Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Phillip Hallam-Baker <> Fri, 12 July 2019 01:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D0D20120086 for <>; Thu, 11 Jul 2019 18:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.106
X-Spam-Status: No, score=-0.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.247, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b5xTQ13UvN6K for <>; Thu, 11 Jul 2019 18:22:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E81E1120020 for <>; Thu, 11 Jul 2019 18:22:57 -0700 (PDT)
Received: by with SMTP id l12so6080934oil.1 for <>; Thu, 11 Jul 2019 18:22:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9ecN4iBbnw+hXvnaekRcOElqsxLz1fQ2oWQJsrPq18M=; b=PKFjFFbzAeZmIl1+X1sOG5UrntYPZQpRoEy/s63f4TEkAztzY7jGVMUK+1lyRheoR6 mUhME/6ON9NQSCAWSRnZIZ/Wx6ONt0d+tsUsAH2r+yMM/O3uf+QX07kr0pW8VBLnZD6Y g+KzgPNamLmQWgTsKj7+O4XT0J1+c8+/gY7aF7hTk4WtB3bcg2p+r9y1N4iLOkVfNmhv vwodvUfF+DtmTF8vPrXqMaoFCP2XQdEIq3nf8NEJGMwZZV+bNiO3q2/BdbJQS3A/WNje ODJYD+iY4gBlM7elryJenQb/x6eZJy/3N/jBUn55eOZh69dW/22jOPS0eNIve+9BbjzD hAog==
X-Gm-Message-State: APjAAAWLvr31Q6WpgdfaR367vdEDcY4wvmHkZBkS4IJHSBJs5VeuSPe8 sV9fkhb3QBSClKhLYE5DftoNW9GO39Smh9DyUjU=
X-Google-Smtp-Source: APXvYqwSaGw2w0yO6HOBAxpEI5oNV7ssmnCozEbk8aVj0/glzfzjJXgim5n2GMY4oL6hKJV+1AChPUTQ+XP6wxpakc0=
X-Received: by 2002:aca:bfd4:: with SMTP id p203mr4533947oif.95.1562894576883; Thu, 11 Jul 2019 18:22:56 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Thu, 11 Jul 2019 21:22:47 -0400
Message-ID: <>
To: Bret Jordan <>
Cc: Dominique Lazanski <>,, IETF SecDispatch <>
Content-Type: multipart/alternative; boundary="000000000000139cb3058d71c04f"
Archived-At: <>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Jul 2019 01:23:00 -0000

It is an interesting read. But I see a very important distinction that
needs to be made between compromise of user end points and compromise of
server end points.

Most breaches that occur are when an enterprise is penetrated and the
firewall is the first and last line of defense. So Percy the Pinhead clicks
on a link in an email and six hours later the attacker has root privilege
on the corporate server. This is not Percy's fault, the fault is that a
single mistake by a single employee results in compromise of data Percy was
never authorized to access.

So right now we have systems where one compromise at any one of 10,000
endpoints results in a breach.

Now lets consider using some 1980s style end to end cryptography. So that
the ultra important recipe data is only available to the dozen members of
group. This improves matters because we have reduced the points of
compromise from 10,000 cooks and service staff to 12 trusted employees.

That is a start but we are still vulnerable to a single end point
compromise so lets apply threshold cryptography so members of group W only
have one half of the decryption key, the other is on the server and both
halves of the key are needed to perform decryption. In this scenario, we
now require two separate compromises of two different end points.

On Wed, Jul 10, 2019 at 11:29 AM Bret Jordan <> wrote:

> Dominique,
> I have read over your draft, and I think it highlights some very key
> things we all need to look at and address. Thanks for putting these ideas
> down on paper.  Hopefully this I-D can help us all start a broader
> discussion to improve things.
> SMART / SecDispatch,
> If you have not yet read this I-D, I would encourage you to look at it.
> It is a very fast read.
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
> can not be unscrambled is an egg."
> On Jul 8, 2019, at 12:54 PM, Dominique Lazanski <>
> wrote:
> Cross posting to this mailing list.
> Dominique
> A new version of I-D, draft-lazanski-smart-users-internet-00.txt
> has been successfully submitted by Dominique Lazanski and posted to the
> IETF repository.
> Name:        draft-lazanski-smart-users-internet
> Revision:    00
> Title:        An Internet for Users Again
> Document date:    2019-07-08
> Group:        Individual Submission
> Pages:        12
> URL:
> Status:
> Htmlized:
> Htmlized:
> Abstract:
>   RFC 3552 introduces a threat model that does not include endpoint
>   security. In the fifteen years since RFC 3552 security issues and
>   cyber attacks have increased, especially on the endpoint. This
>   document proposes a new approach to Internet cyber security protocol
>   development that focuses on the user of the Internet, namely those
>   who use the endpoint and are the most vulnerable to attacks.
> --
> Smart mailing list
> _______________________________________________
> Secdispatch mailing list