Re: [Model-t] draft-thomson-tmi
Christian Huitema <huitema@huitema.net> Wed, 22 July 2020 01:14 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA7023A07A2 for <model-t@ietfa.amsl.com>; Tue, 21 Jul 2020 18:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5M29-2sg-bJ for <model-t@ietfa.amsl.com>; Tue, 21 Jul 2020 18:14:03 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3BA83A078C for <model-t@iab.org>; Tue, 21 Jul 2020 18:14:02 -0700 (PDT)
Received: from xse423.mail2web.com ([66.113.197.169] helo=xse.mail2web.com) by mx128.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jy3KY-000Wkz-ES for model-t@iab.org; Wed, 22 Jul 2020 03:13:59 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4BBHXz3srQz2DPv for <model-t@iab.org>; Tue, 21 Jul 2020 18:13:55 -0700 (PDT)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jy3KV-0001UL-Ck for model-t@iab.org; Tue, 21 Jul 2020 18:13:55 -0700
Received: (qmail 30849 invoked from network); 22 Jul 2020 01:13:55 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.134]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <model-t@iab.org>; 22 Jul 2020 01:13:55 -0000
To: Watson Ladd <watsonbladd@gmail.com>, Carsten Bormann <cabo@tzi.org>
Cc: Eric Rescorla <ekr@rtfm.com>, Mirja Kuehlewind <ietf@kuehlewind.net>, Martin Thomson <mt@lowentropy.net>, model-t@iab.org
References: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com> <1164022876.4302.1594630518489@appsuite-gw2.open-xchange.com> <004e5fc9-e284-4c84-8a3c-7872ceb1d20b@www.fastmail.com> <a5838569-2b93-e982-1c9f-df773456c494@huitema.net> <CABcZeBOjcSJAt4G3q87ew3UNrLS2YkSN-+=TTUm6RVW22jfaLg@mail.gmail.com> <8d7b79d6-22f6-2212-d3c1-9b6580cea009@huitema.net> <825777D0-B098-466F-A832-BC7CAB01A9F9@kuehlewind.net> <012A2EDB-4F72-4FE3-8B43-08ACB858BF95@tzi.org> <CACsn0cnWy-mphcGBL3dhyshoFCTkbzp9=FERz27Xa3iozgK1qA@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <a1b1781d-e410-698a-51da-045d4451bb31@huitema.net>
Date: Tue, 21 Jul 2020 18:13:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CACsn0cnWy-mphcGBL3dhyshoFCTkbzp9=FERz27Xa3iozgK1qA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------DCF8066DB6EE789957DCBECA"
Content-Language: en-US
X-Originating-IP: 66.113.197.169
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0bN4ZX/cCaR95pQ7tQtUF1ypSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDXz6Yli32IJdAuJ3ivsC2SsRX qYbtEQV1z/L435ZRxFRVSs3ZvwCZTqSIL6ppxqyB+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxph9w6EwXICYy0ePXtGEMhqr40RKF+RjK8XobiMUkDMcvGU6UgOqKJ9sMwhVoOBGSAIboXtx P9OF0EfNs5TqNq2Yhy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw 5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf BaU/iegBU8a4JeFQEdnPQhC+43fvoyFcFjD271QKpJbBQfY1omPe3z3SufOdwm+zX4yHNlPE0pP2 ie80q3LAG2MiIaIREzT1xNjuO97khcUFBr/guEWv1bdCp3Zd9clP8wSiJZWbJCj+xRrjVmRxpGtS cvUmgj1L/oyUUx5zj9py/kWSdngabV2jZAOanSBpz6Rja2u/0jLGYCt1qOvDlpEdRRdHmbbYznNl +uMAf3vUHiAg/YD+KPysta6u1iHEyuS7GD1uvco67wg2vRPR/JQ1z0J20dDyJOYIJd4MvQ0Nf4Ec bvHO1diDanHV9KirFAIIecsyj+YNTo81GR+jDXFsz/ZQnbbTizvwlZsrbltGiZoUh+c+5pFVgpT1 b21uZVckGp0ccOa2XhkGbmsUNPNkere1WheNsVXmhO8BzADiszcWR9bz/SDtF09JpSbuuCeiIDK0 C/0=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/RKE3lZYO8_jl5BWhoFZQ72aRbf8>
Subject: Re: [Model-t] draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 01:14:05 -0000
On 7/21/2020 5:01 PM, Watson Ladd wrote: > On Tue, Jul 21, 2020 at 11:30 AM Carsten Bormann <cabo@tzi.org> wrote: >> On 2020-07-21, at 16:02, Mirja Kuehlewind <ietf@kuehlewind.net> wrote: >>> I agree that the even bigger problem is that the user looses control about its data as soon as the data has left their own network and devices. However, that doesn’t mean it is not important to have some control or at least visibility about what data leaves your network. I would say the opposite is the case. The solution to the problem about how your data is maintained is probably regulatory >> Yes. The interesting question here is what kind of protocol support is needed to support a regulatory framework. Доверяй, но проверяй. >> >> For instance, I would like to be sure that the data my electricity meter is sending to my electricity broker is what it is supposed to be, and not anything else, whether for criminal intent or gross negligence. I can just trust my electricity broker and the electricity meter, and I have to trust the broker anyway once they have their hands on the data. But with respect to what data is leaving my house, it would be better if I had some visibility. >> >>> or could be “just don’t install a cloud-backed camera”. Instead, you could probably use a camera that connects to your own gateway to provide this service. However, in this case I really want to make sure that camera really only connects to my gateway and does not also streams the video to the cloud or the police (not even occasionally). At the same time, I guess I still wouldn’t want to block all traffic entirely because I still want to make updates and such. In the end it’s a matter of trust and I might actually trust an independent third-party more than the various IoT companies. >> Any reasonable model needs to be able to enable доверяй, но проверяй. > If by reasonable you mean requiring one of several extremely > complicated tricks to ensure data can be inspected without revealing > it in plaintext, then this is "reasonable". Preventing subliminal > channels is extraordinarily difficult. Recently, I had a discussion with Paul Vixie about the "LeakyPick" tool (https://arxiv.org/pdf/2007.00500.pdf). Researchers at TU Darmstadt, INRIA and North Carolina State develop the tool to audit Internet connected microphones like Alexa and its competitors. The tool would play prerecorded sentences in front of the microphone, and see whether the device picked a word as a keyword. They would verify that by looking at the encrypted traffic coming out of the device. If the device did not pick the keyword, it would not send any data, but if it did there would be a burst of traffic. Encrypted traffic of course, but the activity could still be detected. Paul's point was that yes, this could be detected now, but there is no guarantee that it could be detected tomorrow. If they know they are being watched, device developers could start adding counter-measures, like cover traffic. Indeed, doing just that became standard for audio conferences after attacks where published that detected silence-voice transitions or length of phonemes in the encrypted traffic. Now, voice codec just send at a constant bit rate, independent of the variations in speech. The point is that we may have ways to inspect traffic today, but that does not guarantee we will be able to keep doing that tomorrow. Unless of course there is a clear requirement that devices can be audited -- and we need regulations for that. -- Christian Huitema
- [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Vittorio Bertola
- Re: [Model-t] draft-thomson-tmi Eric Rescorla
- Re: [Model-t] draft-thomson-tmi Russ Housley
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Eric Rescorla
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Mallory Knodel
- Re: [Model-t] draft-thomson-tmi Vittorio Bertola
- Re: [Model-t] draft-thomson-tmi Spencer Dawkins at IETF
- Re: [Model-t] draft-thomson-tmi Mirja Kuehlewind
- Re: [Model-t] draft-thomson-tmi Carsten Bormann
- Re: [Model-t] draft-thomson-tmi Watson Ladd
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Carsten Bormann
- Re: [Model-t] draft-thomson-tmi Colin Perkins
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Jari Arkko
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Eric Rescorla