IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Barry Leiba <barryleiba@computer.org> Wed, 15 January 2020 19:54 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FA8120972 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 11:54:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RU7_271cDtE7 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 11:54:35 -0800 (PST)
Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D6C012092D for <add@ietf.org>; Wed, 15 Jan 2020 11:54:35 -0800 (PST)
Received: by mail-oi1-f182.google.com with SMTP id c16so16643653oic.3 for <add@ietf.org>; Wed, 15 Jan 2020 11:54:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=urTg6boDzZAJ/4+Mqqesgn6FBJ2as9q8p3JZviGc5ZY=; b=NzD5Ywc37tYkPBTgnw505M52W1BeIyav8gvFOKZTaGYLjOJHUskt1gNjuoMDnvksPR 34is/flHLSZwNqEQR+gIMi7+O++SxeDNMYblryQRNBtuHRB8/Aje5if2m6/loraRDEse queq+nJiq8rRsBQD1k/CeLnxrgQ6O6Y7TAIQ1SVbg6/mQgizLtZ8XoUU1kvNc50L3YNr sfU9LMSep5o1YF/+Lvz3iJ4k/65RgdqsiSgwI2tJH/m8R6/qpDLSelfZnFGOi9QLgTKi iDNUFLaUST7qrIrDsOwmXssH42QE1v2TeawG3FVlXwmYUZksxBbAk9JEXF1trv78WcxL QzSw==
X-Gm-Message-State: APjAAAUodnfMyVIO6tNgi6iMLnmcNZ8BpwMN9WDdIPxD32wXIJAJYISB znB7m6CxREwslgw3Nhlkw6mAWYKMnZn6tJWjXWQ=
X-Google-Smtp-Source: APXvYqxUmfWGkDnca+XDPEQNiNXm27cQqRnguR3XEnHsVefv1/8NuynVv0f2x7VRqVxKkcb0ivaX0kjb8j43TYwEKfM=
X-Received: by 2002:a05:6808:3c2:: with SMTP id o2mr1199315oie.145.1579118074257; Wed, 15 Jan 2020 11:54:34 -0800 (PST)
MIME-Version: 1.0
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org> <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com> <24095.13730.124469.943932@gro.dd.org> <87B74D88-8991-4F16-8AF6-8435BDB60AB1@fugue.com>
In-Reply-To: <87B74D88-8991-4F16-8AF6-8435BDB60AB1@fugue.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 15 Jan 2020 14:54:22 -0500
Message-ID: <CAC4RtVB5HZUs1qpX3qWqbyshYiQCqeM1sGmvLVzQqwEEx7kAQQ@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Dave Lawrence <tale@dd.org>, ADD Mailing list <add@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/4KWTMqrVgS8aEcaSOAEATW-trh0>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 19:54:36 -0000

I understand the interest in a statement such as this, but I don't
really see a need for it: We have established needs for Security
Considerations, we have Security ADs who will be checking for proper
coverage, and we're most likely to include an assigned technical
advisor from the Security Area when we establish the working group.

So, while some sort of discussion in the charter might not be harmful,
it doesn't seem necessary and seems sure to cause a lot of angst in
getting agreement on the wording.

Barry

On Wed, Jan 15, 2020 at 11:19 AM Ted Lemon <mellon@fugue.com> wrote:
>
> On Jan 15, 2020, at 10:54 AM, Dave Lawrence <tale@dd.org> wrote:
> > That's where I am on this.  I like the proposal as a whole and just
> > think this little bit on the security properties needs tweaking.  I've
> > got to run at the moment though and apologize for not having a
> > concrete proposal for the tweak.
>
> In case it’s not obvious, this is what I was proposing for a tweak:
>
> Any specification must include a clear and thorough discussion of the privacy and security implications of using the method or methods it describes.  Methods where a mechanism that cannot be cryptographically validated for integrity or which do not provide a cryptographically validatable trust establishment mechanism will clearly describe the use case(s) in which such an override is thought to be needed, should have a clear applicability statement limiting the scope of the specification to those use case(s), and should clearly describe the risks and benefits of such a choice.
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add

v2.23.0 | Report a Bug | By Email