Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Eliot Lear <> Mon, 15 July 2019 08:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 674D412001E for <>; Mon, 15 Jul 2019 01:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5x7csB7OuF5D for <>; Mon, 15 Jul 2019 01:11:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B90EC12007A for <>; Mon, 15 Jul 2019 01:11:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=9825; q=dns/txt; s=iport; t=1563178294; x=1564387894; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=i+2SHSKPSv+QfCMIt13BeZ0drGNb0wLhXfzBkt/EccA=; b=k/FRo8OCx2MzUzODXKjffw1DHTorv4Kn0BQoEi7Yyj7Dl5B5RzS8bh80 Lj7dBXBZtnBBx0jxN66/WerjNXUfjbNptFHjU68nKeNFS6/ev7soSFtdP pYSPpNp+hDH86bi9vCv1w/JzxG+cVAEb3ZsVIPrF7kpoHkXj9P8DxXKmW 8=;
X-Files: signature.asc : 195
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAAAzNCxd/xbLJq1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUwQBAQEBAQsBgRSCPQEgEiiEHIgcX4tTJYczi0eGA4F?= =?us-ascii?q?7AgcBAQEJAwEBLwEBhEACgwM0CQ4BAwEBBAEBAgEFbYVIhUoBAQEBAgEjRBA?= =?us-ascii?q?CBQsLDgoqAgJXBhODIgGBew+qLoEyhUeEZBCBNAGBUIdFgmCBf4E4DBOCHi4?= =?us-ascii?q?+h04ygiYElHGVcgmCG4IfgQyQYRuCLYsxiiyheoMLAgQGBQIVgVA4PoEaMxo?= =?us-ascii?q?IGxVlAYFZaD6COo4PPQMwkCsBAQ?=
X-IronPort-AV: E=Sophos;i="5.63,493,1557187200"; d="asc'?scan'208,217";a="14250137"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Jul 2019 08:11:32 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x6F8BVof017424 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jul 2019 08:11:32 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_EA31B6AB-BD70-49D7-B596-EB987AA88125"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 10:11:30 +0200
In-Reply-To: <>
Cc: Stephen Farrell <>,, Kathleen Moriarty <>, Dominique Lazanski <>, IETF SecDispatch <>
To: Eric Rescorla <>
References: <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Jul 2019 08:11:37 -0000

Hi Eric,

> On 14 Jul 2019, at 23:24, Eric Rescorla <> wrote:
> Similarly, I don't think that the kinds of botnet attacks described
> in Section 3 are out of scope for 3552, though I see how it could
> be read this way. However I think that the idea of a malicious
> counterparty is clearly in scope if we assume that the attacker
> controls the network.

When you say “network” do you mean the botnet or the wired network connecting devices?  The former is where I and most people would argument most of the trouble stems from: since a great many attacks are coming from batted devices.  I seem to recall that we shut down a botnet some time ago that had more devices than all of the Internet infrastructure at all major carriers combined (it was in the millions).

> Here too, I wouldn't expect 3552 to be deployed
> to preclude that kind of work; we have done plenty of anti-DoS work
> in IETF (whether it is good enough is a different story).

And I would expand that to cover not just DoS, but other forms of attack.

To your point on the E in IETF, I agree that there needs to be clarity on what E is needed. As I wrote elsewhere, I would be happy with quite a bit more R from the sister organization.