Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Eliot Lear <lear@cisco.com> Mon, 15 July 2019 08:01 UTC

Return-Path: <lear@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E676512007A for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 01:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_Rb0hoFlncW for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 01:01:44 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C65512001E for <secdispatch@ietf.org>; Mon, 15 Jul 2019 01:01:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1659; q=dns/txt; s=iport; t=1563177704; x=1564387304; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=DT44yFxss/vyM1I3fKBf5AKRUL7m9TiYbAZ0OLUMe0k=; b=LjXaN0b8DJz8t7Z6AQYzHwfW/ZvEZfwxwqAJ3Zaysh9EjcvF3wgToTDR j9wta+OyJh9jpreR2VNrvkCv6DY8UAyK40URhWfy+S0nwJXUMjhyg862N 4hK2oML21SwaAduT6KKrHoIcw/EszBKR6IodEYktT2r5ACsPLLDFhkAbj 8=;
X-Files: signature.asc : 195
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AHAAABMixd/xbLJq1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBVAQBAQEBCwGDUQEgEoREiHuLd5h9gXsCBwEBAQkDAQEvAQG?= =?us-ascii?q?EQAKDATUIDgEDAQEEAQECAQVthUiFSwECAgEjUQMCEAtCAgJXBoM1AYF7D6o?= =?us-ascii?q?sgTKFR4RjEIE0AYFQh0V2gWqBf4E4H4IeLj6HTjKCJgSUcZVyCYIbgh+BDJB?= =?us-ascii?q?hG5gKoXqDCwIEBgUCFYFSAzM+gRozGggbFWUBgVlpPYIPFxSODz0DkFsBAQ?=
X-IronPort-AV: E=Sophos;i="5.63,493,1557187200"; d="asc'?scan'208";a="14312101"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Jul 2019 08:01:42 +0000
Received: from ams3-vpn-dhcp3718.cisco.com (ams3-vpn-dhcp3718.cisco.com [10.61.78.134]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6F81fLb027082 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jul 2019 08:01:41 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <469416D4-F549-4CAD-9C81-3D4A5A271B6A@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_7A3F131B-C9C8-4863-9760-29E96A502C13"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 10:01:40 +0200
In-Reply-To: <AC7FADF1-A556-46AF-9A5C-F464AA4772B9@gmail.com>
Cc: Melinda Shore <melinda.shore@nomountain.net>, secdispatch@ietf.org, smart@irtf.org
To: Bret Jordan <jordan.ietf@gmail.com>
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <45cc67f6-3dd4-9788-29e5-4cc82471e6ee@nomountain.net> <9683DFBC-1816-4C0A-8D8A-4CE36318C72C@cisco.com> <d5f05651-849f-4048-3123-8ee17a0c0a96@nomountain.net> <C2AD999E-2B53-4E17-B033-4B722ADFA677@cisco.com> <AC7FADF1-A556-46AF-9A5C-F464AA4772B9@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Outbound-SMTP-Client: 10.61.78.134, ams3-vpn-dhcp3718.cisco.com
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/TWPXnbAuU0m0BhYWVxVc7r50kjw>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 08:01:46 -0000

Hi Bret,

> 
> 1) Is the content or content provider that the user is going to compromised and trying to attack the endpoint?
> 2) Is the content provider that the user is going to a stage 2 delivery site?
> 3) Is the content provider that the user is going to the location for outbound malicious content (data exfiltration, CnC traffic)
> 4) Is the content provider that the user is going to adversely tracking and monitoring everything the end client does, aka active surveillance versus passive surveillance?
> 5) Is the remote site that the user did not go to attack the end point.

While we tend to think of endpoints as being equivalent in class, in which case your use of the term "content provider” would be somewhat redundant, from a scaling perspective I am far more concerned about unwatched unmanaged endpoints than I am about content services.  And again, to me it is a matter of what problems I think might be tractable.

Eliot