IETF Logo Mail Archive

Re: [Model-t] What are we trying to protect

Ted Lemon <mellon@fugue.com> Mon, 05 August 2019 13:50 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE421201EC for <model-t@ietfa.amsl.com>; Mon, 5 Aug 2019 06:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nqEQYrfw73Aw for <model-t@ietfa.amsl.com>; Mon, 5 Aug 2019 06:50:42 -0700 (PDT)
Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC489120228 for <model-t@iab.org>; Mon, 5 Aug 2019 06:50:40 -0700 (PDT)
Received: by mail-pf1-x441.google.com with SMTP id p184so39683379pfp.7 for <model-t@iab.org>; Mon, 05 Aug 2019 06:50:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yfpywPsNcQbOt6qtGAmXWkT2qYPWL+DsP9enEkOEXYY=; b=wmyHcNwsTK/Dp6h8EnYnJPRqJ2l2F1EC2B9Nl3unbcZst9IrAB1Ks4u9fATvLMZIS0 cGRIiKlPFhYLw2kMzfQ/LMNixsahF7ETeQpipZmSWg/J//fUijnq/DOL9OJsEECq5fqh T4Wi7em2SyHqApXTujBYzEFiHq003qNoyUIlhuA3bNnAvXM43URF39+eS/eTy2CYRGfb qyHQHP2kbyD3BA7vOy/3mCnO63hqnBULljUG/JSiO6TmZaCd/UmH6CMu12CEJCey7eaI yfuOdG2zoxcKlRGIXob0KmOwEZ9q5ZZyNbaCPki9adTshP95Rg6ZBMG3C7L/f4Rzu4tr 2Mlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yfpywPsNcQbOt6qtGAmXWkT2qYPWL+DsP9enEkOEXYY=; b=dJ68jiDGyLWLd1RrrAYrq6sLPCRgb24gvtuZlwIlVH4wPauroyrOPZgsIpiO7BNtfU j1IrAl6KbhP7L3uxVBpoJX2IM0Gl7ssuEQg0tfV2EBJ9F4942jMRpbdHKctnRVuZ7oaE rbqSsOn3NexmRHWtlOiV8VEL3V/bLl9RPkHQ4alk0nHAV5w2SDN+DNz03/nFOJKHSNOE uMExj06xNwL+tRqAAerJ2J2Z5Kqe8vCBvqRbwHwQahdy+BIrfYOywUAdLLBkZS/npgVa TW9IzxBreXKOsX+eKbltWCwtX0W8tGAdEOtJ9uoDShY9QNdBxJby+O++jfqdqgIIE7zu 9sBw==
X-Gm-Message-State: APjAAAVrZ5IYyUyhKuJcqoNt8EgHIFoxVUrlmn1B7FrPuWWL1X5rWOs1 xfEZar0v/xyBrbTCTZNdphHFtxXaVUU6kg==
X-Google-Smtp-Source: APXvYqzlFWi6+1yraGiMRmqPhboHbJ5pYbo5LUeq9Eh+R4r3heTL+UT3InwOLHWrr4uJaDXzEdql7g==
X-Received: by 2002:a63:2807:: with SMTP id o7mr107800957pgo.131.1565013040107; Mon, 05 Aug 2019 06:50:40 -0700 (PDT)
Received: from [10.20.10.78] ([12.217.162.130]) by smtp.gmail.com with ESMTPSA id l44sm15245472pje.29.2019.08.05.06.50.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Aug 2019 06:50:39 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <f8782dce-970a-fb11-372b-bc122878308b@huitema.net>
Date: Mon, 05 Aug 2019 06:50:38 -0700
Cc: Eric Rescorla <ekr@rtfm.com>, Dominique Lazanski <dml@lastpresslabel.com>, Bret Jordan <jordan.ietf@gmail.com>, model-t@iab.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <ADAEE6C9-4974-4955-95E6-603B9A857BF9@fugue.com>
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <d253231a-d35d-e7c9-e3ae-5c7d7915566e@bluepopcorn.net> <06F0AE14-4413-4022-A804-C1B58E2702CE@fugue.com> <52BAC141-CB25-4072-B556-6325912F1ADD@gmail.com> <9a1555ca-6699-75f1-683e-2a3a2a539a11@cs.tcd.ie> <fbb6866d-87af-abea-42b4-8bb45959ea6a@huitema.net> <A8ABBBFF-9967-4F3B-974F-2DC5953D5DD9@gmail.com> <CABcZeBOKnaa7t3Nc=uq4sB2OQ+uKp=+_LHqX3bBBmpy3RY3dCA@mail.gmail.com> <86157132-D401-4033-A72B-AD4859DB6696@lastpresslabel.com> <CABcZeBPBy+6W-Yg4vMF1aCyNkE7XAJ81HaM75hKa--gRnpUVbg@mail.gmail.com> <f8782dce-970a-fb11-372b-bc122878308b@huitema.net>
To: Christian Huitema <huitema@huitema.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/aIuaHijP-wL02Waa6URr9nzAXis>
Subject: Re: [Model-t] What are we trying to protect
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2019 13:50:46 -0000

I think this is a great approach, Christian.   If we follow your model we should be able to start from what we know and avoid boiling the ocean, without inappropriately skipping some modeling that we actually need to do because it borders on our space, even though it is not itself our space.

There are a few other things I think we should do.

First, you may have noticed that I don’t actually show a clear understanding of what the goals of this effort are in my comments.   This is because I’m a security area consumer more than a security area producer, so I wasn’t in the saag meeting.  I saw Stephen’s mail go by about “security models” and thought to myself “excellent, we need that.”   That’s literally all I know about what the plan is for this discussion.   It would be good to actually write down what our goals are.

Second, I don’t think we all agree on how we want to describe threat models.   If there is to be an abbreviated form for describing threats (as opposed to natural English) we need to document what that form is in sufficient detail that IETF participants who are not SMEs can understand it, and hopefully even contribute.   I’m not saying we have to write an RFC, but at a minimum there should be a wiki that has the needed information.

I also don’t think we even agree on what we mean by threat models.   Of course we mean models of threats, but at what level of detail?   How close to the code are these models?  How general, or how specific?   This may all be obvious to people on this list who are SMEs, but I’m not, so for me it would help to describe what we mean by “threat model,” not because anybody here is unclear on the basic concept, but because I suspect we don’t agree on the particulars.

As an example, the models that Bret has described don’t seem as if they would be helpful to me.  This doesn’t mean that they aren’t right—it either means that I don’t understand them clearly, or that we simply have different requirements.   It may be that what I want is not what should be produced here—I’m not claiming otherwise.   But it would be good to get some clarity on that.

v2.23.0 | Report a Bug | By Email