IETF Logo Mail Archive

Re: [Model-t] Dependable, secure, flexible and extensible

Robin Wilton <wilton@isoc.org> Thu, 06 February 2020 13:00 UTC

Return-Path: <wilton@isoc.org>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 384FC12089E for <model-t@ietfa.amsl.com>; Thu, 6 Feb 2020 05:00:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vGiljncx5d-R for <model-t@ietfa.amsl.com>; Thu, 6 Feb 2020 05:00:42 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2082.outbound.protection.outlook.com [40.107.244.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB62120086 for <model-t@iab.org>; Thu, 6 Feb 2020 05:00:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l2Af65Rq3W7RsBQWBgyKgmgW3cOBTUZLThkRu52Xx6ZcPtlnzwVqautgeVLAjxdbqeATsA9t5UnItzYauHh1YCyXmf0bca04hvfT04cuJs2TodPu9HO9b0ygWxdbx0liLO2+zbLlXiJ3CrzW3haBUzQuD/f9ABQDqluv/BH+rKzbjk6vMFaoYZjn3Hq75xGvMSNC7qTkfd4osP1MwhMJHNOwbrDCr5JzcGrJOSRirTU7cjeMTuRkTnTlEOFMu8iUQBm5liwVWaJuarp1GawevOJWeTLsPsdb31zO/SHyxVVEjj+ReJNa8SRDs6SyfvjpCZgjsfIxOMmB5bqY7WP9zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IVVjQ9+Kgv1IgVZITikxq+G6s12i2NXs4+NUzirtw9I=; b=bdTrouHUsKhmnrnGu7Xtl0FPsLEtqED5uisKKyHLn16c/6nKF4mcMQgQAlMEJJFUA7MdBkzz+wFWgfUE9fJCh/C2TIpgQjTEy3lu6vhm7VrX50sN1EeBHL6B4+LEITCybjEY5FuxXcHbb2lxwO+pZzY71AkXjKlwz/dZY7uoCN/te2xyvxvfgQZIXDbnL7/MRbGSnxNt59bF84QYbeXJ+N4RcpxhBQw8y/eszcKH7rLOboKd7uMwy3iTi1rTSnWe+FF+svvQNiewxNsa8BuiBBeL8mjWaWMklLVCa+asgk3H2pSywIQTgilVLLo5+ML4E10LYGXv67poWV7wI82tlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IVVjQ9+Kgv1IgVZITikxq+G6s12i2NXs4+NUzirtw9I=; b=3jM4eI6/E6TAcKJueeNHlMRl/K24xmCCpdCZD+rGKzDwi7cxgN7tpxE6RAb3WBC/WmQ9v4rJ6+tTUoq6UG8g0zFqMkbupEeimle4wOLXFqUtOy+8cNcCQ9Sf0kgl8PT6mh4EnkYePUcdjG03UXrbyUQnW35PGg7fp9RR7KaPziQ=
Received: from BL0PR06MB4772.namprd06.prod.outlook.com (52.132.0.222) by BL0PR06MB4867.namprd06.prod.outlook.com (10.167.233.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.29; Thu, 6 Feb 2020 13:00:40 +0000
Received: from BL0PR06MB4772.namprd06.prod.outlook.com ([fe80::f0d3:21c8:5720:a272]) by BL0PR06MB4772.namprd06.prod.outlook.com ([fe80::f0d3:21c8:5720:a272%3]) with mapi id 15.20.2686.036; Thu, 6 Feb 2020 13:00:40 +0000
From: Robin Wilton <wilton@isoc.org>
To: Carsten Bormann <cabo@tzi.org>
CC: "model-t@iab.org" <model-t@iab.org>
Thread-Topic: [Model-t] Dependable, secure, flexible and extensible
Thread-Index: AQHV3EpwbppLGBIeZUGu6OP+Pkupa6gNClCAgAEX94A=
Date: Thu, 06 Feb 2020 13:00:39 +0000
Message-ID: <9FFB8840-834C-499D-8762-B696E90B1B84@isoc.org>
References: <mailman.108.1580846425.26583.model-t@iab.org> <7C14F920-23F4-407B-8BDC-55ABE6902DEB@isoc.org> <A7700390-3FE0-41BB-97B4-54EADB3FF009@tzi.org>
In-Reply-To: <A7700390-3FE0-41BB-97B4-54EADB3FF009@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org;
x-originating-ip: [194.35.233.111]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 852e385c-1108-4674-49f5-08d7ab04914e
x-ms-traffictypediagnostic: BL0PR06MB4867:
x-microsoft-antispam-prvs: <BL0PR06MB4867D410948E5AC766A18610BF1D0@BL0PR06MB4867.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0305463112
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39840400004)(366004)(376002)(396003)(136003)(346002)(199004)(189003)(6486002)(5660300002)(6512007)(316002)(4326008)(478600001)(8936002)(8676002)(81166006)(81156014)(71200400001)(6916009)(6506007)(53546011)(26005)(86362001)(186003)(2616005)(33656002)(36756003)(2906002)(76116006)(66946007)(91956017)(66616009)(66556008)(66446008)(66476007)(64756008); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR06MB4867; H:BL0PR06MB4772.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Itb7I7uFMh4da9O7FVnVhiqZZNMHtvBQ2lFmdNlTLM2HdmK1EYKO5Dg1Vv+7ks6W7wTRqJh684gsfdtP6ICow0aFhXutGJfid4EsXZQV+O26r458n8LcJvqQ5t1I56aC8DeudLDxTpJJsrM9R5cjQBUhzlDZa7YOQbnONL9kLPvYhDSHR23Eg7bISJC9I+YbZrHvW4AU8CACQN0PPq+tvAHOPMtR0YzCJrfR+BMQ3AIN/SxcpJ0+oolz5eUqvU3QH5eaQX9pm9a/uP6omWfCcX/ZRExIIGi6m4tfdUWsj7Q1NKVO/jk3XnU88FjiiYVIPXKX+AGcw9TpsJuBMDqb6mIzp+L1F6AwlgbQQX05SwopwbyLhR97nPThdm5zaadsyu5+F835OvtUEwuMaCEYwHwnXq0i9TzjITuFfhAor2biRsBX9SisH1g9mfJj6wd9
x-ms-exchange-antispam-messagedata: lN8bXLg3tm+uq0pR1T4NUwcJGh/PrQW+1ilYLTyYHdcQBwd+OriofwHLHZOqVTroqF909hNmdmCT6p/wYgIdGsToPagvVLWrFK14x3k3RjVSMAQxfb7+CF3vrrNcdVo+kmvqCWoq8eGdmHb6SO1FoA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail=_F977C1C8-0407-4CAC-9541-741410300D50"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 852e385c-1108-4674-49f5-08d7ab04914e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2020 13:00:40.0001 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Gfek95puQdWmh7vUKftIGNLdr5v6tR69wlRvBSUIRVO7v8xzwh7aCVZh/fO6IFrL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR06MB4867
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/tOOhJIuRMLZDYlSH7w8tT8dRp08>
Subject: Re: [Model-t] Dependable, secure, flexible and extensible
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 13:00:44 -0000

Vielen Dank, Carsten - good thinking.

In which case, returning to Russ’ initial note and the question of scope: it seems to me to be appropriate for the threat model to include factors that are not *security* factors (in the sense of factors that deliver confidentiality, integrity and availability).  Now that I think about it a bit more: the CIA triad is usually applied to data rather than systems - and of course the confidentiality, integrity and availability of data depend on much more than the security of the system (application integrity, system integrity, system management, etc…).

Thanks again -
Robin


> On 5 Feb 2020, at 20:18, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2020-02-05, at 18:33, Robin Wilton <wilton@isoc.org> wrote:
>> 
>> "Dependable, flexible and extensible" might legitimately be considered as “availability” pre-requisites,
> 
> It’s the other way around, availability is a component of dependability.
> (A system may be available, but not doing the right thing, which makes it less dependable.)
> 
> Flexible (capable of doing things that were not expected by the designer) and extensible (enabling designing in things that were previously not expected by the designer) are certainly on the “do the right thing” side as well.
> 
> Dependability may require accountability, including third-party verifiability, in addition to the properties in the CIA triad.
> 
> Grüße, Carsten
>

v2.23.0 | Report a Bug | By Email