Re: [Model-t] draft-thomson-tmi

Watson Ladd <watsonbladd@gmail.com> Wed, 22 July 2020 00:01 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57DF33A0843 for <model-t@ietfa.amsl.com>; Tue, 21 Jul 2020 17:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bz2GQY380RD for <model-t@ietfa.amsl.com>; Tue, 21 Jul 2020 17:01:27 -0700 (PDT)
Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3B8C3A0842 for <model-t@iab.org>; Tue, 21 Jul 2020 17:01:26 -0700 (PDT)
Received: by mail-lf1-x143.google.com with SMTP id u25so312945lfm.1 for <model-t@iab.org>; Tue, 21 Jul 2020 17:01:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XztR0oW4S+9dfNxn6ouV+/271REhNgyyGVtsL9G/biU=; b=KiDGryb8VgkncDyTohKB4LYlBurBla8PeWJl0/0MlmdxC7WGI24MW9xYxWEOI0y0Nz i89OL3Wjve1MoZkcVsnbPykel+o5OmeZGarsaAoqI7X5fwPRTLOVVqp1oyYUYq3EAQpm VnrB//rvkR1YaTH6Kuuf/tGsA99KkS1/s5QDoR+vRoizNl/MDOdtXlfbaXEt4G5Wb5Ns A2CR1dql9NSKe2f7DGyoZbaD62B8A+Xrz8CtaF7/CjLSc6Mgqe4C9c0QoLRgCXd5xm+c flZZZL0TUepLkG4Qbs94pJRZp+yrRltaKdpoFGb67CBqWw5+/HO1hyTXA/V0Yk7ja8qz GGvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XztR0oW4S+9dfNxn6ouV+/271REhNgyyGVtsL9G/biU=; b=gak/ZxlUaB4fRUJgp/vz1Jy19beJw2bAC3Q3jGgJrNSXmVVcLpPRvSy++oQSx8NGUm e6vwHXoAhPDpsHKpjUZ/GeBQtdfBofxsYsGmHmuoy+QMgl2r0N/cFdzs+Em/xwOu+Fus hz05BI7e6sAZQCPf9GHU0C60Tzyz/zxXCgw0y8I9UbyPgHc/lAMM1z0Kd4+IFGv0NsgX E6uOLTHc+5xlMl6n24HDtekaLolgx+cJ2fdEEK+Ds2qhI8QIiduSBzxmrqH6Je+gbKoa JiD1znZNjITLMEuD7OZsf1qgg6JolulFAEnRHdyAi2v57ubAlx9Kh5e3jbJLknKddFrE iJIA==
X-Gm-Message-State: AOAM533pgznjpteXuQ7hoctK7ZhdFmXgocHRP6ytIrcjvPq8XEb1GeOz Qh9OVWRgmPc2oAesdRBHZANc8Uh331lYs5MGdLY=
X-Google-Smtp-Source: ABdhPJy9o/pdKFj1ifL0fpodV2izCj/9tlsUA+6yK4tXvoirUI7GBu8Ud2+UDNx2XUno30W3cRfzwFKeMDf3sRXpzYA=
X-Received: by 2002:a05:6512:3249:: with SMTP id c9mr14732121lfr.216.1595376084612; Tue, 21 Jul 2020 17:01:24 -0700 (PDT)
MIME-Version: 1.0
References: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com> <1164022876.4302.1594630518489@appsuite-gw2.open-xchange.com> <004e5fc9-e284-4c84-8a3c-7872ceb1d20b@www.fastmail.com> <a5838569-2b93-e982-1c9f-df773456c494@huitema.net> <CABcZeBOjcSJAt4G3q87ew3UNrLS2YkSN-+=TTUm6RVW22jfaLg@mail.gmail.com> <8d7b79d6-22f6-2212-d3c1-9b6580cea009@huitema.net> <825777D0-B098-466F-A832-BC7CAB01A9F9@kuehlewind.net> <012A2EDB-4F72-4FE3-8B43-08ACB858BF95@tzi.org>
In-Reply-To: <012A2EDB-4F72-4FE3-8B43-08ACB858BF95@tzi.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 21 Jul 2020 20:01:13 -0400
Message-ID: <CACsn0cnWy-mphcGBL3dhyshoFCTkbzp9=FERz27Xa3iozgK1qA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Mirja Kuehlewind <ietf@kuehlewind.net>, Eric Rescorla <ekr@rtfm.com>, Christian Huitema <huitema@huitema.net>, Martin Thomson <mt@lowentropy.net>, model-t@iab.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/gJevbp09DQ6CpWc5l_I4XVflV14>
Subject: Re: [Model-t] draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 00:01:28 -0000

On Tue, Jul 21, 2020 at 11:30 AM Carsten Bormann <cabo@tzi.org> wrote:
>
> On 2020-07-21, at 16:02, Mirja Kuehlewind <ietf@kuehlewind.net> wrote:
> >
> > I agree that the even bigger problem is that the user looses control about its data as soon as the data has left their own network and devices. However, that doesn’t mean it is not important to have some control or at least visibility about what data leaves your network. I would say the opposite is the case. The solution to the problem about how your data is maintained is probably regulatory
>
> Yes.  The interesting question here is what kind of protocol support is needed to support a regulatory framework.  Доверяй, но проверяй.
>
> For instance, I would like to be sure that the data my electricity meter is sending to my electricity broker is what it is supposed to be, and not anything else, whether for criminal intent or gross negligence.  I can just trust my electricity broker and the electricity meter, and I have to trust the broker anyway once they have their hands on the data.  But with respect to what data is leaving my house, it would be better if I had some visibility.
>
> > or could be “just don’t install a cloud-backed camera”. Instead, you could probably use a camera that connects to your own gateway to provide this service. However, in this case I really want to make sure that camera really only connects to my gateway and does not also streams the video to the cloud or the police (not even occasionally). At the same time, I guess I still wouldn’t want to block all traffic entirely because I still want to make updates and such. In the end it’s a matter of trust and I might actually trust an independent third-party more than the various IoT companies.
>
> Any reasonable model needs to be able to enable доверяй, но проверяй.

If by reasonable you mean requiring one of several extremely
complicated tricks to ensure data can be inspected without revealing
it in plaintext, then this is "reasonable".  Preventing subliminal
channels is extraordinarily difficult.

>
> Grüße, Carsten
>
> --
> Model-t mailing list
> Model-t@iab.org
> https://www.iab.org/mailman/listinfo/model-t



--
"Man is born free, but everywhere he is in chains".
--Rousseau.