[SEA-exec] FW: NCSC Protocol Design Principles

Weiss, Howard Howard.Weiss at parsons.com
Wed Dec 2 14:20:19 UTC 2020


For Your Information especially since the SecWG has been interested in developing a secure software document.

Regards

howie

----------

HOWARD WEISS, CISSP
7110 Samuel Morse Dr, Suite 200
Columbia, MD 21046
howard.weiss at parsons.com
443-430-8089 (office) / 443-494-9087 (mobile)

[cid:image001.png at 01D6C88C.58EE7ED0]

From: saag <saag-bounces at ietf.org> On Behalf Of Andrew S2
Sent: Wednesday, December 2, 2020 8:46 AM
To: saag at ietf.org; model-t at iab.org
Subject: [EXTERNAL] Re: [saag] NCSC Protocol Design Principles

Apologies for the broken links, the links below should work correctly.

Andrew

From: Andrew S2
Sent: 02 December 2020 13:42
To: saag at ietf.org<mailto:saag at ietf.org>; model-t at iab.org<mailto:model-t at iab.org>
Subject: NCSC Protocol Design Principles


Hi all,



NCSC published its Protocol Design Principles white paper this week: https://www.ncsc.gov.uk/whitepaper/protocol-design-principles [ncsc.gov.uk]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ncsc.gov.uk_whitepaper_protocol-2Ddesign-2Dprinciples&d=DwMFAg&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=dT3K0y3n0RD9-56k-UVMPMP98PIQRd2Kzfa-AwqQOww&m=qnUiG-5l-0mOHJb9TgOay850sJlaQOTHdxPjpyJaOnM&s=Q0EJdegklqY_sE9Gu8GX-_MHx9Ymg8m93bVMQaAFGzc&e=>. These principles have been written with the primary aim of helping protocol designers consider a range of issues relevant to security, but also to aid deployers and implementers in assessing protocols. The principles put user needs at the heart of the design process.



The paper outlines some of the major changes that have taken place with the internet over recent years, and outlines motivating goals for user security. In the context of these changes, and security goals, the paper defines three main principles:

1.                      Prioritise the use case

2.                      Keep it simple

3.                      Think about the bigger picture

Each of these includes detailed sub-principles that aim to help designers meet the motivating security goals in today's technology landscape.



Our goal of seeing protocols designed securely for the internet naturally has parallels with the IETF's work and, in particular, this white paper could be of interest to the IAB's model-t programme. The key first step in designing a protocol securely is, as we cover in the paper, to define the threat model it operates in.



We believe this paper will be of particular interest to those involved in model-t as well as the security area more widely.



We hope you find these principles useful, and we welcome any feedback, either by email to pdpfeedback at ncsc.gov.uk<mailto:pdpfeedback at ncsc.gov.uk> or via our GitHub page at https://github.com/ukncsc/protocol-design-principles [github.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ukncsc_protocol-2Ddesign-2Dprinciples&d=DwMFAg&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=dT3K0y3n0RD9-56k-UVMPMP98PIQRd2Kzfa-AwqQOww&m=qnUiG-5l-0mOHJb9TgOay850sJlaQOTHdxPjpyJaOnM&s=hjdvtTcPYS_zgwzvDKfQAkHbE6fXjfuOIm1hEKri8Dc&e=>.



Many thanks,

Andrew











This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg at ncsc.gov.uk<mailto:ncscinfoleg at ncsc.gov.uk>. All material is UK Crown Copyright (c)

NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sea-exec/attachments/20201202/3eb93fca/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 9996 bytes
Desc: image001.png
URL: <http://mailman.ccsds.org/pipermail/sea-exec/attachments/20201202/3eb93fca/attachment-0001.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://mailman.ccsds.org/pipermail/sea-exec/attachments/20201202/3eb93fca/attachment-0001.txt>


More information about the SEA-EXEC mailing list