Re: [Model-t] Small sub-team for drafting - volunteers?
Eric Rescorla <ekr@rtfm.com> Fri, 02 October 2020 17:28 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD6D3A1678 for <model-t@ietfa.amsl.com>; Fri, 2 Oct 2020 10:28:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LwaiIYFRagb for <model-t@ietfa.amsl.com>; Fri, 2 Oct 2020 10:28:29 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E263A1677 for <model-t@iab.org>; Fri, 2 Oct 2020 10:28:28 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id y2so2794781lfy.10 for <model-t@iab.org>; Fri, 02 Oct 2020 10:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jd//lrz297j+GBG7ZCjotDLTZPeqYeO8cZuxhm0t6pg=; b=drHImxPIhErsicwtpycAllulrY4q+JV1/8JNTZMvm0k4WB5Dxt1Vpq8wAPqDvu4Zhi 4D6aN1UX5OlCuVMwturldbB/rv4Xiz3FhyNsg/O5LrRX5Z7ySB56eDjwB5WIEdg1xc63 DivIsLL5E89wP5u3Sx8PthkPyjyPI4fa7L7O9IJYthmBJD6DcfN0GFkWu2E5ddEwIfd+ JKEZ0yw1TiebADWDG9T9HHp1mquDBu4UXMZg4vpWc2z+aCT4SLfkGOIdrDZwvX0lnSB4 CMBxNgOsK7zskEyHVcV0Ocsv7Hxmk5Xd2ktl/WSHEZqTvnDDF1pFPfKJGqZFoFKmzkjj e6jQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jd//lrz297j+GBG7ZCjotDLTZPeqYeO8cZuxhm0t6pg=; b=r0x1gmMTuNsOZ9fgN++/RsGviTKe0fMvU+26+IE9xOK+bNMyMgDV+zn/O3+8iy7xOB 2Cym7zJZk5VqyxC2//k5bVSH5crGalmH5Nk2kAMYhRMCtcIfJaBVy4eiZApORHNWnc1u XUtKVKsJe8ZT7VCqoWPW4Tq3pStR5Vj4Ld8cUIeGvZgcNXN13fUBI032YJks0ci/Y+9y EhLx+fzGSW+XCSF5zgDVpFMWL52SCNZNlWgx8qqKRTMhz8UP48SyHjthZNsf0UmZF7eS qOFP38ZP224uuSZpU1kEKjxw9YX4Wfo45kKFHM5GedXEY0h6GblEJVgKHDVeRZhVkmKI ERLg==
X-Gm-Message-State: AOAM530oXeqoX/O981dQq/UkPGns0ZCTYykTXrjVPUqB/hs3XLC4p3bk jX6rjt+D0+KUwN7QcG/3oBwMc2V8PbnZl7Ak1GAbFA==
X-Google-Smtp-Source: ABdhPJz1oKPo4mLY+4A+tW4S3xlYatbD/2s42rhI+RnDLHYIAQ0deTAWQDXP+5D7E7HA+8oazR3xuNYbyafTbGNWpDI=
X-Received: by 2002:a19:dd5:: with SMTP id 204mr1160881lfn.579.1601659706692; Fri, 02 Oct 2020 10:28:26 -0700 (PDT)
MIME-Version: 1.0
References: <010401d69343$5f616a80$1e243f80$@mcfaddencentral.com> <7C9C7C50-B26A-44C7-A33D-CBA89969B972@piuha.net>
In-Reply-To: <7C9C7C50-B26A-44C7-A33D-CBA89969B972@piuha.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 02 Oct 2020 10:27:50 -0700
Message-ID: <CABcZeBN6xfpSXqrZc6cXwjs-xwnBWsZY=LV1-0gqzoY8OD5+SQ@mail.gmail.com>
To: Jari Arkko <jari.arkko@piuha.net>
Cc: mark@mcfaddencentral.com, model-t@iab.org
Content-Type: multipart/alternative; boundary="000000000000de5cc405b0b375a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/cWbBeJACgqPeiC4DHhiyvDIhxJY>
Subject: Re: [Model-t] Small sub-team for drafting - volunteers?
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 17:28:38 -0000
On Tue, Sep 29, 2020 at 2:24 PM Jari Arkko <jari.arkko@piuha.net> wrote: > I’m sitting here and scratching my head about possible ways to go about > this effort. Let me propose a straw man and see if people agree. > > First, off, re-stating goal of the exercise: work through example(s) to > show a chain from (1) specific security threats to (2) general guidance > that can be derived from them to (3) how such guidance would potentially be > useful for protocol designs. In a way that they could take it into account > and design something better. Non goals include going through more than a > single or a couple examples, or attempting to boil the entire space. Just > an example so that we can show some of the work can be useful. > > Everyone with me so far? If not, I should say that it is late here and > that you should let me know what the exercise was :-) > Not really. I don't understand what the objective is. To recap, the purpose of this section of RFC 3552; Section 3 is to document the threat model that people should be using to evaluate their protocols. The examples in that document are intended to illuminate that threat model. > But going on to examples. One might think for instance that you could > derive example fairly simple examples of the chain. E.g. > - specific threat: messaging systems where the system sees private > messaging between people, which may lead to e.g., a government attempts to > get them to hand over the messaging, commercial surveillance, or accidental > leaks > - general guidance: apply end-to-end security, avoid involving third > parties except for their specific role (e.g., message forwarding) > - specific technologies that can be designed to improve past designs: MLS > > Or: > - specific threat: mobile authentication systems being vulnerable to > attacks against SIM card manufacturers or the transfer of SIM card keys to > operators > - general guidance: limit the scope of compromise, and assume compromise > may happen anywhere. See draft-arkko-farrell-model-t-3552-additions Section > 5.1 (by Ekr and Chris). Or forcing active attack (S5.2) > - specific technologies: apply perfect forward secrecy in relevant > protocols. > > Or: > - specific threat: tracking of users in web browsing, for various purposes > including advertising, and using various methods > - general guidance: <various> > - specific technologies: <various> > These seem like they might be reasonable recommendations, but they don't seem to have much to do with the purpose of documenting the threat model. -Ekr > And so on. > > Are these the kinds of things that people had in mind? Or something else? > > Jari > > -- > Model-t mailing list > Model-t@iab.org > https://www.iab.org/mailman/listinfo/model-t >
- [Model-t] Small sub-team for drafting - volunteer… mark
- Re: [Model-t] Small sub-team for drafting - volun… Dominique Lazanski
- Re: [Model-t] Small sub-team for drafting - volun… Jari Arkko
- Re: [Model-t] Small sub-team for drafting - volun… Russ Housley
- Re: [Model-t] Small sub-team for drafting - volun… Raymond Mamattah
- Re: [Model-t] Small sub-team for drafting - volun… Jari Arkko
- Re: [Model-t] Small sub-team for drafting - volun… Henk Birkholz
- Re: [Model-t] Small sub-team for drafting - volun… Eric Rescorla