Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Bret Jordan <> Mon, 15 July 2019 00:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E0D11200B7 for <>; Sun, 14 Jul 2019 17:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YQ4NDzhw1B2D for <>; Sun, 14 Jul 2019 17:24:01 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E55E21202A1 for <>; Sun, 14 Jul 2019 17:24:00 -0700 (PDT)
Received: by with SMTP id q4so6843685pgj.8 for <>; Sun, 14 Jul 2019 17:24:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=y0jbE+k4jT0+OCGVre0LSQAGSM2NOmFLpgf5T5P6RrE=; b=H3UYeEGAPUZSgoRS3oOUR/hwIdMgsYngRNHNMew51WoVLAdiXbQ6RqAmsh55cZCHo7 edR1lpDhZI0CIYzCJYH86Dnn9cLLnObxdwMhlVViVssgkC+BWoM4auGnSUiJ2w614PZ3 WT1QYNfBsb8BAnuFK33PA3lAHDXvVtkgZQbGKLxKg0+bkA+k8gpbPZ0DgecMw8XCTgii 4ZYzhPkmC6twHfYA6Sjq4OlHiIxyXlMmy3OdqUr79uU3tV8XCgjpHB3Y2uUnFvys120B ySw2GBrp87d8x1YzYtfRjKeF6QOVbNcOgyYu3KpeAx5znlWz+E5JFIxJya4CWZx5KMFC kslg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=y0jbE+k4jT0+OCGVre0LSQAGSM2NOmFLpgf5T5P6RrE=; b=YAIRkfRU3LMl/MnzSzFlP6EnemEffVtC87YBuRBO9iR9MGzmSnbF00sFSWTECRJr1k BIZZXWPEuzn277ezamZ1dP7gJpZcRs6AuXIU6LwZ8DKPBKZRhRzQYdSiQGZxdKKSzkMk aQqbJhpbLCUH8VGopq2wv9XZIG10ztRWebPqWNtZvSqSNkp/2DdQteCrfE3jReT+2RpM ryTEgQtL95Qayt2Nm20QoUoJzssPACNUTrLY7LOWKsZVlluR8jRCCMW6EhN59F/ZWUrn MEFAN8qJ44yKbhK3CNQZuYfkq5YRUu5NQklCDYav5Os/F4fCaslb1BkDGt/DXmm350GQ y9qA==
X-Gm-Message-State: APjAAAVNdiTAsoAF6eGAPpRpE8COMYHm0HqcqE1/aouEwiJR9Dz7D8p+ SDOojHSOCIuiWZ8WaLpaYpI=
X-Google-Smtp-Source: APXvYqwThSgYsUu6pZI08G6w4I6GSLF8mM1qPo2glAEMh5R0uUOjg6hsDs8AqSQfDYXkiSZLBvpwuA==
X-Received: by 2002:a63:6110:: with SMTP id v16mr20665239pgb.60.1563150240260; Sun, 14 Jul 2019 17:24:00 -0700 (PDT)
Received: from ?IPv6:2605:a601:a990:4d00:6893:ce36:fd8f:62a0? ([2605:a601:a990:4d00:6893:ce36:fd8f:62a0]) by with ESMTPSA id 143sm23368747pgc.6.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jul 2019 17:23:59 -0700 (PDT)
From: Bret Jordan <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C12D523E-97BA-4FAA-BAB8-C954A0D4E07C"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 14 Jul 2019 18:23:56 -0600
In-Reply-To: <>
Cc: Melinda Shore <>,,
To: Eliot Lear <>
References: <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Jul 2019 00:24:03 -0000

Hi Elliot.  

There are a few additional questions to consider, that are more relevant, IMO:

> To your point below, there are three questions we can ask:
> Is the device known to be compromised?
> Is the device not known to be compromised?
> Is the device in a known good state?

1) Is the content or content provider that the user is going to compromised and trying to attack the endpoint?
2) Is the content provider that the user is going to a stage 2 delivery site?
3) Is the content provider that the user is going to the location for outbound malicious content (data exfiltration, CnC traffic)
4) Is the content provider that the user is going to adversely tracking and monitoring everything the end client does, aka active surveillance versus passive surveillance?
5) Is the remote site that the user did not go to attack the end point. 

All of this in network based / Internet based.  Protocol designs can help make it much more difficult for threat actors, crime syndicates, and intrusion sets from being as effective. 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."