Re: Security for various IETF services

Dick Franks <rwfranks@acm.org> Sun, 06 April 2014 19:28 UTC

Return-Path: <rwfranks@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B86731A0283 for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 12:28:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GCq9HRD0M6J for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 12:28:39 -0700 (PDT)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 2C02A1A026E for <ietf@ietf.org>; Sun, 6 Apr 2014 12:28:39 -0700 (PDT)
Received: by mail-yh0-f48.google.com with SMTP id z6so5023113yhz.7 for <ietf@ietf.org>; Sun, 06 Apr 2014 12:28:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=XFExA2q8Px6NjDhx6WFk6DB3cxcOAJPpu+QSQ1WMOxo=; b=oCqjJ1c/YGoNUuEjQFNBq7dAk/FQGVBjOzz61yKX7JsfXt0uIGAnBgZdEIbKsLNEYB K2xTC0cNGFDoJBIXpwp3E8PkSL5Rdd39EvCXKZJIPCHBMrr8/b4xgyt9LD7eyvgfWOCK E6sl7sSyD/lmtegaucBtkzu8z0ihWAv6YuKsnO9XszJqchoeYxhP9mxrkfEMUiupnYLV mOrQBrwPfBMCKB1081x9a3xBWKfSojru5Z9RU3D+FPIOopBIUAsS72jFcOO/dpAhJBat bksSNeq5BGvhZuaC0ZxB9oIfEbXg+aT5bMyPVIfXr82VyJczMbaz4G/y4P1Lh5nMvP08 6SDw==
X-Received: by 10.236.2.37 with SMTP id 25mr3924969yhe.123.1396812513675; Sun, 06 Apr 2014 12:28:33 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.170.129.143 with HTTP; Sun, 6 Apr 2014 12:27:52 -0700 (PDT)
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E779EEBF@EXMB01CMS.surrey.ac.uk>
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <CAKW6Ri5_Ty6rVsMTBKXEjC6r7Mg-o8pZoLQP+yJ4pBwqOF-nYw@mail.gmail.com> <533F0C7B.9090705@isdg.net> <CAKW6Ri699AuEOf-qf-iZ7vNdD7iEdF4uEnwX-HGB31EshJ_OXQ@mail.gmail.com> <53400355.7030807@isdg.net> <290E20B455C66743BE178C5C84F1240847E779EEBF@EXMB01CMS.surrey.ac.uk>
From: Dick Franks <rwfranks@acm.org>
Date: Sun, 6 Apr 2014 20:27:52 +0100
X-Google-Sender-Auth: xI7MLIQBlzfh708P9bfWXQwHLTY
Message-ID: <CAKW6Ri6jD4=pMdE_nsSnqyg6sKDT29_69_9jf=vfT2z6au7hNQ@mail.gmail.com>
Subject: Re: Security for various IETF services
To: l.wood@surrey.ac.uk
Content-Type: multipart/alternative; boundary=089e0112c5e6b2119c04f664c117
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/AM9RStYjtwWQmyweGiQqv-MxJp4
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 19:28:44 -0000

On 5 April 2014 14:40, <l.wood@surrey.ac.uk> wrote:

> "I didn't see anything that stood out. Are you referring to his why
> question?  Really?  It seems others answered why."
>
> they did not.
>
> Other noises off-stage are rrelevant

The author(s) of the proposal MUST provide the threat model for each
service and a reasoned argument why the proposed action mitigates the
identified threat or threats.

Engineering best practice demands no less.

Transparent decision process demands no less.

Ignoring Lloyd Wood's question is not an option.


Dick Franks