Re: [saag] NCSC Protocol Design Principles

Andrew S2 <andrew.s2@ncsc.gov.uk> Wed, 02 December 2020 13:46 UTC

Return-Path: <andrew.s2@ncsc.gov.uk>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 106B03A13F6 for <saag@ietfa.amsl.com>; Wed, 2 Dec 2020 05:46:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWGm1jo9kVco for <saag@ietfa.amsl.com>; Wed, 2 Dec 2020 05:46:09 -0800 (PST)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100097.outbound.protection.outlook.com [40.107.10.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6D683A13F2 for <saag@ietf.org>; Wed, 2 Dec 2020 05:46:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fXzUw2O8DBH0OI6hNA3nFstb/uSO0lEXgeKxiBIyON/3+IflibpDj4G2gh2YGIltqEIrYVfYh9DEBslkyVxxn1xbAkr2jfzihLeXLsl242tsAE/s/7RU+sfE+yxuOno3mvxHZw9oe/M7C6kXSJmH2GwLw7xKKOKIei4lgpV5wNjGWc49plzrOJLLHPtCweoG2FHbQRU6ZQduzTnvbgveBBG0D1mccfSKtMc7WDsFBebmsE97gif3yvstV1t12/TE7IgdoLuUvfCPvLdQZwo9B6OmKaSNRJs+vSlJb1VNuhkFRl3mr6ByJ4/LYnl2bNuykjefFRRLDI3/dN9mADd5Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lJDr6axFEa1WINPhxypy80AgjZeVNkFuxEEA2acGpJI=; b=Wl25FGoVxizTnj+eBj/VMQYfKcaVXfd3AmJp1vlXNqOeUpCaUGAVSCbMRUV8c1e5ArW5umI23TnuM1kjZFdxpIdLEdb6b2/7Fr42LCzWkwDx1jnCJA6dQJYeud+zfO+P3gM43sOWc3sn8KRueqpGtaDWg2bou/AfCh/jDnSaTzwkOVqanOvl1G10ivuN8ihQDQ3X1CnGraTwXoDf58tVMBnmQ3xZE7Hh7DCD6hWfkyM3uV8sopDVqFADpV1s7KcIgUxdUK/LrPH/xsi7s+b/8S08foJZFVH4yJrg5MKoZ6mClcYtrpQSg04UF+iW9h9wydEeYnaleMMCBnAf6EYzFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lJDr6axFEa1WINPhxypy80AgjZeVNkFuxEEA2acGpJI=; b=Tc9Sxi07WjjF6VAjWMNVPQRCXPi2qIjO4J39y2uxd/RdKDIsyNX+gur9pH4Zj+/iK6E6N0iq2rTUtRYIEsnjCG2tMMRHcLf3sa9sNVhhkdRaJOU/2GeawawYouY7cHdafShF1CWbRu5azmOxwHj6bOLLN6DJB6mtByld5TOVj5nx6Vw2zO5ZqxmdaFeCP0jMXLc+Uutc4SZCtw9lp5iWkezOhYFTLNRDb3Q3oYv6svgvkRmEdV/4ONoXSGB89/n+VhV8aWk5xrj/SogsyReZj84kPRztc6XGrCIdzFJct7xBDxKhb7hvZEi2t260TjBoCLpV4JzExmNmiRUGagjmoQ==
Received: from LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:bd::12) by LOYP123MB2816.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:ef::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.18; Wed, 2 Dec 2020 13:46:06 +0000
Received: from LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM ([fe80::548a:ea39:b548:4be0]) by LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM ([fe80::548a:ea39:b548:4be0%7]) with mapi id 15.20.3611.033; Wed, 2 Dec 2020 13:46:06 +0000
From: Andrew S2 <andrew.s2@ncsc.gov.uk>
To: "saag@ietf.org" <saag@ietf.org>, "model-t@iab.org" <model-t@iab.org>
Thread-Topic: NCSC Protocol Design Principles
Thread-Index: AdbIrSOpOjfBozarTB+kE/htjVffyAABBbwA
Date: Wed, 2 Dec 2020 13:46:06 +0000
Message-ID: <LO3P123MB354717F600B9161C20C5EF1EE3F30@LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM>
References: <LO3P123MB3547597EF58E8A0654158884E3F30@LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM>
In-Reply-To: <LO3P123MB3547597EF58E8A0654158884E3F30@LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ncsc.gov.uk;
x-originating-ip: [51.132.68.128]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f16e390c-d05f-4dcb-8f07-08d896c89e4e
x-ms-traffictypediagnostic: LOYP123MB2816:
x-microsoft-antispam-prvs: <LOYP123MB2816CA9B00352CE6ADFC6747E3F30@LOYP123MB2816.GBRP123.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iyvBHYyNtepcVDb8dj1xGYmS/kv7yjZspFwHPDw9wqohpDkg8cn789HUvbWQVJEENA/tp7xowFnG8oT/pSQ30kJ5yb1JSjayzOvf6El8rd0QLciawJDe2dbJ5/deDW3qTB5X2qOjNDBxaBud+00n20jhHoywuNkYLhI7al7cni+2+3lzlIX+I8qkkiMMCa09DPbjnVBJOhtL6hs4KhZm43bi2TVpHmRBG1NOjJgejP5ccRPZirLPb0Jyy9cvYSwlBr8LN0qEcJC4jgH3daIjgwtCBQMPict06QzlZnnl5d+5Ctzlo+LoTUhilVdcYPoWc+h4jHmoOwq3BcmEf/33F9jgAnrdTBHNAnhacdqP1sO27EkoNBe+x2G37RefFiHrvVHrzySy/NPtHQqWi1fv+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(39850400004)(136003)(346002)(376002)(366004)(110136005)(316002)(966005)(71200400001)(186003)(86362001)(26005)(6506007)(53546011)(478600001)(2940100002)(33656002)(7696005)(166002)(8676002)(55016002)(66574015)(83380400001)(9686003)(66946007)(3480700007)(66446008)(66476007)(66556008)(76116006)(8936002)(64756008)(2906002)(5660300002)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?iZ9jjZF7YIPgkVPsQxHaHKiuUJ2fUGHb9bG8SNeRyczl9yTyBIzxOGdY1VZ0?= =?us-ascii?Q?12nRTHEWQSPJMRU7KUr/CjOL7vU51zlDpmRmuOgOOaALjj6QqXnopfPzqB2N?= =?us-ascii?Q?yzd0IxmtdiGTLX4cp+oTFADzuXH0x0eyr83X3Y2H2yfDbL+Sanys00iixEFZ?= =?us-ascii?Q?JUCQpAfjM8eVCx4fUzJOWIK/WxYULqZ3NI+gVV9BOXMZW3ZG0N5ziPAFl0JQ?= =?us-ascii?Q?dluLtBVUIihK09L5MiG9JjNg6QvVswZ9+iSyomVWATUUon0mfwsKZEiaaO2X?= =?us-ascii?Q?5SPg/O7lxh6Mkbp1ByAV8VrTHvDAkyRAhtz2gssUvdiliceTgwctonuc836X?= =?us-ascii?Q?8t7GbdduRyTJApi8zCd4NaT3ZvaaL/AxpriyyKvQtpoJLTNzPSwsVTl+DEiV?= =?us-ascii?Q?LzmDx2w/ycKzPk1QREy9pEWiv5+N2G6nznVyyGaojLRZ/2wVLBGcSSqZ45zK?= =?us-ascii?Q?372GVqKvnnN9E9PPuHRpKl98PiPv0+86d4D3jBVU9Spc1QzL57DFz9jh11Wb?= =?us-ascii?Q?M0uJ8KSndxokOtiq+kkpQ/gfwkix6QW3mQ/B/miqvBuC5bJ7WXF3FuV7482J?= =?us-ascii?Q?0YvQjexb2zQbUNHR7hbFr4MmG8IH3oEbjPEaaZXhL6sDaCnvT5tCmPshIIwr?= =?us-ascii?Q?lbYN+ZL9nLCBbfsV1xCJ8Ik+KWhIOIpG1tX5N2AXoXh7P1VoeOwu2lQajwPr?= =?us-ascii?Q?V0SsEEy4Nnswb+8xteRnFQuwOWcH2f2Kd3rqMzkTC3jeuJJ/9Ijwp7kPP6Sl?= =?us-ascii?Q?fH0hPm9Iw71QtuHPWmylFXFHxpLfEYeAC7ODeOiH1ZpGWZogvqfAlkWEoX6S?= =?us-ascii?Q?/oPOcKmXI9YU/xoL/wWX9StDIvKjaN/jqJwW6DGEgBCJIKz5J+gIRZDOv/Fv?= =?us-ascii?Q?bnov0/Lps1elqMbRejl6SPHWoz7BYoAhsk84Yim8jCLa3skipAMCZswdkj9i?= =?us-ascii?Q?c+vBFV82xcFBV6AjT4E4hZABKw4jjqEiom0DlhSIhG8=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO3P123MB354717F600B9161C20C5EF1EE3F30LO3P123MB3547GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO3P123MB3547.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f16e390c-d05f-4dcb-8f07-08d896c89e4e
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2020 13:46:06.5752 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mVPelwd1nENr4Km39mjuwGgtIUZLm7lbcNmtkqo6s9RmoMpS0c5BdPVUZd7j+pdOaszK/nLDleMHWo58isP3qQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LOYP123MB2816
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5fHjLSEX2cmoxyZ5cI-vOWlEhJY>
Subject: Re: [saag] NCSC Protocol Design Principles
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 13:46:11 -0000

Apologies for the broken links, the links below should work correctly.

Andrew

From: Andrew S2
Sent: 02 December 2020 13:42
To: saag@ietf.org; model-t@iab.org
Subject: NCSC Protocol Design Principles


Hi all,



NCSC published its Protocol Design Principles white paper this week: https://www.ncsc.gov.uk/whitepaper/protocol-design-principles. These principles have been written with the primary aim of helping protocol designers consider a range of issues relevant to security, but also to aid deployers and implementers in assessing protocols. The principles put user needs at the heart of the design process.



The paper outlines some of the major changes that have taken place with the internet over recent years, and outlines motivating goals for user security. In the context of these changes, and security goals, the paper defines three main principles:

1.                      Prioritise the use case

2.                      Keep it simple

3.                      Think about the bigger picture

Each of these includes detailed sub-principles that aim to help designers meet the motivating security goals in today's technology landscape.



Our goal of seeing protocols designed securely for the internet naturally has parallels with the IETF's work and, in particular, this white paper could be of interest to the IAB's model-t programme. The key first step in designing a protocol securely is, as we cover in the paper, to define the threat model it operates in.



We believe this paper will be of particular interest to those involved in model-t as well as the security area more widely.



We hope you find these principles useful, and we welcome any feedback, either by email to pdpfeedback@ncsc.gov.uk<mailto:pdpfeedback@ncsc.gov.uk> or via our GitHub page at https://github.com/ukncsc/protocol-design-principles.



Many thanks,

Andrew











This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk. All material is UK Crown Copyright (c)