Re: [Model-t] What are we trying to protect
Eric Rescorla <ekr@rtfm.com> Sun, 04 August 2019 11:15 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4EDB120025 for <model-t@ietfa.amsl.com>; Sun, 4 Aug 2019 04:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vr2-vD8y9Vp9 for <model-t@ietfa.amsl.com>; Sun, 4 Aug 2019 04:15:14 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B06E120041 for <model-t@iab.org>; Sun, 4 Aug 2019 04:15:14 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id 62so51019253lfa.8 for <model-t@iab.org>; Sun, 04 Aug 2019 04:15:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mrV8LPslxQFFtyVzbUxzDOvJsqCFg7l6bdw1KJkEJls=; b=lDEngg55a9uMyhVla6ZbPps8TV96Gq2WyD2zuXLNUiizjh55pawt8Hh+nMkjCvLQw2 r2PN/kcSQZXccmuYohETn5ebE3cMnNusQKNtfNfWO4dadspOICqQLHXeHNMF4pGbCE1u K4tw/4Q0oROvCouaJ9fyaanF0/ETBE/zZrsbS0lRqnHppmcsr1iSAKZNKw1eTzv7fXM0 mx4KFUqFlw72THXO10NTaWSDrUDlwvCEuhll75wrS9nMeVg0Q7Qi0DLVuOQkYfkE2GR7 sYesiFRseUTN2ucfNF6JiILLDJSWt13T+cEa3IVxRoHyrasY43rgH/mufOA8oRcNe0MM +I7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mrV8LPslxQFFtyVzbUxzDOvJsqCFg7l6bdw1KJkEJls=; b=AlQlDv7MDOyWiaAPMIucvem+HyhtCZx7PJmx3lGf5f4qmZK0K+Z0v5OACYHN7r+f8q 5gyXBcg4KmxYKWVEdqnrTXg9K26BLSpwLnCsjpsb87K9R6+DGagC1R3Hav1vP809MeyL EYJBxQ6A3A0XTyWO4/1kHcQJk/QevxSjGk14LFvOl8rCR8rxQnmAmQtcZPWDbEK225vh Il4rcthEVq75LX8Cpz9OP5szr/cNilZTk9k9Z8T4KEneC9Adplwy5X56OogyDAJK5BsE j4Wv8IUYw/udoMILpOcG3F9lxX/XRjkNeOfG/G1S3CAz3JYAPzfSi6JedPLKMz5F5bEf OQZQ==
X-Gm-Message-State: APjAAAUrQIU2DCXkDMc9hsYZyC/iKWsxr4vjbbWeOU5bBJd+q4yRna8O 2eq7gTIcqQdbvodk6eTawQLZkyk/XsuzWNsDT2s=
X-Google-Smtp-Source: APXvYqwGFcZ75XH6RhDJrQpfznzEV3cA4tofrDPJZy/e5MdJkWQNFGOs050e5vbloInGm7Y7ZppwLNmTABqwvxpi1KA=
X-Received: by 2002:ac2:5336:: with SMTP id f22mr66444770lfh.180.1564917312763; Sun, 04 Aug 2019 04:15:12 -0700 (PDT)
MIME-Version: 1.0
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net> <06F0AE14-4413-4022-A804-C1B58E2702CE@fugue.com> <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com> <9a1555ca-6699-75f1-683e-2a3a2a539a11@cs.tcd.ie> <fbb6866d-87af-abea-42b4-8bb45959ea6a@huitema.net> <A8ABBBFF-9967-4F3B-974F-2DC5953D5DD9@gmail.com> <CABcZeBOKnaa7t3Nc=uq4sB2OQ+uKp=+_LHqX3bBBmpy3RY3dCA@mail.gmail.com> <749d5645-f134-13ac-595e-fc8360b050fa@cs.tcd.ie>
In-Reply-To: <749d5645-f134-13ac-595e-fc8360b050fa@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 04 Aug 2019 04:14:35 -0700
Message-ID: <CABcZeBOvKZLMJxFza=aRRykEQSjNXG3WH4wtoWYmjuyEKenzXQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Bret Jordan <jordan.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>, model-t@iab.org
Content-Type: multipart/alternative; boundary="00000000000087cff8058f48b4a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/VpuORbHlBTLEkYuSouBmPFW0Wbw>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Aug 2019 11:15:17 -0000
On Sun, Aug 4, 2019 at 3:37 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 04/08/2019 06:08, Eric Rescorla wrote: > > his seems like a reasonable problem statement for the overall problem of > > computer security, but not really for IETF. > > > > To take a concrete example memory reading attacks like Spectre are a > threat > > to user data and something that browser vendors spend a fair amount of > > energy working on, but they're mostly not in scope for IETF [0]. There's > > nothing wrong with that, it's just division of labor. > > I tend to agree. > > OTOH, one might also wonder if such attacks are or ought be > considered in NFV and similar things. Such wonderings could > I think be useful, even if the answer is maybe that without > the flexibility of JS a successful attack in such a scenario > seems unlikely enough to not have to (currently) bother with. > That's true in the Web context, but not in other contexts, such as virtual hosting. Indeed, cross-VM attacks go back even before Spectre, at least to, Ristenpart et al. 2009 https://hovav.net/ucsd/papers/rtss09.html. On 04/08/2019 10:09, Eric Rescorla wrote: > > - Compromise of the WebPKI would obviously be very bad > > for many protocols the IETF has designed, but the management > > of the WebPKI is done by CABF, not IETF. > > That's also true, but nonetheless the IETF did document CT > as a direct result of the WebPKI CAs doing a bad job wrt > mis-issuance risks. So while "replace CABF, because <X>" > would not be a sensible outcome of this discussion, it's > reasonable to not consider the current WebPKI as a fixed > unchangeable thing, for the purposes of this discussion. > i don't disagree with this. My point was merely that this is an example of deciding that certain technical work was out of scope. -Ekr
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono