IETF Logo Mail Archive

Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sun, 14 July 2019 02:07 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6263C12006F for <smart@ietfa.amsl.com>; Sat, 13 Jul 2019 19:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DCsgnc1HaaCq for <smart@ietfa.amsl.com>; Sat, 13 Jul 2019 19:07:18 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 165FB12006D for <smart@irtf.org>; Sat, 13 Jul 2019 19:07:18 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id x21so13269268otq.12 for <smart@irtf.org>; Sat, 13 Jul 2019 19:07:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mEZp7X4OuIA0tRChvK/Iq6BBGVxq+m4r/lH7sEp8AXk=; b=lyQsQ7eBDmt8diMHOGqnWgaUzh7GxUgs3S5CBIKaDqUz4jx+xzaQkJC1wIOzEH+nYm Qx4Ndr/mLWCjTehl1DPk4yUJle5eVYDYq+wYjP17xAcVuccJAUyY3XErTBn36bYw3UYA DHCJ+29EK+gOkBW/0z0G6sqkuLykZsvrsYxNf94M22PafPqpmazjQqtNTTOofLNeBUW7 tBopFewvw7tSmh5fjp57jU+Wq5JpCLw2fdCds0zpepPGdMm/xjmLVD8OX1phcj0HiWTd iPdvPlO6MAtX41yOPl3Wah9sCzlHuJDchqQW5Ho/Lor3ysFIsg5hSxkdcMlRgptA9IEl NiMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mEZp7X4OuIA0tRChvK/Iq6BBGVxq+m4r/lH7sEp8AXk=; b=P2XeIog+jfvJC6iPnpMuSHciwyh9qitKYs8I7CtA2xnAHhCL/h3msI1dVP3KiIB54f t4cfW6saCCkGLukXQP0VBmKQhlgn1+pFSMcUoCQmznMw6nn88G9WzAXLd6yEvJANKbaU +UbC3hyzn7aJQ5Zvr2omH+9+kiQgBzxoJt7BsbLz6MkhnWZMr2C3t6qGNnrvihkL08/R FqvSSECuCcgNAmL9K3vJuAiK1xKpuItAUff6uDEO8NWA3ye81MXtKIyiEznNpxHNV0IT 155xy9cdG8RuTtk7uYJ8g4rcG6kUWeiX9Y9QIaVGfQIWx/GzEALDcZn6TMHCLL4W0IQM v5kg==
X-Gm-Message-State: APjAAAWjyqOgNyoQAkyXGdd+f8zn1nGVFhUA2jg0OwkW55BZtCyDIsVm Uf0EBBqcbzB13BxOctyeJSvwMGjK+19cm9M6trY=
X-Google-Smtp-Source: APXvYqyCL9XIQUtZHksCv7melyD/YUezsTw8nl8E4TZ+xmMjoutJNkFZCdUR8cQrF+i99H81Rr92uOzR5pkwFv84VV0=
X-Received: by 2002:a9d:76ce:: with SMTP id p14mr4586130otl.342.1563070037366; Sat, 13 Jul 2019 19:07:17 -0700 (PDT)
MIME-Version: 1.0
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com>
In-Reply-To: <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Sat, 13 Jul 2019 22:06:58 -0400
Message-ID: <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com>
To: Dominique Lazanski <dml@lastpresslabel.com>
Cc: smart@irtf.org, IETF SecDispatch <Secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000561c80058d9a9a54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/8ouRvyetgIkN2FuBuHZQH89juGQ>
Subject: Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2019 02:07:20 -0000

Dominique,

Thank you for your work on this draft.  It's a good start toward broadening
the conversation on the Internet threat model and I do agree that is
necessary.

The other recent threat model drafts don't cover the points raised, but
none of the three threat model drafts cover all threats. I'm not sure if
there are other threat model drafts I have missed as well.

I like the focus, but think as the draft goes on, broadening the scope to
look at the full threat model would be very helpful towards something the
IETF participants might buy into (I could be wrong here, but this is what I
suspect).  We can't look solely at the end point as the IETF is concerned
mostly with on-the-wire protocols.  In some RFCs, there are clear
requirements on end point security, but this is not particularly common.
It would be good to see the sort of changes proposed added into a revision
of 3552 in my opinion.  However, we do need to think about surveillance and
other threats too.  One of DKG's points from a panel at RSA was that boxes
that intercept traffic and are capable of decrypting that traffic is a
target rich environment.  I agree with that point.

We are in a tough spot as crypto has become stronger, but the endpoints
have not become more secure or even capable of detecting the threats that
were blocked in-the-middle previously.  I think adding this point into your
draft would be helpful as we (as a community) rethink the threat model.

I'd be very happy to discuss this further.

Also - is this a request to present at SecDispatch?

Thank you,
Kathleen

Sorry for the top-post, but I was not responding the the thread besides
Dominique's initial message.


>>> On Jul 8, 2019, at 12:54 PM, Dominique Lazanski <dml@lastpresslabel.com>
>>> wrote:
>>>
>>> Cross posting to this mailing list.
>>>
>>> Dominique
>>>
>>> A new version of I-D, draft-lazanski-smart-users-internet-00.txt
>>> has been successfully submitted by Dominique Lazanski and posted to the
>>> IETF repository.
>>>
>>> Name:        draft-lazanski-smart-users-internet
>>> Revision:    00
>>> Title:        An Internet for Users Again
>>> Document date:    2019-07-08
>>> Group:        Individual Submission
>>> Pages:        12
>>> URL:
>>> https://www.ietf.org/internet-drafts/draft-lazanski-smart-users-internet-00.txt
>>> Status:
>>> https://datatracker.ietf.org/doc/draft-lazanski-smart-users-internet/
>>> Htmlized:
>>> https://tools.ietf.org/html/draft-lazanski-smart-users-internet-00
>>> Htmlized:
>>> https://datatracker.ietf.org/doc/html/draft-lazanski-smart-users-internet
>>>
>>>
>>> Abstract:
>>>   RFC 3552 introduces a threat model that does not include endpoint
>>>   security. In the fifteen years since RFC 3552 security issues and
>>>   cyber attacks have increased, especially on the endpoint. This
>>>   document proposes a new approach to Internet cyber security protocol
>>>   development that focuses on the user of the Internet, namely those
>>>   who use the endpoint and are the most vulnerable to attacks.
>>> --
>>> Smart mailing list
>>> Smart@irtf.org
>>> https://www.irtf.org/mailman/listinfo/smart
>>>
>>>
>>> _______________________________________________
>>> Secdispatch mailing list
>>> Secdispatch@ietf.org
>>> https://www.ietf.org/mailman/listinfo/secdispatch
>>>
>>
>>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email