontal nature of security, where area specific vertical expertise is needed to create effective security mechanisms. Therefore, if IETF has been working on topics in a specific area, it would also be in a good position to mitigate the vulnerabilities emerging from that area. In this respect, the security threat model discussion would be informed by any IETF-wide strategy on scope and coverage of IETF work. Has the scope of IETF work been evolving and if so, is there a set of criteria used? For example, would it be helpful to give a perspective on how IETF started working groups such as TEEP, RATS and SUIT, which seem to have additional benefits for securing end-systems beyond their relation to communications security? If this perspective would make sense, would it be helpful then to initially work on: 1. Examples of attacks that exploited vulnerabilities in IETF protocols that could not have been prevented by the current threat model in BCP 72, and in what way the threat model in BCP 72 could be modified to address these vulnerabilities? 2. Requesting information from related IETF contributors about a map of areas that IETF considers to be in scope for its work, and its evolution over the years, also identifying the underlying principles? Looking forward to feedback and discussions here and at IETF 106 in Singapore. Thanks very much for your attention. Cheers, Ali
- [Model-t] Model-t Perspective and Method Questions Rezaki, Ali (Nokia - DE)
- Re: [Model-t] Model-t Perspective and Method Ques… Stephen Farrell
- Re: [Model-t] Model-t Perspective and Method Ques… Rezaki, Ali (Nokia - DE)