Re: [Model-t] What are we trying to protect
Thomas Hardjono <hardjono@mit.edu> Wed, 07 August 2019 00:38 UTC
Return-Path: <hardjono@mit.edu>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059971200B3 for <model-t@ietfa.amsl.com>; Tue, 6 Aug 2019 17:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQ1GDDyVN6X8 for <model-t@ietfa.amsl.com>; Tue, 6 Aug 2019 17:38:12 -0700 (PDT)
Received: from outgoing-exchange-3.mit.edu (outgoing-exchange-3.mit.edu [18.9.28.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C65C1200BA for <model-t@iab.org>; Tue, 6 Aug 2019 17:38:12 -0700 (PDT)
Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id x770cqiv010485; Tue, 6 Aug 2019 20:38:53 -0400
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 6 Aug 2019 20:38:21 -0400
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by oc11expo23.exchange.mit.edu (18.9.4.88) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 6 Aug 2019 20:38:09 -0400
Received: from oc11expo23.exchange.mit.edu ([18.9.4.88]) by oc11expo23.exchange.mit.edu ([18.9.4.88]) with mapi id 15.00.1365.000; Tue, 6 Aug 2019 20:38:09 -0400
From: Thomas Hardjono <hardjono@mit.edu>
To: Ira McDonald <blueroofmusic@gmail.com>
CC: "model-t@iab.org" <model-t@iab.org>
Thread-Topic: [Model-t] What are we trying to protect
Thread-Index: AQHVTKARMPvYR1mv10m+AYM7i0MFwqbvF6MAgAACjIA=
Date: Wed, 07 Aug 2019 00:38:09 +0000
Message-ID: <061F959D-CA86-46BD-BFE1-4CF8024E7F8D@mit.edu>
References: <4a2324dfd4ba4780a18bcb3f3db7f7de@oc11expo23.exchange.mit.edu> <CAN40gSsibQDrs8yDUYP59U+ume-MMwUpiQ_q0F6t27vQEOt+qw@mail.gmail.com>
In-Reply-To: <CAN40gSsibQDrs8yDUYP59U+ume-MMwUpiQ_q0F6t27vQEOt+qw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_061F959DCA8646BDBFE14CF8024E7F8Dmitedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/LPVYniem7iQHi8-xLAwyRYuX3v8>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 00:38:16 -0000
Hi Ira, I’m familiar with NEA — NEA & TNC (and NAP & NAC) are relatively recent. I’m talking about the majority of RFCs coming out of the Security Area since the mid-1990s. This was a core part of the End-to-End Principle (e.g. key management and handling of keys at the edges, out side the scope of the IETF). /thomas/ ___________________________________ On Aug 6, 2019, at 8:24 PM, Ira McDonald <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote: Hi, I disagree with this characterization of the IETF's historic interest. IETF NEA (built on contributed TCG TNC protocols) is *all* about the security and health of endpoints. And IETF NEA is now being leveraged heavily in IETF SACM for that very reason. SACM is of course *mostly* about the security and health of endpoints and only incidentally about middleboxes. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com> PO Box 221 Grand Marais, MI 49839 906-494-2434 On Tue, Aug 6, 2019 at 5:45 PM Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>> wrote: >>> 1) Attacking the system directly. >>> 2) Delivering an attack through a user-initiated session or exfiltrating data through said session >>> 4) Passive monitoring of all traffic >>> 5) Monitoring and tracking all user's traffic inside their session. Historically the IETF has focused on protocols and communications security. This was an explicit choice/decision of the IETF community in the mid-1990s. So, all the protocols we have (ISAKMP, IKE, IPsec, TLS, etc.) have addressed a threat model that was focused on the communications channel. The security of the end-point, such as a Client or device, was out of scope (until now, I guess, depending). If the IETF’s scope is going to be expanded, I’d suggest the IETF developing an abstraction model and terminology that helps discussion. Otherwise we end up boiling the ocean with too many words, use-cases and scenarios. At the Montreal SAAG meeting I mentioned the term end-point “state”. One way to map the above list of threats would be to express it abstractly in terms of state and the protection of state information/data. So, the above list could be mapped to something like this: (i) Unauthorized modification of end-point state. (i.e. attacking a client OS.). (ii) Unauthorized exfiltration of end-point state information (i.e. exfiltration of data, both system-data and user-data, from a machine). (iii) Malicious substitution of state in transit (i.e. hi-jacking a connection and doing a MITM). (iv) Unhindered reporting of end-point state information (i.e. authentic reporting from a MIB in a device). You get my point. It’s no longer just about protection of the communication channel and transport protocol resiliency. It’s now about the “stuff” at the end of the channel. — thomas — -- Model-t mailing list Model-t@iab.org<mailto:Model-t@iab.org> https://www.iab.org/mailman/listinfo/model-t
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono