IETF Logo Mail Archive

Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Thu, 05 January 2023 20:43 UTC

Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70363C15171B; Thu, 5 Jan 2023 12:43:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nbcuni.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mb7jWbIYiOPR; Thu, 5 Jan 2023 12:43:53 -0800 (PST)
Received: from mx0a-00176a04.pphosted.com (mx0a-00176a04.pphosted.com [67.231.149.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 410B1C14CE37; Thu, 5 Jan 2023 12:43:53 -0800 (PST)
Received: from pps.filterd (m0296268.ppops.net [127.0.0.1]) by m0296268.ppops.net-00176a04. (8.17.1.19/8.17.1.19) with ESMTP id 305Jhf6v023734; Thu, 5 Jan 2023 15:43:52 -0500
Received: from usushmgip004.mail.tfayd.com ([216.178.109.223]) by m0296268.ppops.net-00176a04. (PPS) with ESMTPS id 3mten5ctbw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 05 Jan 2023 15:43:52 -0500
IronPort-SDR: PEK0PqoMzGu5F/edQPlWDeZwTFvYsAC3GlF64re5yVBivbhdPnEk/roPJmTnuqahEEVHnKe2KK 763Kbb9h9iPQ==
Received: from unknown (HELO USHEXWP00026.mail.tfayd.com) ([100.102.151.159]) by USUSHMGIP004.mail.tfayd.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 05 Jan 2023 15:43:51 -0500
Received: from USHEXWP00028.mail.tfayd.com (100.102.151.161) by USHEXWP00026.mail.tfayd.com (100.102.151.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 5 Jan 2023 12:43:50 -0800
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (10.40.33.204) by USHEXWP00028.mail.tfayd.com (100.102.151.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24 via Frontend Transport; Thu, 5 Jan 2023 12:43:50 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hsCeqLzInrRfovtykk+jjq0h86XoD76stQ+8iCZ/aS5tNJUU+Kf/DTmEG6ym6MyBE0pNEL0AfxFX2XUC6N48sL7Qizz32A3DiUm+ggvi7zY/WNNTGi+039PG0WuvsWaltsakNYLpvZKlp+x4uj7ChvPs/JAlncAB+FQTdb8z1E5KZsibZVyfoCfqsz2YOor2c8HtHxkMzbuSc9mNVN1Fncc53JHcoer81qFBY3S+2OFVD9d8bzsCSjPsQtzmcFFKE5Q8ia5oYtp7cHxtPpnefucFDlOQDI9ueikEaL8vnoBMQQu+ejYdqrp8qPwLQdliMwzno1eCsZXMwwkW7FMsyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n/AGKf6ZUBRSIzUope1++LmpkzE6/SZP+rUIdWAwCmA=; b=GpkbGL8SPXE/Z/UukWwi1tXBFEnLw2NYhhKNVWtP5WA459awcg7QckeQb8DZJMruxDu1ikzKWULH6udVsLiawmbzSamLq99CEMb9zB5UyIucD/mRruOOB9JdlPceImFlmcjtmTpz7eC8hbzsB7woFBznvkvir5hLQmjnVFS/sW7pQrlYZ+1bhbP+iYOoFUsHy+dkycuiMULcBGUPS3uJhwcq7Ea4hux0yV8oDnjzCjacNpkDTmjI6FN2s3AcqZrn0IYnIN9iRjfI8RKdCgCz3O1ixeMz4Z3dpiPM5/eLzc++K28P6T3BBDvGLXeENp7MNSL2Nb7r9nuSAVrglG2Bvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nbcuni.com; dmarc=pass action=none header.from=nbcuni.com; dkim=pass header.d=nbcuni.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NBCUNI.onmicrosoft.com; s=selector1-NBCUNI-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n/AGKf6ZUBRSIzUope1++LmpkzE6/SZP+rUIdWAwCmA=; b=ASLRLdAU8UTf1m9C9C8lJ1ZcMqhFp1euhGLC4F7rMNlZ2akJUGmIjjYXq7Adx48Kq9oBSofUOoRK3qaR9bmCodtkm/O27Gz6lca0050PK65WoZte1CGmdFBP/fAOY/UtQ5QbXTCnkbjgqv+6fLhh2yFHMKDQQok57fpJIdhPFkQ=
Received: from DM4PR14MB5056.namprd14.prod.outlook.com (2603:10b6:5:39c::9) by DM4PR14MB7324.namprd14.prod.outlook.com (2603:10b6:8:186::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.9; Thu, 5 Jan 2023 20:43:49 +0000
Received: from DM4PR14MB5056.namprd14.prod.outlook.com ([fe80::7fa8:b71c:52a1:1924]) by DM4PR14MB5056.namprd14.prod.outlook.com ([fe80::7fa8:b71c:52a1:1924%7]) with mapi id 15.20.5986.009; Thu, 5 Jan 2023 20:43:49 +0000
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: Dave Taht <dave.taht@gmail.com>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
CC: Eric Rescorla <ekr@rtfm.com>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>, "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
Thread-Topic: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Thread-Index: AQHZIUZXb1atKCc/dEm21tqeJNhS5A==
Date: Thu, 05 Jan 2023 20:43:18 +0000
Message-ID: <DM4PR14MB5056A39F7CF98819EB061921E2FA9@DM4PR14MB5056.namprd14.prod.outlook.com>
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com> <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com> <9658281.42904.1672912808774@appsuite-gw2.open-xchange.com> <CAA93jw4TDG05oaqM_p24=oy+bPnyTbgPn1JNdvV1WGjR4+rcFQ@mail.gmail.com>
In-Reply-To: <CAA93jw4TDG05oaqM_p24=oy+bPnyTbgPn1JNdvV1WGjR4+rcFQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR14MB5056:EE_|DM4PR14MB7324:EE_
x-ms-office365-filtering-correlation-id: 6bd830c7-2234-4a3c-87cd-08daef5d8c3a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yxyxlMD2shinB2xb9A8iS6basLF24SdGkHmS0VK82dZ7erg4fFIbNXitBXh2JxHnlxI4Ndu0lSUyoEpIBrQS/sMPfMUzvOCNRmkqgffEeX24ngpq/iqFRrTZdhf4v4D1p14uO58F6WFKzilkmq4/LSd3bgNot+twxAb+tdjZL60bP51g8IzhKhGyxNlLWLiU3kBTJGOc/lqMYxuIVsBzSHiPoHr/Sth7iN2RKGu//trwtSXF/gvjLg6sMqKnypC606L8HN5xIfq/Qqy157Aw9ZY6MABQ2geFr3KjvXeqfJP7ikmVxb7IoKaopBhdIhoez5xJNIjzGRlVB75FnFz1OWx1fR2JVP9CXeTnAqMfKNezA53OJ+tHgnt9ON1sUQZQm39jPGrZ+KdcfIeZiqV7oAzq3OplaBsKr+ptV67y/evmefo2oGEWPIhMZKqiekpxGaztRmkyRiNiO0pTOQ1Ez29aC/9lNLVa+5i4FkTd6tp40522y2tULOf3cAW9S+j/ONXnxuIpxP5t0ZmdOPhICL3AlK3ZXAzN+KDEY1uOdT971wTZ5T8YounBd4Q4lSWh/l6AOa4eWiWlr1kR2/WTaC+F0ksj0nujPRREW8XqKxXW3msamA7SjPMVc+doYRuEHHMsoGFU7PTzXSSSRlmHcSR9DEI0a3K/Jj5q3Ejh3xbPQC619Ih1cZBWL14Hl9PSjMf/PYsdz8dh15UZnU5alw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR14MB5056.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(396003)(346002)(366004)(39860400002)(376002)(451199015)(38100700002)(33656002)(38070700005)(82960400001)(2906002)(54906003)(122000001)(316002)(110136005)(5660300002)(66446008)(8676002)(52536014)(66476007)(478600001)(91956017)(66574015)(41300700001)(66556008)(71200400001)(8936002)(7696005)(66946007)(76116006)(83380400001)(64756008)(6666004)(55016003)(6506007)(4326008)(9686003)(186003)(53546011)(86362001)(107886003)(66899015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: p/N/XsUNOihLsCrTeS9bC1V5/Es6c/ZlisFjmkx5/k9JqydrBZOsHPneJLvsvo9F6gi+0UUpcHXZSAbg3IIJ5qHukErku0j34JtW4BEKBxZRkCsA4c2FEkWiOpItUq6xbVpNymWJanJ4Bk8PDl80KMEHU/R0aOx4skDJpTtqhR1Kw2B4o/1eMD2hyq9dPHc6VlvEO7/DeTA28WntCOr2ghPgMJ8MYSRx7SYOlJW6cvYuAoS3CJS4vdLEGOPMI5+NblQ/js+M56NyhI4s3LGrH0CUbtbbPipCA5he6RibbeNb3h+u/BDKrqSoEFVPYUHvQ+ks6C6J5r2l1ExSR05uupeMA6i6mpNgC3nZe5P/WrW0RCXuHBX2wHnWuqWdWRrIkjptjY111cScXDPz3RwVnlnKFXAP753RNSQJ3IJPuUMF4WmipTpxz65rJ2moU6y56tv/m3PgNr8XfS0XrePWBif+YWq7dIzL5f/bG44nfTbyZx0fDqvDxXPID3UcO7hhIt7mK52rovRb2ZkPhsKuBzmZyH6b9BwNqI/5Ev3pBac7sUDlvOQfvEZNtC7IU9D2s0ik/T4WYkOV6GwbSCozOg4Dw3CuhiL952Yi4pnqsC2xSTJX7QKKsPHVtrcWoV9BuTBR69pNpvC1c3epDk2wGEkTJ79DBJlk9pxAHaqXlWiJB+C1j579H+YSfatyKybP7xWNs6zZgsjfCLd2Ra0m15dIeZ0eEhSKDQ3yEgqmd4cCyLv3YgWWHgBVeg3Bjq4CO1ppHiErxi0IjZDTO0ExGflLyvAJXhAZlpHn77g8yT5PjiFzv795i0+AvBUp2Iur6TD6edwZQsCn04+GhQ1U6acgjO5ww6Bldzm70wjqxW0hCpUtK5sVT0YG9WoCGttubcXHmRQVw2S/yxxjMj0Cq6eNoOOOMm7zeqra4B8drtOwmy5UFOB3XJcF6AAInY69CVGhIs8y79OGr0bI6/fgdV+y2TeDZd+yQhH3x95dUkRUNthW0bMzSYWGAfNg/81xZeQDT1oBGLQnwOrFjGyivFCVzzsdk3MKo6/T/wowTCwxztc58iIdJHmRETpRTIZsWUqehKiHhxWOsd2a+v0wIMTh8tPLTlJYh+cJkzze4muzFXbziB7VPn/Nsrob4mmds6PF0Vds+OUsrH39+LuVFOw2KJAb0lITQeBjvBtKV1PPEZUmzU1B2MxpuQ2CZxIFF1FFQWYbXHy9R5MnJpI8ZnTM2WDWd+jMBRKHC2SeZgu78gEq86EgDpppeZsHgJzLS7jPDmiHb+GBeiNlalGMNEsF8Jg2dKeTMc0f5+lfkCp/WPmEUmnJG43/7q1jvjRMqrvKP0uXVbr+OVjP6pm2gJhusdXTDza9HoQrrZFQLoPELkAiwR3Ye+iuall/XwUKtPazkBKqyigQlDAZlW+5QOPn2bzb+wSGb+ekS8qLr52Zpv2v1AUpus0aMz+2tCOm9eKi+3kBdGvry685szQKwj7Raf1pTWwDSdcFtSGNgqtVQLggxq/YbOUcLSc4uc+uQ2pNIcGh0zBCvZO2H8Uz7Ijj/fPl34VKH8BzdqTX+6I7LruGa5SHGru3J0fUJ4wDyKSdRopa9mjjdwRZVPRwM5YTA9+keaD+S8wtStQggcBxme47ieK/DnIVLOrMMSgJ
Content-Type: multipart/alternative; boundary="_000_DM4PR14MB5056A39F7CF98819EB061921E2FA9DM4PR14MB5056namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR14MB5056.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6bd830c7-2234-4a3c-87cd-08daef5d8c3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2023 20:43:48.9676 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f3526f9-97d6-412d-933a-4e30a73110f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: u7+goVZEBvqhwe/3vx+0YkHoHRQNa+jSLlfXiBBdiawICuqoE8JM0ltB7v509Oq3GeffWARpJvw+cB6kgQ2+Vw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR14MB7324
X-OriginatorOrg: nbcuni.com
X-Proofpoint-GUID: qRgLlvQEsSxHLvLQuclPXmymF0Sj8VCd
X-Proofpoint-ORIG-GUID: qRgLlvQEsSxHLvLQuclPXmymF0Sj8VCd
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2023-01-05_12,2023-01-05_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 phishscore=0 suspectscore=0 adultscore=0 priorityscore=1501 malwarescore=0 clxscore=1011 impostorscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301050163
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/cTBXVfn4VjwJUHDsdC7SjnUWPfo>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 20:43:54 -0000

On 1/5/23, 8:44 AM, "ietf" <ietf-bounces@ietf.org> wrote:

>> There is a general feeling that the bigger threats to user privacy are now not in transit, but in or before the endpoints. So, the fact that the IETF does not >>want to consider threats in the endpoints is seen as additional evidence for the above.

>Not even threat, fact. It was bad enough when packets disappeared into
>proprietary firmware, nowadays you can't even take a packet capture
>directly from an iphone/android or chromebook, transiting inside the
>endpoint.

This problem is brought on by the difference in where the demarcation point for zero trust actually falls.

As proposed conceptually,  zero trust has the entire endpoint of each side completely under the control of each party and they would have full visibility to what was going on and being sent.   You protect you, I protect me, and we don’t worry about the delivery truck in between us.

However, in reality the implementations on the user side moved the content provider’s zero trust demarcation point to inside the user device inside the application or browser application and don’t provide any ability for the user to see or fully control the trust on their side of the relationship.   The actual zero trust demarcation point isn’t at the network connection endpoint, it’s in a place on their device the user has no visibility into.

The wire transit maybe be better protected, but we should acknowledge that we’ve moved the problem not completely solved it.

-glenn

v2.23.0 | Report a Bug | By Email