Re: [Model-t] model-t@iab.org list description
Bret Jordan <jordan.ietf@gmail.com> Sat, 03 August 2019 17:28 UTC
Return-Path: <jordan.ietf@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19C681200CC for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 10:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CWJMovIlAyu for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 10:28:17 -0700 (PDT)
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071E7120058 for <model-t@iab.org>; Sat, 3 Aug 2019 10:28:17 -0700 (PDT)
Received: by mail-pf1-x431.google.com with SMTP id r7so37576126pfl.3 for <model-t@iab.org>; Sat, 03 Aug 2019 10:28:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=VqIkvhPCUPotpeuI/ujkdltBfBzROL7ROW5aRY80Vh4=; b=Tin+5IjmUI0AczSb36jwPqSx86g3VPYroKVM3ZoDJontEvb0rMnc+Gjb31txxHxeG+ ebczFBi834SGro5IVdKSzn38vj5q58hVAgokcK/z5TTK8hcpWSPWUYV7eMxUfxkfcukY 5CytQkV2SIt5VDn501mbGLgIRQ3X44hqp0Cy0qS4JgfDmTWDEaf4JLMaUAINO8Y/Vdjb n6deRNokKfwJ24GT0g+PpFsQlGn8YVvCGGu2QuH/6Z7HYeuDqYVqazMoBe8wxBnE/TP2 ek3RnGQCq2btyR2QfxuttphdhxeqTJX1mUjv6sou7Z2sd+cVy+XXGdfuSVK1gssxbFy7 Oatw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=VqIkvhPCUPotpeuI/ujkdltBfBzROL7ROW5aRY80Vh4=; b=ELeoNRmpX1KNB2A0whgBpEPV2eou+DDyEjfBT02IM2RPRd6Hplh3uqFBS9UDQY3s49 0Zb28vOL7wawPcyv7jB7eFIFZu2XBzMC2QkvuMMJaFQr2MKYslGrdH/fahpRFwnb/2Ju vBIFNya5t2YZI+13QriYJeUZgAhNfX4nU/8E07DN1JJtiDgFn6MNR1cR7Kodue58eDry jL5CilxUoX4UEEwVZf6fwMQEApoEcXTlVuKWZHZeJ7CLXJQzasyVIvHhTiidJr9M8pZN ubA4mq0FnMWt8qhSSPGT3K0P4pBPLvP/rLwj/fQrrw+r4IUtxGWYYGNQlI/njWV0iomY dwKQ==
X-Gm-Message-State: APjAAAWKYFc5+EccKzjiaOH1HzmtxAukb/5R7smVSDCtjW9d60TUPALI C3uM9a/CwE+5JQjsU4aB+T/M8sRf
X-Google-Smtp-Source: APXvYqxdlKbRTmrboUJEStWRUOLl9QkVkDkvTLR0dwU1W7wR56xivh34FbVKyYq/pe4Dfp6uwyD4hg==
X-Received: by 2002:a17:90a:214e:: with SMTP id a72mr10525982pje.0.1564853296524; Sat, 03 Aug 2019 10:28:16 -0700 (PDT)
Received: from [10.128.64.149] ([136.60.227.81]) by smtp.gmail.com with ESMTPSA id h9sm72381635pgh.51.2019.08.03.10.28.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Aug 2019 10:28:15 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <69E0FEA7-5B7A-4382-B01F-5A2B9A526BBA@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8F23C831-8093-4E18-8253-22D6A4519548"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sat, 03 Aug 2019 11:28:13 -0600
In-Reply-To: <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net>
Cc: model-t@iab.org
To: Jim Fenton <fenton@bluepopcorn.net>
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/U7mMvr-gZtQrlXV2x0V1l25vI9s>
Subject: Re: [Model-t] model-t@iab.org list description
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 17:28:19 -0000
Jim, They are not specific attacks, but rather categories of attacks that could be executed by any number of threat actors. Some threat actors may have different capabilities or different levels of sophistication, but in general, these types of attacks are not specific to a certain classification of threat actor. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Aug 3, 2019, at 10:52 AM, Jim Fenton <fenton@bluepopcorn.net> wrote: > > On 8/2/19 9:24 PM, Bret Jordan wrote: > >> To borrow your words… “If we are going to take security seriously”… >> we need to understand and document the full attack surface. So let >> us start listing them out. Here are four. >> >> >> Attack: Active remote attack >> Exposure: Full compromise of system and data >> Client Knowledge: Potential indicators may be visible >> Protection Possibilities: Deploy both client and network level protections >> Headwinds: Client based protections are usually inadequate >> Severity: High >> Kill-Chain Phase: Lateral Movement > > [etc.] > > Perhaps we need to decide what we consider a threat model to be. I see > Bret's list as a collection of specific attacks (tactics), while I > consider a threat model to be at a higher level than that, e.g., whether > nation-states, or supply chain threats, should be part of that model. > > When I was working on the draft that became RFC 4686 (DKIM Threat > Analysis), Russ Housley gave me some very good coaching about how to > structure that. He suggested that it should describe: > > - The nature and location of the bad actors > - What the bad actors' capabilities are > - What they intend to accomplish via their attacks > > How do we want to define threat model? > > -Jim > > >
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono