IETF Logo Mail Archive

Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

Rob Sayre <sayrer@gmail.com> Thu, 06 August 2020 20:13 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7AA93A0E73 for <ietf@ietfa.amsl.com>; Thu, 6 Aug 2020 13:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwp-NCtR5pzD for <ietf@ietfa.amsl.com>; Thu, 6 Aug 2020 13:13:54 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80FCD3A0E4A for <ietf@ietf.org>; Thu, 6 Aug 2020 13:13:54 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id v6so35652993iow.11 for <ietf@ietf.org>; Thu, 06 Aug 2020 13:13:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4fUGg5yrfeuwpNpuZNGlo1l9Wm98ZudNjhkN2AAMnmY=; b=aTf/DMwyyg/9B7/B4G4Ta6sCnKQPX+86sWbNRp8SLXOZ5IhIXsqHiEjcYzXC7ZisXV yyE2RV53gb7NOeMz6YS+GtrWAkf7LrJ8vMCveaJKSCYNNY9NUzSXb4+1NhUfnTISNV9i HKe6ZAPulCgYsWMAPHFwgsEpE3/xsvg8nhFCs8sGk17UJIgOp8blT4AC30EY0ZDHZyoY AG3JI1ZdkQrAa4ShrgCGbAWm2rAnNHbCN/kx/ZIXBMa1/3ET/86ZmageOksfUBB6ZWu0 K80XHR5p1GDxj75vXTmCCuUpEFChdPb7tZ82zb3VkJDoFU/KIVnyffka6H2HL5bOQ2Xr oqtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4fUGg5yrfeuwpNpuZNGlo1l9Wm98ZudNjhkN2AAMnmY=; b=WogDlrormS5ky2iU8OPXkTz/JX8Aq/JywjKH/w0pHSFON1wMQfGiqFpd36D1VHhRPq p4Ys0qPrENShcI0lM8q4sCo7YFQHUmHhzjLWx2U7xKB4Ol1wHBAqJgS/UqC+5wO3pD3D bNQvjw0mmY+t1KpRQRJk27qPxU2DvE4qrp8PcvNWhF97P8NAOUq6wC8Y7anF2Jn7Sd7x w7GWwx0CIzdOSJYwYeK6o58EfyPQwHOty00JXBj1fwv8zG2OkYDngFT+VOm+zCrlp/Fu YcXDn06nmPu4QRe5etaujIiaE5Xzb6QdSjLPl+mZswmrIaPM5J/uDbBvdS6cFRBa4LWY 7RpQ==
X-Gm-Message-State: AOAM530FVymKKMFfESnHeMQEMncYw6ClryO5t3AlVFKUWol5yGYTB3ws ks/8b0CQRUxTCGA9aOz5Iie5fiJ7Gy66ozHvgmw=
X-Google-Smtp-Source: ABdhPJw9RVliU6PPpc7XrQvvZgdb3pGfpNbj+7TCAAwq/McdCbHyTap1BZ/oILQkwSYcLXEy9r0uxfn616msWOedZvI=
X-Received: by 2002:a02:29ca:: with SMTP id p193mr697760jap.131.1596744833867; Thu, 06 Aug 2020 13:13:53 -0700 (PDT)
MIME-Version: 1.0
References: <B8EC2B88-81B7-47F4-A9DF-34A49077857E@cable.comcast.com> <C20C9BA2-549D-4326-B77E-D8E6A2DE7511@akamai.com> <CAChr6SzXswgpjUJUWN=xhB2QiBn7FYEUJYos1+5WTjS_3oantg@mail.gmail.com> <2C8B2840-D0D1-450A-94D2-1408D4014FC7@cable.comcast.com> <DCFC58DE-4AF3-4FDA-8EFC-90CDB794D5DE@akamai.com> <82E0D508-39FC-4A06-A77D-E267D71AA024@akamai.com>
In-Reply-To: <82E0D508-39FC-4A06-A77D-E267D71AA024@akamai.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 06 Aug 2020 13:13:42 -0700
Message-ID: <CAChr6SxE=g5DAN=ffw4d3ZPxLDh6LDdxTO8zu=ZC8fQq+nbOuA@mail.gmail.com>
Subject: Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Livingood, Jason" <Jason_Livingood@comcast.com>, "ietf@ietf.org" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009ea28405ac3b20ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3PjRDqst0qmFN019eOLKBYzq9Nw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 20:13:56 -0000

On Thu, Aug 6, 2020 at 1:05 PM Salz, Rich <rsalz@akamai.com> wrote:

> And just to make it very explicit: I don’t discount Rob’s experiences,
> they’re just different from mine.
>

With the IETF website, I'd worry about hacking the mailing lists, changing
RFC text, stuff like that. And the bugs would probably be down to unpatched
software, although there do seem to be some bespoke parts as well.

Definitely prank-level stuff, but more expensive to clean up vs paying a
bounty.

thanks,
Rob

v2.23.0 | Report a Bug | By Email