Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Bret Jordan <> Fri, 12 July 2019 16:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B807120140 for <>; Fri, 12 Jul 2019 09:05:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Me_PnUZgoiRp for <>; Fri, 12 Jul 2019 09:05:00 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 676D0120134 for <>; Fri, 12 Jul 2019 09:05:00 -0700 (PDT)
Received: by with SMTP id b7so4981356pls.6 for <>; Fri, 12 Jul 2019 09:05:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=CJmvHHHj6oXs/IVdWWV/CQRvOj7BxTs3avEYx5Qu6CQ=; b=L4YlFgqixq3hiq8F+Qk1mkbM1JIyo69EDFCMy5W7wXTIqR2UMQ3jX6R6+gSJP74uuV cvCwBy4q6GFZLMdNL52cNzga2BvepohOzj3r9U91uTTkTO9viSP9OpSuzBFOmhxbq24F t1fpBURfLLfRA0AIWLzxmSJ3ej0gk/ZDN1D3a02d6I1cKxtv+bzcWXx5h+fxnTO0XrZK +tlExJjapPE9xwncWQ8Mba4AnmJWnjKunSsrvjRi26PAMcI0eZbw8FpE/Ib3izoxv73V G0YpIn/zpS8EXP1kjTRxzv1p578Xke4q0UYqTFAVc8XxTeNOMp1zftA26IfaAhKC40y9 YqgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=CJmvHHHj6oXs/IVdWWV/CQRvOj7BxTs3avEYx5Qu6CQ=; b=G/dliW1VJhzZgWTPfqRkLbiEOpRj96RlkOOfUYmSK2vF5Ww1fYImO2tEw54F3hT9IU yfjLn3bJWMgi2yCRc8UbkBk6W4putmpQrGRX7tbmCphGSKVpzJ/HMyAdszFavuhM6E1G 2QtNjhHoTQuH+Cju1DADv+OuGInRaVJt0thLLA93AC31A3MHY/3Xl3mnQ4127IsvNh6i Y/sQhMICyKdWq5SDUOAxZd2B4rxR0H5v0RQZRrAfvfSp7ONkTG5IDkpppEshyOtgSFwi SfPJ90qqNZGz01QZ5gjjovpMDQjZGAI4S+lCcZlyhsQ2zLAQTHVe5qdBxp6Hz4vWYa3c nzkA==
X-Gm-Message-State: APjAAAV21D2I0VwW98ivZM8dpuwJrPiEM09674BK83VEsQNLdbdTQ/4z wsteYRCAkBWZLmz9pHMOPmM=
X-Google-Smtp-Source: APXvYqxjfOLBSU8Qo3vAYo3xwytxMOTHp9omSTf1XyHqf8hpVNqtZCmB7I+LRntUnuXQKpqHJuEC1w==
X-Received: by 2002:a17:902:28e9:: with SMTP id f96mr11839192plb.114.1562947499868; Fri, 12 Jul 2019 09:04:59 -0700 (PDT)
Received: from ?IPv6:2605:a601:a990:4d00:515e:2123:8528:f4f5? ([2605:a601:a990:4d00:515e:2123:8528:f4f5]) by with ESMTPSA id m4sm17770645pff.108.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jul 2019 09:04:58 -0700 (PDT)
From: Bret Jordan <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3BBA3A5F-9FBC-4AFB-897F-6ACC2E24EF91"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 12 Jul 2019 10:04:55 -0600
In-Reply-To: <>
Cc: Dominique Lazanski <>,, IETF SecDispatch <>
To: Phillip Hallam-Baker <>
References: <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Jul 2019 16:05:03 -0000

Unfortunately I think you are misunderstanding the attack surface how attacks can work and wrongfully assume how threat actors and intrusions sets operate.  It is not always about exfiltrating your super secret “recipe" as you call it.  So database encryption will not always help you, nor will putting your database on a block chain. Yes, it can reduce the attack surface or exposure of your data under legitimate use. But once the server is compromised, the attacker can simply pull decrypted information from memory. Or can continue to move laterally through the organization and pull the data of endpoints that do have access to the data.  Further, the threat actor may not be interested in exfiltrating the data at all.  But may simply be interested in using your “1980s” crypto as you call it to encrypt your database with their own key.  This attack is commonly called Ransomware. 

The key point is that you can not patch your way into security.  This is a common misunderstand that many people have outside of operational security.  End points are always weak and highly vulnerable to attack.  It does not matter if they are end user devices, servers, IoT devices, or components soldered in to SCADA systems.

I would encourage you to look at the MITRE ATT&CK framework to better understand how these attacks work and how threat actors can disrupt, exfiltrate, and destroy a company. 

We have to realize that the security model has changed since some of these documents were written. Yes, pervasive monitoring of users on the internet is a problem, but it is only 1 piece of a large pie of problems.  We in the IETF need to communicate better with operational security, so that we can design solutions that hollistically help improve security and not make one part better at the huge expense of everything else. 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

> On Jul 11, 2019, at 7:22 PM, Phillip Hallam-Baker <> wrote:
> It is an interesting read. But I see a very important distinction that needs to be made between compromise of user end points and compromise of server end points.
> Most breaches that occur are when an enterprise is penetrated and the firewall is the first and last line of defense. So Percy the Pinhead clicks on a link in an email and six hours later the attacker has root privilege on the corporate server. This is not Percy's fault, the fault is that a single mistake by a single employee results in compromise of data Percy was never authorized to access.
> So right now we have systems where one compromise at any one of 10,000 endpoints results in a breach. 
> Now lets consider using some 1980s style end to end cryptography. So that the ultra important recipe data is only available to the dozen members of group. This improves matters because we have reduced the points of compromise from 10,000 cooks and service staff to 12 trusted employees.
> That is a start but we are still vulnerable to a single end point compromise so lets apply threshold cryptography so members of group W only have one half of the decryption key, the other is on the server and both halves of the key are needed to perform decryption. In this scenario, we now require two separate compromises of two different end points.
> On Wed, Jul 10, 2019 at 11:29 AM Bret Jordan < <>> wrote:
> Dominique,
> I have read over your draft, and I think it highlights some very key things we all need to look at and address. Thanks for putting these ideas down on paper.  Hopefully this I-D can help us all start a broader discussion to improve things.
> SMART / SecDispatch,
> If you have not yet read this I-D, I would encourage you to look at it.  It is a very fast read. 
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
>> On Jul 8, 2019, at 12:54 PM, Dominique Lazanski < <>> wrote:
>> Cross posting to this mailing list.
>> Dominique 
>> A new version of I-D, draft-lazanski-smart-users-internet-00.txt
>> has been successfully submitted by Dominique Lazanski and posted to the
>> IETF repository.
>> Name:        draft-lazanski-smart-users-internet
>> Revision:    00
>> Title:        An Internet for Users Again
>> Document date:    2019-07-08
>> Group:        Individual Submission
>> Pages:        12
>> URL:   <>
>> Status: <>
>> Htmlized: <>
>> Htmlized: <>
>> Abstract:
>>   RFC 3552 introduces a threat model that does not include endpoint
>>   security. In the fifteen years since RFC 3552 security issues and
>>   cyber attacks have increased, especially on the endpoint. This
>>   document proposes a new approach to Internet cyber security protocol
>>   development that focuses on the user of the Internet, namely those
>>   who use the endpoint and are the most vulnerable to attacks. 
>> -- 
>> Smart mailing list
>> <>
>> <>
> _______________________________________________
> Secdispatch mailing list
> <>
> <>