Skip to main content

Challenges and Changes in the Internet Threat Model

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Jari Arkko , Stephen Farrell
Last updated 2021-01-14 (Latest revision 2020-07-13)
Replaces draft-farrell-etm
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Communications security has been at the center of many security improvements in the Internet. The goal has been to ensure that communications are protected against outside observers and attackers. This memo suggests that the existing RFC 3552 threat model, while important and still valid, is no longer alone sufficient to cater for the pressing security and privacy issues seen on the Internet today. For instance, it is often also necessary to protect against endpoints that are compromised, malicious, or whose interests simply do not align with the interests of users. While such protection is difficult, there are some measures that can be taken and we argue that investigation of these issues is warranted. It is particularly important to ensure that as we continue to develop Internet technology, non-communications security related threats, and privacy issues, are properly understood.


Jari Arkko
Stephen Farrell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)