Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Eric Rescorla <ekr@rtfm.com> Mon, 15 July 2019 11:32 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14CA120098 for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 04:32:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ClmXnImG1CR for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 04:32:38 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA778120077 for <Secdispatch@ietf.org>; Mon, 15 Jul 2019 04:32:37 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id t28so15795734lje.9 for <Secdispatch@ietf.org>; Mon, 15 Jul 2019 04:32:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U8ozZZyh4ljfD75AvyK62E63F88X745s9RGGlFyDHsc=; b=Ff5x4rhv8in9Rvih9hoFFJSCoQquvMDCK9IvN4pWrddBssVSOB+8DbTbV/ZdBDxmeY rnXGiA183aDbj+WOuCMAjTS3TJRo9paSOET7eqprldCPksMvPj5/ebOtPy5DgLwH05Eo ciUvmZ0JWG7OfmUGK3kP07tvU0MnI60lpxjQ827gsoS2Z9sVgDqiY5MbfidUmkvihtZw StwBSz/U/jPkgVfLmkaWlHMbmG4ANOv6UUTvSF9RHpiBEr5uXTvLXTYhPgsvS7Bx5vR0 qJFvF9S/fBcgNJEb6FoSg5U8TqbI0UBYMMATd4x3zUSSKjI3CkeywEGz1UXAZZFtS5aq zKIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U8ozZZyh4ljfD75AvyK62E63F88X745s9RGGlFyDHsc=; b=hv/nYShtsc150a8MR+YvVTsE78aWJgGU7Y7+OuYOYrFEm6717Xy0Bte4EMZ0e9ViIv ffxPiwUuphziNI0eCvaWCVXXOd+P3PXDLbmAjcVhCdAojo/1XHry/+W9r3q8SNH7i7WE LHMNztBj3hZ92M/PxT490wsmuM9xqaOqyGjjqRsRbWT8dA5AxreHcZ8nxJX4gbUZNgpw lNRWAjHmhSKoi80xeyH3P9pkx7+Bt/FjbdzI5C9WMCGba5HyncczpYLqwvhmGHmgj3OI Kg1mOqCa3VyBYHJ+y+CqRjpHgrhIoIx7B4uaDSVZyTMUgJ4JSFjiC2G3+StPuSUYrOYR WGLg==
X-Gm-Message-State: APjAAAULGZSuqBv4SigAykGxs0iTpbKEwn6Lgaj4+cNfvN6WzTMYg2G/ cINEf4N2FKEvl+KpM3z/UeB925NS63fZRg0gSOg=
X-Google-Smtp-Source: APXvYqx7Y+YwVvkVrC0bZbS7FvcR+lEFi2yqWoNatPF0h+R+JmS3o6Syh0P4af3167Qqf3QGFI6hF8ZckXniMneD7Lk=
X-Received: by 2002:a2e:9cd4:: with SMTP id g20mr13068538ljj.205.1563190356173; Mon, 15 Jul 2019 04:32:36 -0700 (PDT)
MIME-Version: 1.0
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <78ccb680-9ccb-f13f-0442-02833cc7cc92@cs.tcd.ie> <CABcZeBNwmitpkJn0fCbNHOJtJ25yXdk6i6U9wK0a-9hwK1Tqcw@mail.gmail.com> <D484DBE1-8136-42C6-882C-307DC48E06DE@cisco.com>
In-Reply-To: <D484DBE1-8136-42C6-882C-307DC48E06DE@cisco.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 15 Jul 2019 04:31:58 -0700
Message-ID: <CABcZeBPrhs+UmWgEu7M8g_6j3+Yzp0+wkz0_OTtvnuUmCUFwSw@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, smart@irtf.org, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Dominique Lazanski <dml@lastpresslabel.com>, IETF SecDispatch <Secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e58d53058db69dc7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/AtONyS6t2o-Yz5hpqSHR-PExfhM>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 11:32:40 -0000

On Mon, Jul 15, 2019 at 1:11 AM Eliot Lear <lear@cisco.com> wrote:

> Hi Eric,
>
> On 14 Jul 2019, at 23:24, Eric Rescorla <ekr@rtfm.com> wrote:
>
> Similarly, I don't think that the kinds of botnet attacks described
> in Section 3 are out of scope for 3552, though I see how it could
> be read this way. However I think that the idea of a malicious
> counterparty is clearly in scope if we assume that the attacker
> controls the network.
>
>
>
> When you say “network” do you mean the botnet or the wired network
> connecting devices?
>

Well, from the perspective of the receiver of traffic, these are kind of
the same thing, because you're just receiving packets.

I agree it's a bit of an awkward fit, and I wish 3552 talked more about
compromised counterparties -- this is mostly due to my comsec orientation,
I agree -- but I'm not sure that it would change what work we do...

-Ekr

 The former is where I and most people would argument most of the trouble
> stems from: since a great many attacks are coming from batted devices.  I
> seem to recall that we shut down a botnet some time ago that had more
> devices than all of the Internet infrastructure at all major carriers
> combined (it was in the millions).
>



>
> Here too, I wouldn't expect 3552 to be deployed
> to preclude that kind of work; we have done plenty of anti-DoS work
> in IETF (whether it is good enough is a different story).
>
>
>
> And I would expand that to cover not just DoS, but other forms of attack.
>
> To your point on the E in IETF, I agree that there needs to be clarity on
> what E is needed. As I wrote elsewhere, I would be happy with quite a bit
> more R from the sister organization.
>
> Eliot
>
>