Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Eliot Lear <lear@cisco.com> Mon, 15 July 2019 08:11 UTC

Return-Path: <lear@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 674D412001E for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 01:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5x7csB7OuF5D for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 01:11:35 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B90EC12007A for <Secdispatch@ietf.org>; Mon, 15 Jul 2019 01:11:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9825; q=dns/txt; s=iport; t=1563178294; x=1564387894; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=i+2SHSKPSv+QfCMIt13BeZ0drGNb0wLhXfzBkt/EccA=; b=k/FRo8OCx2MzUzODXKjffw1DHTorv4Kn0BQoEi7Yyj7Dl5B5RzS8bh80 Lj7dBXBZtnBBx0jxN66/WerjNXUfjbNptFHjU68nKeNFS6/ev7soSFtdP pYSPpNp+hDH86bi9vCv1w/JzxG+cVAEb3ZsVIPrF7kpoHkXj9P8DxXKmW 8=;
X-Files: signature.asc : 195
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAAAzNCxd/xbLJq1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUwQBAQEBAQsBgRSCPQEgEiiEHIgcX4tTJYczi0eGA4F?= =?us-ascii?q?7AgcBAQEJAwEBLwEBhEACgwM0CQ4BAwEBBAEBAgEFbYVIhUoBAQEBAgEjRBA?= =?us-ascii?q?CBQsLDgoqAgJXBhODIgGBew+qLoEyhUeEZBCBNAGBUIdFgmCBf4E4DBOCHi4?= =?us-ascii?q?+h04ygiYElHGVcgmCG4IfgQyQYRuCLYsxiiyheoMLAgQGBQIVgVA4PoEaMxo?= =?us-ascii?q?IGxVlAYFZaD6COo4PPQMwkCsBAQ?=
X-IronPort-AV: E=Sophos;i="5.63,493,1557187200"; d="asc'?scan'208,217";a="14250137"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Jul 2019 08:11:32 +0000
Received: from ams3-vpn-dhcp3718.cisco.com (ams3-vpn-dhcp3718.cisco.com [10.61.78.134]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x6F8BVof017424 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jul 2019 08:11:32 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <D484DBE1-8136-42C6-882C-307DC48E06DE@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_EA31B6AB-BD70-49D7-B596-EB987AA88125"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 10:11:30 +0200
In-Reply-To: <CABcZeBNwmitpkJn0fCbNHOJtJ25yXdk6i6U9wK0a-9hwK1Tqcw@mail.gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, smart@irtf.org, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Dominique Lazanski <dml@lastpresslabel.com>, IETF SecDispatch <Secdispatch@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <78ccb680-9ccb-f13f-0442-02833cc7cc92@cs.tcd.ie> <CABcZeBNwmitpkJn0fCbNHOJtJ25yXdk6i6U9wK0a-9hwK1Tqcw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Outbound-SMTP-Client: 10.61.78.134, ams3-vpn-dhcp3718.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/ArZrr_2GWubO5043AgdjndXkU2U>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 08:11:37 -0000

Hi Eric,

> On 14 Jul 2019, at 23:24, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> Similarly, I don't think that the kinds of botnet attacks described
> in Section 3 are out of scope for 3552, though I see how it could
> be read this way. However I think that the idea of a malicious
> counterparty is clearly in scope if we assume that the attacker
> controls the network.


When you say “network” do you mean the botnet or the wired network connecting devices?  The former is where I and most people would argument most of the trouble stems from: since a great many attacks are coming from batted devices.  I seem to recall that we shut down a botnet some time ago that had more devices than all of the Internet infrastructure at all major carriers combined (it was in the millions).

> Here too, I wouldn't expect 3552 to be deployed
> to preclude that kind of work; we have done plenty of anti-DoS work
> in IETF (whether it is good enough is a different story).


And I would expand that to cover not just DoS, but other forms of attack.

To your point on the E in IETF, I agree that there needs to be clarity on what E is needed. As I wrote elsewhere, I would be happy with quite a bit more R from the sister organization.

Eliot