Re: [Smart] CLESS Reset - Open Call Thursday 14th of May at 6pm CET / 9am PST
Mallory Knodel <mknodel@cdt.org> Wed, 01 July 2020 15:54 UTC
Return-Path: <mknodel@cdt.org>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 713373A0F58 for <smart@ietfa.amsl.com>; Wed, 1 Jul 2020 08:54:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3Ob6Hmr13XD for <smart@ietfa.amsl.com>; Wed, 1 Jul 2020 08:54:27 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEDA93A1101 for <smart@irtf.org>; Wed, 1 Jul 2020 08:54:23 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id j80so22648144qke.0 for <smart@irtf.org>; Wed, 01 Jul 2020 08:54:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=KZ3OnP6VtH/2xC5nAhYDnJJLJDxEaqCQL9kUMViq3RA=; b=L84Sgyht4/6ablHBolgDE1AgKknd6YsnN+Q7HfJ/Fa1H0cvG9VMRplBUfnFgaGUV/h +N7jA/8x6F2stdcRoqNpPzUjxoO/+mf52CcU+95IJe/1NWi4jR7wssrN7wfoUZlrn4Dk +C2n01y9SVTZMnCnj9uJCqmtuib0ijpewwtoY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=KZ3OnP6VtH/2xC5nAhYDnJJLJDxEaqCQL9kUMViq3RA=; b=JFNjPimL7vvAe+NY0Zg39cv9h5cU/dLBJhblC9U/owR2SioM4SNMF1donfLjdYyI35 q12UkOH0LU2W+1E4Xaluknlz5MQVTsCX/utttQoAS0WL0eOJMHE5heSTtK7P8FL4cJrO 3XRTBoyTKLiapoExU75M4fDsHi5fz13r0WDmaQsx0EGVbdDYDq/hO/ukVDbkVSc9sGQo Rb1etVl6COPqROJk/9s8GB1AJccIYkzOBX4o0Uq4LWqUMcCkeAU8fV8gMFG43Jqx9AfY YZ1F5toFUBMoEp/PMSurJd151NUpkGFp+jGCXLoqMpdtDC3XbiV9q870ZxKNydkYLw9e WsAQ==
X-Gm-Message-State: AOAM532Pn90foQMno5xWxH8qAsiDLRrG1dcremSunZe/5EWIeZnWaPFG MXYl2RmtgUxtgTlkbCbhCzYvQw==
X-Google-Smtp-Source: ABdhPJweP9YuNigUM67YYSEmTFHxunrzZ0nHKOdP3lqh0Ra4NSlK/BSUTcXhdUp9ZqaHeupHOKSWMw==
X-Received: by 2002:a37:6191:: with SMTP id v139mr25766181qkb.213.1593618862371; Wed, 01 Jul 2020 08:54:22 -0700 (PDT)
Received: from Mallorys-MacBook-Air.local (c-73-163-188-207.hsd1.dc.comcast.net. [73.163.188.207]) by smtp.gmail.com with ESMTPSA id f4sm6048992qtv.59.2020.07.01.08.54.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 Jul 2020 08:54:21 -0700 (PDT)
To: "Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>, "smart@irtf.org" <smart@irtf.org>, ietf-privacy@ietf.org, Joey S <joeysalazar@article19.org>
References: <FJ2kH-U9Cd4JRTaEGFRVSWxw5InaWeno_5F9WDFwfkxy0GZQGfbT0yr6u8cIC23WK5dRf0Lcj1737qnfKiyQeR9Cz23LjwclhPK75M7MD4s=@protonmail.com>
From: Mallory Knodel <mknodel@cdt.org>
Message-ID: <ba5d318c-66b9-4538-235c-18d5e3bc7f4a@cdt.org>
Date: Wed, 01 Jul 2020 11:54:20 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.0
MIME-Version: 1.0
In-Reply-To: <FJ2kH-U9Cd4JRTaEGFRVSWxw5InaWeno_5F9WDFwfkxy0GZQGfbT0yr6u8cIC23WK5dRf0Lcj1737qnfKiyQeR9Cz23LjwclhPK75M7MD4s=@protonmail.com>
Content-Type: multipart/alternative; boundary="------------908B56A9351D6D3FFB81AC83"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/RLWYvByaQlgrMsgva_JjRxUc04U>
Subject: Re: [Smart] CLESS Reset - Open Call Thursday 14th of May at 6pm CET / 9am PST
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 15:54:30 -0000
Hi Arnaud, I reviewed this draft and have some feedback. Document that I reviewed: https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction <https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/> My review could be taken as a privacy review and I used the HRPC guidelines document as well. So, on to the review. The “perfect endpoint security solution” described on page 14 does contain some privacy/surveillance issues. Below are the relevant system features with my comments: 1.1 “monitor any behavior on the endpoint, including inbound and outbound network traffic, learn and identify normal behavior and detect and block malicious actions, even if the attack is misusing legitimate clean system tools or hiding with a rootkit,” doesn't acknowledge that there maybe conditions under which such monitoring becomes invasive for users. 1.2 “allow the endpoint to communicate with the other endpoints in the local network and globally, to learn from ’the crowd’ and dynamically update rules based on its findings,” might define some bar for the type of data collected and shared locally as well as limits on what would be done with that data. 1.3 “offers a reliable logging that can’t be tampered with, even in the event of system compromise,” doesn't define tampering, which in my view is too narrow anyway unless we can consider unauthorized copying and use to be tampering. Logging minimums and maximums are really important for user privacy, even if that isn't PII data. 2.1 When discussing the limits of endpoint security systems, it states “The other hidden dimension here is the economical aspect. Many manufacturer are reluctant to invest in IoT device security, because it can significantly increases [sic] the cost of their solution and there is the perception that they will lose market shares, as customers are not prepared to pay the extra cost for added security”. This is certainly a valid concern; however, it demonstrates the lack of responsibility held by companies who develop such products. I would actually place this exact wording into a paragraph about the limitations of non-endpoint-only security models insofar as they creates an easy out for profit seeking companies to avoid end-point-security. And on the other hand there is strong evidence that data privacy is a desired feature, as well as a minimum standard. 2.2 “A recent survey found that fewer than 10% of consumer IoT companies follow vulnerability disclosure guidelines at all, which is regarded as a basic first step in patching vulnerabilities (see [IOTPATCHING]). This indicates that many IoT devices do not have a defined update process or may not even create patches for most of the vulnerabilities,” which in turn indicates that this is a problem irregardless of endpoint-only or other security model, does it not? (In fact I think there's a huge amount of work that's needed to untangle limitations with endpoint-only only or any security model limitation, in general, which of course there are several! 2.3 In general I think this boils down to inconveniences and costs of the endpoint-only security model to companies, which isn't really the same as a limitation of the technology itself against what it aims to do. I would simply recommend removing these considerations completely. 3. The “perfect solution” portion of this proposal introduces a number of potential human rights issues, that RFC 8280 (also draft-irtf-hrpc-guidelines) were helpful in seeking out: 3.1 Censorship resistance: The draft discusses network filtering techniques to prevent malware, spam, etc to fully legitimate end, however it's important to treat and acknowledge the risk of over-blocking allowable user communications. 3.2 Pseudonymity: Related to data privacy shared previously, how must alternatives to endpoint-only security models compensate for the anonymisation of data provided by endpoint security? 3.3 Confidentiality: There is a clear trade off for the confidentiality between two endpoints for the purposes of local network security. Comments to this end have been pointed out and shared above, but, again, I see no serious treatment of attempting to make up for this fact. 4.1 Suggest changes to whitelist/blacklist along the lines of https://tools.ietf.org/html/draft-knodel-terminology 5. My strongest plea is if this draft is intended for the IRTF, that some reference to actual research on what is being, or can be, done in practice to secure networks despite the prevalence of endpoint-only security. For example if a company determines significant need it could fingerprint TLS, such as https://blogs.cisco.com/security/tls-fingerprinting-in-the-real-world. I'm interested in seeing research in SMART that accepts the state of the art as a given and advances forward-looking solutions. This draft feels like it's trying to roll back the tide. I suggest both a privacy and a human rights considerations section if this draft moves forward. -Mallory On 5/5/20 8:22 AM, Arnaud.Taddei.IETF wrote: > Dear all, after a too long pause I restarted to work on "CLESS" > https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ > <https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/> > > Given a number of contextual changes I would like to check with the > community on the direction to take with this work and would like to > get feedback. > > Call details: > Time: Thursday 14th of May at 6pm CET / 9am PST > Duration: 1h > Method: WebEx meeting 927523370 > https://broadcom.webex.com/meet/arnaud.taddei > <https://broadcom.webex.com/meet/arnaud.taddei> > > If you want to send me an email at arnaud.taddei@broadcom.com > <mailto:arnaud.taddei@broadcom.com> I can send you a calendar invite > > Thank you in advance and stay safe > > > Sent with ProtonMail <https://protonmail.com> Secure Email. > > -- Mallory Knodel CTO, Center for Democracy and Technology gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
- [Smart] CLESS Reset - Open Call Thursday 14th of … Arnaud.Taddei.IETF
- Re: [Smart] CLESS Reset - Open Call Thursday 14th… Mallory Knodel