Re: [Model-t] (meta) Trust, and threat vs vulnerability models
Robin Wilton <wilton@isoc.org> Fri, 14 February 2020 17:53 UTC
Return-Path: <wilton@isoc.org>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF5F1209CD for <model-t@ietfa.amsl.com>; Fri, 14 Feb 2020 09:53:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOSS_6sn3BCv for <model-t@ietfa.amsl.com>; Fri, 14 Feb 2020 09:52:58 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2051.outbound.protection.outlook.com [40.107.223.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D3831209AE for <model-t@iab.org>; Fri, 14 Feb 2020 09:52:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZAR3iUOjZMi0fPuuVNQ2JZoBkyGq77iPUa/HFTO6VQdLE7kxk3TrRtVxaw3MkYxkXCmEaGW+s89fBcwWu5ZgxZzquf6Uf1cE0YH6NhWG8efEbCOGeyOBC7ehfloU8dH/LMgspZBTgVDbQnyhGhFHyiPLsh16i6lP/1gZFp/JJVH9dDrKewJ4F5kiaPqySJEIT2WnvDzrYkxTGquVqGDuqp3t0iiQgpTdpwsm8Z1Jr61gp8tCnVo6WPth/yjmVGSJYP/ktZBEeXDsVxl8WQSA0crjssCHcm5pt54143wq6SUPoYi/VfxTkWGS4+fJBttNtGlKIUFQx8s88C6tS9YVNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WQUt2rPu4sBVFT17eUYBCZuXhcsvlts5FTw9FV2vq7k=; b=MFc/Ak2f0mt5ZawZBuJ7SzqwIIyN3CAyNuqwKUli9HRDHD8zWRGRW1Yeakreko65/UOFZX7Ie8qLXFYXJFPh2IHs+vM1aiJWNfdXEKkinYRbThHU1nvEun5kH2oj3NFZ3fvtz+YgqkP7OoOIw5m5ixY7G6DNwMtB3FY+HV8HB5KwuIpTwbhif11Y4P8aISuu1cTCsAeZpl/8nUZNfHXtGl90L7NRlk6BHmh65NaZNroJiqYBKhEngEiU+x3rAZOMsXH4l/Ob9e2UtIcE1aNlbM3XBF86Bx3QJcW/sUJk+c/ET9NqfARrTW4Q7NA8PU+38+Ism6yL7oxc+ZM9CcuHnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WQUt2rPu4sBVFT17eUYBCZuXhcsvlts5FTw9FV2vq7k=; b=Zxw26ODmlQH2VkhADrE8p3ylZ0HGRE+kMsi/CRMk1IJ4d/X9d4Ph04yG8tM4Y6YRyO8wa2pF9WSEvHEldhMG5LEjLDnPoaDuHL/XZUHytuX6GodTvCt8BMu6OV5MthiAl39rUa54la4te1M6fQ1ry2hi8wcL1jQpW3V1XTtMgCw=
Received: from BL0PR06MB4772.namprd06.prod.outlook.com (52.132.0.222) by BL0PR06MB4978.namprd06.prod.outlook.com (10.167.240.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.25; Fri, 14 Feb 2020 17:52:51 +0000
Received: from BL0PR06MB4772.namprd06.prod.outlook.com ([fe80::f0d3:21c8:5720:a272]) by BL0PR06MB4772.namprd06.prod.outlook.com ([fe80::f0d3:21c8:5720:a272%3]) with mapi id 15.20.2707.030; Fri, 14 Feb 2020 17:52:51 +0000
From: Robin Wilton <wilton@isoc.org>
To: "model-t@iab.org" <model-t@iab.org>
Thread-Topic: (meta) Trust, and threat vs vulnerability models
Thread-Index: AQHV41+TsINb5mF2M0KbnzWDzeIYSw==
Date: Fri, 14 Feb 2020 17:52:51 +0000
Message-ID: <2571A4DB-05F7-477D-A244-B53193C15BD9@isoc.org>
References: <mailman.804.1581694262.25531.model-t@iab.org>
In-Reply-To: <mailman.804.1581694262.25531.model-t@iab.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org;
x-originating-ip: [37.120.149.100]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c8eef68-d58b-45d7-239e-08d7b176b629
x-ms-traffictypediagnostic: BL0PR06MB4978:
x-microsoft-antispam-prvs: <BL0PR06MB497818D7C151B97D33E228BBBF150@BL0PR06MB4978.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3513;
x-forefront-prvs: 03137AC81E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39840400004)(396003)(346002)(136003)(366004)(189003)(199004)(6916009)(6506007)(186003)(5660300002)(966005)(478600001)(33656002)(6486002)(26005)(66574012)(53546011)(36756003)(8936002)(91956017)(6512007)(81156014)(2906002)(86362001)(66616009)(76116006)(316002)(66946007)(64756008)(66446008)(66476007)(2616005)(8676002)(81166006)(66556008)(71200400001)(170073001); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR06MB4978; H:BL0PR06MB4772.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sfnN8obceU1ZkNwutWEllWXyYXnlb2Bu49giJd+/3LdRpy1/2YsOEPJ86A5PzhveWGD7EmSUQehC62byBJ+XhOmQMlFdlhuCx566KcO+e1T9rrfw7AC3V0jWTTLaRV2zfWGkt942YFHQdX4+xFPDy7zgrjXl8NWQOMCIsuJA1V4Nq2oMWGzchV6L+0Bm0A3r8yeGZ+croam3aXykCsUAlmDfvk+nW9BlJt69f2+Nb8SrNaMz0akM8EvOJDrh9YcUKrj8is++mBmIJTD+OZHjm2+Z0KwM3Fh5/hHyldxxFSqwG6MS1gw/KShr24c3fHpaumfp8hHRUDl6EiXfeRguZgWO7uqjW1ROxQt0Q1bC32h/XgLLPq+WL/JNoq9M17heLmfQSRiWM49xyvf+aE+wH79S0hdGliSMerM6HW+WwFVkaOnvDtNAf4axY6uVNvOe4blL2aCw5C/AzOm0zAXLpaJ/Xy9BTlbEYwfQ2hYLiAI40Zz+H/06a341FsMsAghtuJXhvMy/W5hyYl7uFjAoAmUascCtrI7LNu8ITYEOxOApZpvjJnCuUR3BLQ9RRhfY
x-ms-exchange-antispam-messagedata: 74iTq2gsBeBeHE436iNME/t0kXDUjlcAbr0n+x5eUh6JtKhhwdl0UAb9TbbUownLXNAbV125RHgj/t8ztSx0MiCkALHVbvnEP9/q5WGZvNtyZjTobGd/VdH+E9cOEPzavrIBW6/eRTUw8+3j7IlKfQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail=_C60204CA-3788-4ABC-A812-E195F700DBDF"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c8eef68-d58b-45d7-239e-08d7b176b629
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2020 17:52:51.4832 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4iTJxdQ51Rmvn+IF2ewJuE4ufrYrrcG/wdusBD4TdOT+sA23TV335voVXE43RK+x
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR06MB4978
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/WzqUBZyIMRj3SN3WqDhFO4ltLVk>
Subject: Re: [Model-t] (meta) Trust, and threat vs vulnerability models
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 17:53:03 -0000
As promised, here's an attempt to capture what I think we were edging towards in the exchange between me and Dirk. I’m hoping this will help us get to consensus about the scope and purpose of what the group will work on. I appreciate the misgivings EKR expressed about scope, and about whether we are actually talking about anything new, here. I think that may be an inevitable consequence of framing this as a “threat” model as opposed to a vulnerability model. The former, in principle, is a non-finite list, whereas the latter can be finite... so we may be talking about a never-ending list of emerging threats, but they might all target existing vulnerabilities which are known, understood and mitigated already. Maybe the most useful goal of this group is to work out the fastest and most reliable way of telling whether or not that is the case. So, we might formulate a question like this: "does a shift towards information-centric networking change the reasons why I should or should not trust the network to behave as I expect?" If you change the things I rely on when I'm making a trust (or security) decision, you change the threat model. So, for instance, I used to trust intermediary network nodes because they were dumb, and therefore didn't expose a useful attack surface, but now those network nodes are doing more processing, are participating in an ICN reputation scheme, and could potentially be gamed to my detriment. They embody vulnerabilities they didn’t embody before, but which might be known and understood in other contexts. The ways in which an adversary might exploit the intermediate nodes has changed, and I should no longer rely on the reasons I used to rely on, when judging whether those nodes will behave as I (still) expect them to. So then, in practical terms, we might want RFC authors to think as follows: - Nodes of type x used to be dumb, but are now functionally rich; this has increased their attack surface, but the resulting vulnerabilities are still: - data exfiltration - alteration of data in motion - denial of service … and we already have design patterns for mitigating those vulnerabilities from other comparable use cases… Or… - Nodes of type x used to be dumb, but are now functionally rich and participate in reputation schemes that can be gamed so as to modify the network's behaviour; this gives rise to a new vulnerability: - manipulation of service levels … which we have not had to mitigate before, but which could be mitigated by doing z. I hope this is useful, Yrs., Robin > On 14 Feb 2020, at 15:31, model-t-request@iab.org wrote: > > Send Model-t mailing list submissions to > model-t@iab.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.iab.org/mailman/listinfo/model-t > or, via email, send a message with subject or body 'help' to > model-t-request@iab.org > > You can reach the person managing the list at > model-t-owner@iab.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Model-t digest..." > Today's Topics: > > 1. Re: model-t webex chat - Friday Feb 14th 1600 UTC > (Stephen Farrell) > 2. Materials for tonight's call (Jari Arkko) > > From: Stephen Farrell <stephen.farrell@cs.tcd.ie> > Subject: Re: [Model-t] model-t webex chat - Friday Feb 14th 1600 UTC > Date: 14 February 2020 at 12:45:15 GMT > To: Jari Arkko <jari.arkko@piuha.net> > Cc: "model-t@iab.org" <model-t@iab.org> > > > > Hiya, > > That agenda seems fine. We can agenda-bash on > the call as needed. > > We can use this etherpad [1] for notes. If > someone's willing to help take notes, that'd > be great. > > Cheers, > S. > > [1] https://etherpad.ietf.org/p/model-t-valentinessday > > On 13/02/2020 13:17, Jari Arkko wrote: >> How about this for agenda for tomorrow? >> >> 1. Introduction (Stephen) >> 2. Getting organised as an IAB program (Jari) >> 3. Technical discussion (all) >> - analysis of threats >> - recommendations for threat model update >> - other issues >> - draft updates >> o draft-arkko-farrell-arch-model-t-02 (Stephen) >> 4. Any other business >> >> Jari >> > <0x5AB2FAF17B172BEA.asc> > > > From: Jari Arkko <jari.arkko@piuha.net> > Subject: [Model-t] Materials for tonight's call > Date: 14 February 2020 at 15:30:38 GMT > To: "model-t@iab.org" <model-t@iab.org> > > > Our main discussion item will be around drafts and people’s thoughts and issues. But for the other part, administrative, agenda, and organisation, there are a couple of slides: > > > For the drafts that we know of: > > https://tools.ietf.org/html/draft-arkko-farrell-arch-model-t-02 <https://tools.ietf.org/html/draft-arkko-farrell-arch-model-t-02> > http://www.ietf.org/internet-drafts/draft-lazanski-smart-users-internet-00.txt <http://www.ietf.org/internet-drafts/draft-lazanski-smart-users-internet-00.txt> > > See also some other work that’s related but maybe not directly on point in the references of the above two drafts. Other contributions & discussions of your thoughts are welcome! > > Jari & Stephen > > <model-t-org.pdf> > > Model-t mailing list > Model-t@iab.org > https://www.iab.org/mailman/listinfo/model-t
- Re: [Model-t] (meta) Trust, and threat vs vulnera… Robin Wilton
- [Model-t] ICN as an example (was: Re: (meta) Trus… Stephen Farrell
- Re: [Model-t] ICN as an example (was: Re: (meta) … Benjamin Kaduk
- Re: [Model-t] ICN as an example (was: Re: (meta) … Robin Wilton