[Secdispatch] Fwd: IAB Workshop Call for Papers: Design Expectations vs. Deployment Reality
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 15 April 2019 14:04 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6087120292 for <secdispatch@ietfa.amsl.com>; Mon, 15 Apr 2019 07:04:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QKISBhgwvo6n for <secdispatch@ietfa.amsl.com>; Mon, 15 Apr 2019 07:04:10 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30044.outbound.protection.outlook.com [40.107.3.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50C7B1203E2 for <secdispatch@ietf.org>; Mon, 15 Apr 2019 07:04:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9ItZ/fozypB5imybzUKO3rBdMiEDEep3f/0T9yQjCoU=; b=NJQB+qZnArJKAoEAbcZc8mjI8/tiDA5F8YfRKGfdJU0bWy1uE01xWHE7u0wvL3PLCJHLlqF1wHMRASUSTvyaFLp9/dUw+MoincY2XxEWAHs099KwBrKsxIDgB44q16Wdi8/PW0VZjoXygUrh9AzPycnbIvUGqoZ70m5tgVG2IFQ=
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com (20.178.91.22) by AM6PR08MB3032.eurprd08.prod.outlook.com (52.135.163.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.17; Mon, 15 Apr 2019 14:04:07 +0000
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91]) by AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91%3]) with mapi id 15.20.1792.018; Mon, 15 Apr 2019 14:04:07 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: IAB Workshop Call for Papers: Design Expectations vs. Deployment Reality
Thread-Index: AdTyvoodAeOIKOERTpSWotUKgimzkA==
Date: Mon, 15 Apr 2019 14:04:07 +0000
Message-ID: <AM6PR08MB3686A132DFD5A4F6C3E4FFAAFA2B0@AM6PR08MB3686.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.121.58]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a822070a-e45e-4c4a-a8b6-08d6c1ab39fb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600140)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:AM6PR08MB3032;
x-ms-traffictypediagnostic: AM6PR08MB3032:
x-microsoft-antispam-prvs: <AM6PR08MB30325BF0B612EC55A54DB9F2FA2B0@AM6PR08MB3032.eurprd08.prod.outlook.com>
x-forefront-prvs: 000800954F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(39860400002)(396003)(346002)(136003)(40434004)(199004)(189003)(9686003)(99286004)(86362001)(33656002)(97736004)(25786009)(8676002)(54896002)(2906002)(6306002)(74316002)(14454004)(68736007)(3846002)(2473003)(52536014)(7736002)(5024004)(5660300002)(81166006)(790700001)(6116002)(8936002)(71190400001)(256004)(14444005)(1730700003)(2501003)(81156014)(71200400001)(229853002)(186003)(102836004)(6506007)(53936002)(55016002)(6916009)(53546011)(478600001)(106356001)(26005)(105586002)(6436002)(7696005)(72206003)(476003)(2351001)(66574012)(5640700003)(316002)(236005)(66066001)(486006)(225293001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3032; H:AM6PR08MB3686.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 15GibvtaKDi/zQtYcQgvGvcxCOiCUIldMPS7KtrFeHghWnTLl437aEnWmz/YDREN5Tna1kx4fFljruCHTd8m9SQwV90W7lS7bcU0BTA9yddGQePflYt18FG/+R2lklzPMOeQdORL+1QENwdDmUb5n31VCtN0PI8p3i2UvoDf19K9J4RY5KtV/IadkO0F1nvChUmV+SfS0rm0WhG55jSGvL5ukA4c3Msxhz9CimPpei3lmFiVpwnFpen2fXcIqBgUjJymdeSLwexWrhD13AItiOiKLhNVqqDY3C5vs17bCAG4KySE2OZSpsjJ92Ef5LE+rprTuWma0LkMrIXoEpt97naNko7WDHMM53gjjjfGgtqnDn8VBMl205UOwCieg6rG14vMuyi4fuJRF6YGSAs5X+eJo0GgHJPyeVigoc6Wwkc=
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB3686A132DFD5A4F6C3E4FFAAFA2B0AM6PR08MB3686eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a822070a-e45e-4c4a-a8b6-08d6c1ab39fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2019 14:04:07.4705 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3032
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/mATOWBTgTe1yhs3yapnkLuR_Mj8>
Subject: [Secdispatch] Fwd: IAB Workshop Call for Papers: Design Expectations vs. Deployment Reality
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2019 14:04:17 -0000
FWIW: This might be a good workshop for those working on IoT security
Will you have to run EDHOC over TLS to get it deployed in real world networks?
From: IAB Chair <iab-chair@iab.org<mailto:iab-chair@iab.org>>
To: ietf@ietf.org<mailto:ietf@ietf.org>, ietf-announce@ietf.org<mailto:ietf-announce@ietf.org>, execd@iab.org<mailto:execd@iab.org>
Subject: IAB Workshop Call for Papers: Design Expectations vs. Deployment Reality
Date: Fri, 12 Apr 2019 11:28:40 -0700
Design Expectations vs. Deployment Reality in Protocol Development
A number of protocols have presumed specific deployment models during the development or early elaboration of the protocol. Actual deployments have sometimes run contrary to these early expectations when economies of scale, DDoS resilience, market consolidation, or other factors have come into play. These factors can result in the deployed reality being highly concentrated.
This is a serious issue for the Internet, as concentrated, centralized deployment models present risks to user choice, privacy, and future protocol evolution.
On occasion, the differences to expectations were almost immediate, but they also occur after a significant time has passed from the protocol’s initial development.
Examples include:
Email standards, which presumed many providers running in a largely uncoordinated fashion, but which has seen both significant market consolidation and a need for coordination to defend against spam and other attacks. The coordination and centralized defense mechanisms scale better for large entities, which has fueled additional consolidation.
The DNS, which presumed deep hierarchies but has often been deployed in large, flat zones, leading to the nameservers for those zones becoming critical infrastructure. Future developments in DNS may see concentration through the use of globally available common resolver services, which evolve rapidly and can offer better security. Paradoxically, concentration of these queries into few services creates new security and privacy concerns.
The Web, which is built on a fundamentally decentralized design, but which is now often delivered with the aid of Content Delivery Networks. Their services provide scaling, distribution, and Denial of Service prevention in ways that new entrants and smaller systems operators would find difficult to replicate. While truly small services and truly large ones may operate using only their own infrastructure, many others are left with the only practical choice being the use of a globally available commercial service.
Similar developments may happen with future technologies and services. For instance, the growing use of Machine Learning technology presents challenges for distributing effective implementation of a service throughout a pool of many different providers.
In RFC 5218 the IAB tackled what made for a successful protocol. In RFC 8170, the IAB described how to handle protocol transitions. This workshop will explore cases where the initial system design assumptions turned out to be wrong, looking for patterns in what caused those assumptions to fail (e.g., concentration due to DDoS resilience) and in how those failures impact the security, privacy, and manageability of the resulting deployments.
While the eventual goals might include proposing common remediations for specific cases of confounded protocol expectations, the IAB is currently inviting papers which:
• Describe specific cases where systems assumptions during protocol development were confounded by later deployment conditions.
• Survey a set of cases to identify common factors in these confounded expectations.
• Explore remediations which foster user privacy, security and provider diversity in the face of these changes.
Important Dates
The workshop will be held June 4-5 in Helsinki, Finland.
Position papers must be submitted by May 3rd at the latest. The program committee will review submitted position papers and send an invitation to the workshop to one of the paper authors. Invitations will be distributed by May 9 at the latest.
Position Paper Requirements
Interested parties must submit a brief document of one to four pages, formatted as HTML, PDF, or plain text. We welcome papers that describe existing work, answers to the questions listed above, new questions, write-ups of deployment experience, lessons-learned from successful or failed attempts, and ideally a vision towards taking deployment considerations better in account when designing new Internet technology. Re-submissions from work presented elsewhere are allowed.
Program Committee
The following persons are IAB contacts for this workshop:
Jari Arkko
Stephen Farrell
Ted Hardie
Christian Huitema
Melinda Shore
Brian Trammell
Position papers should be sent by email to dedr-pc@iab.org<mailto:dedr-pc@iab.org>.
mjm
Marie-Jose Montpetit, Ph.D.
mariejo@mit.edu<mailto:mariejo@mit.edu>
marie@mjmontpetit.com<mailto:marie@mjmontpetit.com>
+1-781-526-2661
@SocialTVMIT
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Secdispatch] Fwd: IAB Workshop Call for Papers: … Hannes Tschofenig