Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 12 July 2019 01:22 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D092912004D for <smart@ietfa.amsl.com>; Thu, 11 Jul 2019 18:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.107
X-Spam-Level:
X-Spam-Status: No, score=-0.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.247, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apt3BJgLtQCQ for <smart@ietfa.amsl.com>; Thu, 11 Jul 2019 18:22:58 -0700 (PDT)
Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0F26120046 for <smart@irtf.org>; Thu, 11 Jul 2019 18:22:57 -0700 (PDT)
Received: by mail-oi1-f182.google.com with SMTP id a127so6067977oii.2 for <smart@irtf.org>; Thu, 11 Jul 2019 18:22:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9ecN4iBbnw+hXvnaekRcOElqsxLz1fQ2oWQJsrPq18M=; b=ZzYToEROXX6OEHOHFz2JWJBQolgwO0hxBCov8fbaUX5vFchCLxJOLJfLsnDuV27c6/ CjMpYB1GPGzmhi3J+5KpezWxLAYjx9zY02XJJ+s+1G0fK/tVV+gVW778PJ8VtbjhRqhm faezOn5dqZM+j7pXU4EHu4dLr3xWPBA4SoEUM63F61nBcm2hDamjITFu110iIHhhUzHw 0W0YHZHvDGdkqBAQLvV6a+rOzs5NwpVZpKxWAGq2e38LyAtzJb6iaASGo4dWuHtq/j+V YCBpDxrFL1h8f+Rop3oyGNvA/B/Gzdvy16Wx7fH0helP1Ku4U6ms5QZZ33K5B8lK8LRD gvMg==
X-Gm-Message-State: APjAAAXnDDm6Byg6KNVIEjPzxmP9RNxBcRTcquGUqrrI/zVboqXigkdd HEyi+XsmmpG8ISqT/F5BzOYk5p9N7BKzcDyPC7o=
X-Google-Smtp-Source: APXvYqwSaGw2w0yO6HOBAxpEI5oNV7ssmnCozEbk8aVj0/glzfzjJXgim5n2GMY4oL6hKJV+1AChPUTQ+XP6wxpakc0=
X-Received: by 2002:aca:bfd4:: with SMTP id p203mr4533947oif.95.1562894576883; Thu, 11 Jul 2019 18:22:56 -0700 (PDT)
MIME-Version: 1.0
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com>
In-Reply-To: <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 11 Jul 2019 21:22:47 -0400
Message-ID: <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: Dominique Lazanski <dml@lastpresslabel.com>, smart@irtf.org, IETF SecDispatch <Secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000139cb3058d71c04f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/YHlotouzIoNVRRINBHE6HaTWjy0>
X-Mailman-Approved-At: Fri, 12 Jul 2019 05:22:20 -0700
Subject: Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 01:23:00 -0000
It is an interesting read. But I see a very important distinction that needs to be made between compromise of user end points and compromise of server end points. Most breaches that occur are when an enterprise is penetrated and the firewall is the first and last line of defense. So Percy the Pinhead clicks on a link in an email and six hours later the attacker has root privilege on the corporate server. This is not Percy's fault, the fault is that a single mistake by a single employee results in compromise of data Percy was never authorized to access. So right now we have systems where one compromise at any one of 10,000 endpoints results in a breach. Now lets consider using some 1980s style end to end cryptography. So that the ultra important recipe data is only available to the dozen members of group. This improves matters because we have reduced the points of compromise from 10,000 cooks and service staff to 12 trusted employees. That is a start but we are still vulnerable to a single end point compromise so lets apply threshold cryptography so members of group W only have one half of the decryption key, the other is on the server and both halves of the key are needed to perform decryption. In this scenario, we now require two separate compromises of two different end points. On Wed, Jul 10, 2019 at 11:29 AM Bret Jordan <jordan.ietf@gmail.com> wrote: > Dominique, > > I have read over your draft, and I think it highlights some very key > things we all need to look at and address. Thanks for putting these ideas > down on paper. Hopefully this I-D can help us all start a broader > discussion to improve things. > > SMART / SecDispatch, > > If you have not yet read this I-D, I would encourage you to look at it. > It is a very fast read. > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that > can not be unscrambled is an egg." > > On Jul 8, 2019, at 12:54 PM, Dominique Lazanski <dml@lastpresslabel.com> > wrote: > > Cross posting to this mailing list. > > Dominique > > A new version of I-D, draft-lazanski-smart-users-internet-00.txt > has been successfully submitted by Dominique Lazanski and posted to the > IETF repository. > > Name: draft-lazanski-smart-users-internet > Revision: 00 > Title: An Internet for Users Again > Document date: 2019-07-08 > Group: Individual Submission > Pages: 12 > URL: > https://www.ietf.org/internet-drafts/draft-lazanski-smart-users-internet-00.txt > Status: > https://datatracker.ietf.org/doc/draft-lazanski-smart-users-internet/ > Htmlized: > https://tools.ietf.org/html/draft-lazanski-smart-users-internet-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-lazanski-smart-users-internet > > > Abstract: > RFC 3552 introduces a threat model that does not include endpoint > security. In the fifteen years since RFC 3552 security issues and > cyber attacks have increased, especially on the endpoint. This > document proposes a new approach to Internet cyber security protocol > development that focuses on the user of the Internet, namely those > who use the endpoint and are the most vulnerable to attacks. > -- > Smart mailing list > Smart@irtf.org > https://www.irtf.org/mailman/listinfo/smart > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >
- [Smart] New Version Notification for draft-lazans… Dominique Lazanski
- Re: [Smart] New Version Notification for draft-la… Bret Jordan
- Re: [Smart] New Version Notification for draft-la… Arnaud.Taddei.IETF
- Re: [Smart] [Secdispatch] New Version Notificatio… Phillip Hallam-Baker
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Kathleen Moriarty
- Re: [Smart] [Secdispatch] New Version Notificatio… Stephen Farrell
- Re: [Smart] [Secdispatch] New Version Notificatio… Kathleen Moriarty
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Eric Rescorla
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Eric Rescorla
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Eric Rescorla
- Re: [Smart] [Secdispatch] New Version Notificatio… Stephen Farrell
- Re: [Smart] [Secdispatch] New Version Notificatio… Phillip Hallam-Baker
- Re: [Smart] [Secdispatch] New Version Notificatio… Phillip Hallam-Baker
- Re: [Smart] [Secdispatch] New Version Notificatio… Phillip Hallam-Baker
- Re: [Smart] [Secdispatch] New Version Notificatio… Eliot Lear
- Re: [Smart] [Secdispatch] New Version Notificatio… Eliot Lear
- Re: [Smart] [Secdispatch] New Version Notificatio… Eric Rescorla
- Re: [Smart] [Secdispatch] New Version Notificatio… Eliot Lear
- Re: [Smart] [Secdispatch] New Version Notificatio… Kathleen Moriarty
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Eric Rescorla
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Phillip Hallam-Baker
- Re: [Smart] [Secdispatch] New Version Notificatio… Eliot Lear
- Re: [Smart] [Secdispatch] New Version Notificatio… Bret Jordan
- Re: [Smart] [Secdispatch] New Version Notificatio… Mark O