On Mon, Aug 9, 2021 at 3:26 PM Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
On Mon, Aug 09, 2021 at 02:46:22PM -0400, Phillip Hallam-Baker wrote:
> While I agree with what you are saying about Fastly, Cloudflare etc, I am
> very much aware of what they are doing. But you are overlooking one very
> important qualifier, they didn't just deploy and forget, they are
> actively monitoring. and adapting their approach to reflect changing
> circumstances.
>
> If someone is going to sell any mitigation measure for any form of attack,
> they are going to have to continuously monitor performance or they will be
> quickly overwhelmed.
Right, unmonitored security is an oxymoron.
> One lesson that most of us in the security area have learned but some
> obstinately refuse to learn is that it is the fault of implementers if the
> user can't use a system securely and it is the fault of designers and
> architects if zero effort security is not possible.
I don't think you can literally have "zero effort", since monitoring is
never zero effort. The closest thing we know how to do at close to
"zero effort" is unauthenticated opportunistic security, as a defence
against pervasive monitoring. And even there, the server operator still
has to make some minimal effort to ensure the TLS stack is not broken.
Years ago, I started talking about 'zero trust' as something that was reachable by using cryptography to encrypt data at rest in the cloud. I don't believe that to be the best approach any more. Trusting two parties 50% is much better than trusting one party 100% and another 0%. Since some actions inherently require trust, all you can do is to limit the scope and manage it.
But even so, zero trust is a pretty useful marketing slogan that gets an idea across and I discovered someone else used it six months before I did so I am in the clear.
Zero effort security is the amount of security that can be delivered without a net effort from the users or the system administrators. I think I can provide quite a bit - full end to end encryption of data in transit and at rest.
Is that enough for every application? Of course not. The CIA/NSA etc will always have more comprehensive needs and they are going to need that feedback info. But for regular commercial applications with regular people, that is the best enterprise security we are going to get in the next decade or so.
