IETF Logo Mail Archive

Re: [Model-t] draft-arkko-farrell-arch-model-t-00

Christian Huitema <huitema@huitema.net> Wed, 13 November 2019 20:59 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F3E12004D for <model-t@ietfa.amsl.com>; Wed, 13 Nov 2019 12:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHccjWBSt4TQ for <model-t@ietfa.amsl.com>; Wed, 13 Nov 2019 12:59:56 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4A412004C for <model-t@iab.org>; Wed, 13 Nov 2019 12:59:56 -0800 (PST)
Received: from xse374.mail2web.com ([66.113.197.120] helo=xse.mail2web.com) by mx105.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1iUzjy-0009SJ-Hx for model-t@iab.org; Wed, 13 Nov 2019 21:59:53 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 47CxkW6gxRz2H9F for <model-t@iab.org>; Wed, 13 Nov 2019 12:57:07 -0800 (PST)
Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1iUzhL-0000sy-QS for model-t@iab.org; Wed, 13 Nov 2019 12:57:07 -0800
Received: (qmail 31755 invoked from network); 13 Nov 2019 20:57:07 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.58.43.57]) (envelope-sender <huitema@huitema.net>) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for <model-t@iab.org>; 13 Nov 2019 20:57:06 -0000
References: <38EB9353-06DF-47A5-9BEE-D9CCA8402600@lastpresslabel.com> <207D09B7-7CB0-400B-B955-A614BBBFDBA4@gmail.com> <79e01647-2516-3b79-6144-6fb2ca8dec8d@cs.tcd.ie> <C59ABF09-6A9F-4C76-B641-87AA20BBFC61@lastpresslabel.com> <aad261c5-cb38-f0a5-cb23-36fbc317c2b6@cs.tcd.ie> <AD7336CD-1CC1-4BAE-9334-6325D13CB740@lastpresslabel.com> <057991b6-bbbd-387c-1998-8cb69c80c10e@cs.tcd.ie> <ea021a1b-e3b8-4830-9eb9-2ca9c12aea8b@www.fastmail.com> <a8eeb252-7fb5-4b60-5c4b-adc64ef8ff97@cs.tcd.ie> <F7DD6627-2E61-4A4A-8400-F650DEA78DAB@gmail.com> <947e5538-c1b4-854c-f812-979d6dd6bde5@cs.tcd.ie>
To: model-t@iab.org
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <905a5d56-3fca-32cc-0028-d356474f1545@huitema.net>
Date: Wed, 13 Nov 2019 12:56:59 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <947e5538-c1b4-854c-f812-979d6dd6bde5@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="AQ4ehjfZQb553hJpXMvuCr8yr5txvtrub"
X-Originating-IP: 66.113.197.120
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0Z++tGVgV1MWB9kSxAKl4kKpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDXz6Yli32IJdAuJ3ivsC2SsRX qYbtEQV1z/L435ZRxFSLicgNX8LpV+vh1rAQjoSi+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxph9w6EwXICYy0ePXtGEMhqrwBb733ZN4jAbrTI5wHo5JWU6UgOqKJ9sMwhVoOBGSAIboXtx P9OF0EfNs5TqNq2Yhy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw 5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf BaU/iegBU8afR67T7N272aMX0YT5C7M3QPCcVq0HVeMOTBT2/8a2FOPyQ8eOjnOSj7SZ6hycmpT2 ie80q3LAG2MiIaIREzT1xNjuO97khcUFBr/guEWv1bdCp3Zd9clP8wSiJZWbJCj+xRrjVmRxpGtS cvUmgj1LlWoM1QCrt2+4tYw3Mg9lNF2jZAOanSBpz6Rja2u/0jLZp+pUtGrUbACwpzqPWA+mh+Xw USsu3r8c/nSA6bEnnvysta6u1iHEyuS7GD1uvcroekqj40YmbLXuaqnbzsGgJOYIJd4MvQ0Nf4Ec bvHO1diDanHV9KirFAIIecsyj+YNTo81GR+jDXFsz/ZQnbbTizvwlZsrbltGiZoUh+c+5pFVgpT1 b21uZVckGp0ccOa2XhkGbmsUNPNkere1WheNsVXmhO8BzADiszcWR9bz/SDtF09JpSbuuCeiIDK0 C/0=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/OiLCxNA4kH7cdgARynpoD_DlblY>
Subject: Re: [Model-t] draft-arkko-farrell-arch-model-t-00
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 20:59:58 -0000

Doing my prep work for the meeting in Singapore, I have been reviewing
draft-arkko-farrell-arch-model-t-00. I think this is a very good
framework for the discussion, which does reflect the discussions in the
IAB prior to launching the "model T" effort. I have a couple of nits
that I would like to see fixed, and I will list them later. But first, I
would like to point the differences with
draft-lazanski-smart-users-internet-00.

Draft-arkko-farrell-arch-model-t-00 addresses much of the threats
discussed in draft-lazanski-smart-users-internet-00, including efforts
to delineate what we should really mean by end-to-end. There are
differences in tone, as Lazanski's draft reads more like an advocacy for
different classes of defense, but beyond the difference in tone there is
an important difference in focus on threats against businesses, botnets,
and persistent actors.

I think the threat model should try integrate some of these threat
descriptions. Botnets are so common that they probably deserve their own
section in the next version of draft-arkko-farrell-arch-model-t, looking
at how these things are built, what they are use for, and how better
security could if not prevent their formation at least make them easier
to detect and demolish. Similarly, attacks against enterprise networks
probably deserve their own section, including how they are used for
ransomware, DDOS or spying, how they progress over time, and how the
enterprise can detect and mitigate attacks in progress -- probably with
a mention of the "kill chain".

Some of the enterprise attacks are facilitated by poor security postures
inherited from the early Internet development. The worse offender is
probably the classic domain-based defense, "soft on the inside, crunchy
on the outside". Draft-arkko-farrell-arch-model-t addresses some of
that, but could be more forceful.

I understand that there is a tension between describing the attacks and
securing the Internet. Combating botnets or persistent threat requires
monitoring system behavior and flagging anomalies. Some of the current
tools do that by monitoring clear text parts of the traffic. These tools
are threatened by advances in end-to-end security that also contribute
to hide the bad actors. There is a natural tendency by some
practitioners to block the end-to-end security advances in order to
preserve their existing tools. We don't want to reinforce that line of
argument, but we need to discuss it and delineate the alternatives.

As for the nits in draft-arkko-farrell-arch-model-t-00, I noted that in
the basic guidelines section (4.1), the draft says:

 3.  Perform end-to-end protection via other parties:...

The paragraph actually explains the dangers of involving third parties
when performing end-to-end protection. I think it would be clearer to
state that in the headline, as in "Minimize reliance on third parties
for end to end protection".

The additional guidelines section has a paragraph about greasing. I
wonder whether greasing really is a security function, or something
else. I don' see the case for greasing made in the observations section
(2). You should either make it, or not mention greasing.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email