IETF Logo Mail Archive

[dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting

Ollie IETF <ietf@olliejc.uk> Sat, 03 December 2022 15:23 UTC

Return-Path: <ietf@olliejc.uk>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1997EC1522C5 for <dispatch@ietfa.amsl.com>; Sat, 3 Dec 2022 07:23:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=olliejc.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFg9p7hdaUik for <dispatch@ietfa.amsl.com>; Sat, 3 Dec 2022 07:23:48 -0800 (PST)
Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDBCBC1522BE for <dispatch@ietf.org>; Sat, 3 Dec 2022 07:23:47 -0800 (PST)
Date: Sat, 03 Dec 2022 15:23:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=olliejc.uk; s=protonmail3; t=1670081025; x=1670340225; bh=nWTkaz/anY9oGLc1wYa9EuvKp0VVxnz2cnScBpG9mW4=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=jaTiJl1ScA824G/bteECM/hNrf5zneU3egnUZwhrytxIOpTQuqkD4vqnjS0mqqnLY RdOWilhA/sCL71asI1qsaiENHXHOGSr6oYnacHGxAOAa1/TnxUk+8U16qbZKbSXEB1 qlv41Jajavs7EoUIG6nMs7hBgEu77OfzwFbovkyCvj/FOj/TzVlHyxcftZKaMYf4JA VOhy5z0CXXlU/syB1paJYG5Xbpfu03dUFSEnPGG4U+axJ2oIjXpCGx7S1yxVEjT/xU No9ZgTWNP89dUEcgJyxaUEETaYY0x1kv1aJDzn683qIFaXaq0zm1xzve++ROeJjC+j CEleqAFd4cUWw==
To: dispatch <dispatch@ietf.org>
From: Ollie IETF <ietf@olliejc.uk>
Message-ID: <Pz04VxP2fVxjR8KuzgdQMGsk7cFWlEmb9yHyM6_DVhtPs--WQVWJ1ZlFbhzNWWtXd5M_ipGJw1LmBAE4ulr8vCd7nKcL-t8tBaBtPGyWZzY=@olliejc.uk>
In-Reply-To: <DpQ5uHELA0lH7BVEVwYLzRqEKkYJcW5Rgf9heoiLMD-qvhF-0x1xTsKQXCLf0M1umhYJqX8b-rvHlOt-cfnMPIUzcBFv1oFnnNEWbFy5GT8=@olliejc.uk>
References: <DpQ5uHELA0lH7BVEVwYLzRqEKkYJcW5Rgf9heoiLMD-qvhF-0x1xTsKQXCLf0M1umhYJqX8b-rvHlOt-cfnMPIUzcBFv1oFnnNEWbFy5GT8=@olliejc.uk>
Feedback-ID: 63001471:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_oZflBQVfu5Qy5rTg3bkVLzs5Fk8AOrNENpmoFKf2vw"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/L4Mu6uTixwHzGDhNEHM-ILGC8uQ>
Subject: [dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Dec 2022 15:23:53 -0000

Hi all,

I'm still figuring out the IETF processes (e.g. I first emailed secdispatch and was directed here!), so I'm hoping for guidance, support and insight on how to progress this project. I think either a WG or BOF is a good next step but I'm looking to understand what's involved and what makes a well received group.

The scantxt project (https://www.scantxt.org / https://github.com/scantxt) I'm pulling together aims to develop a set of mechanisms for both scan recipients (website/infrastructure operators) to indicate their preferences and verify scans, and scanning tools to identify themselves and report findings in a consistent way.

There's a number of streams here (opt-in/out, identification, verification, notification, and reporting) and so my thinking is they would probably be developed separately but coordinated, so a WG makes sense to me?

I've got quite a bit of notes/draft/examples up on the repo and site, but I'm of course happy to delve into any of the detail here.

Thanks,
Ollie

v2.23.0 | Report a Bug | By Email