Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)

Mike Bishop <> Wed, 04 September 2019 17:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5CAFD120B72 for <>; Wed, 4 Sep 2019 10:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FKbl915tEcvv for <>; Wed, 4 Sep 2019 10:57:59 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5C371120B61 for <>; Wed, 4 Sep 2019 10:57:59 -0700 (PDT)
Date: Wed, 04 Sep 2019 10:57:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1567619878; bh=dX+n1HnAGqcxk3IHbec/C0iRBmp+GdsX8YK7nrBQKok=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Jp7e1xZs9Mnki6YC5twHdmP0u5lVj6OmU9fvMUDTYTi5FIhXXY+ZfBYXL+Y43t8zu usd2k4byUtcRuaFmDk4IpuI5iJaWt+VwecgogjoCV9JghXKpp9oVBo1PVF7uCSCr8h LqA7C0rqji3+BPgpedYKRrOGEz4BQ6QGV5Yg/QOI=
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d6ffb2648d68_596e3fbefe2cd95c2984ce"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Sep 2019 17:58:10 -0000

MikeBishop commented on this pull request.

> @@ -5753,13 +5753,184 @@ DecodePacketNumber(largest_pn, truncated_pn, pn_nbits):
    return candidate_pn
+# Overview of Security Properties {#security-properties}

It seems worth excerpting RFC 3552:
> While it is not a requirement that any given protocol or system be immune to all forms of attack, it is still necessary for authors to consider as many forms as possible.  Part of the purpose of the Security Considerations section is to explain what attacks are out of scope and what countermeasures can be applied to defend against them.
> There should be a clear description of the kinds of threats on the described protocol or technology.  This should be approached as an effort to perform "due diligence" in describing all known or foreseeable risks and threats to potential implementers and users.
> Authors MUST describe
>    1.   which attacks are out of scope (and why!)
>    2.   which attacks are in-scope
>          1.  and the protocol is susceptible to
>          2.  and the protocol protects against
> At least the following forms of attack MUST be considered:  eavesdropping, replay, message insertion, deletion, modification, and man-in-the-middle.  Potential denial of service attacks MUST be identified as well.  If the protocol incorporates cryptographic protection mechanisms, it should be clearly indicated which portions of the data are protected and what the protections are (i.e., integrity only, confidentiality, and/or endpoint authentication, etc.).  Some indication should also be given to what sorts of attacks the cryptographic protection is susceptible.  Data which should be held secret (keying material, random seeds, etc.) should be clearly labeled.

In other words, this reads a lot like a Security Considerations section.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: