Re: Security for various IETF services
Dick Franks <rwfranks@acm.org> Sun, 06 April 2014 19:28 UTC
Return-Path: <rwfranks@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B86731A0283 for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 12:28:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GCq9HRD0M6J for <ietf@ietfa.amsl.com>; Sun, 6 Apr 2014 12:28:39 -0700 (PDT)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 2C02A1A026E for <ietf@ietf.org>; Sun, 6 Apr 2014 12:28:39 -0700 (PDT)
Received: by mail-yh0-f48.google.com with SMTP id z6so5023113yhz.7 for <ietf@ietf.org>; Sun, 06 Apr 2014 12:28:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=XFExA2q8Px6NjDhx6WFk6DB3cxcOAJPpu+QSQ1WMOxo=; b=oCqjJ1c/YGoNUuEjQFNBq7dAk/FQGVBjOzz61yKX7JsfXt0uIGAnBgZdEIbKsLNEYB K2xTC0cNGFDoJBIXpwp3E8PkSL5Rdd39EvCXKZJIPCHBMrr8/b4xgyt9LD7eyvgfWOCK E6sl7sSyD/lmtegaucBtkzu8z0ihWAv6YuKsnO9XszJqchoeYxhP9mxrkfEMUiupnYLV mOrQBrwPfBMCKB1081x9a3xBWKfSojru5Z9RU3D+FPIOopBIUAsS72jFcOO/dpAhJBat bksSNeq5BGvhZuaC0ZxB9oIfEbXg+aT5bMyPVIfXr82VyJczMbaz4G/y4P1Lh5nMvP08 6SDw==
X-Received: by 10.236.2.37 with SMTP id 25mr3924969yhe.123.1396812513675; Sun, 06 Apr 2014 12:28:33 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.170.129.143 with HTTP; Sun, 6 Apr 2014 12:27:52 -0700 (PDT)
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E779EEBF@EXMB01CMS.surrey.ac.uk>
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <CAKW6Ri5_Ty6rVsMTBKXEjC6r7Mg-o8pZoLQP+yJ4pBwqOF-nYw@mail.gmail.com> <533F0C7B.9090705@isdg.net> <CAKW6Ri699AuEOf-qf-iZ7vNdD7iEdF4uEnwX-HGB31EshJ_OXQ@mail.gmail.com> <53400355.7030807@isdg.net> <290E20B455C66743BE178C5C84F1240847E779EEBF@EXMB01CMS.surrey.ac.uk>
From: Dick Franks <rwfranks@acm.org>
Date: Sun, 06 Apr 2014 20:27:52 +0100
X-Google-Sender-Auth: xI7MLIQBlzfh708P9bfWXQwHLTY
Message-ID: <CAKW6Ri6jD4=pMdE_nsSnqyg6sKDT29_69_9jf=vfT2z6au7hNQ@mail.gmail.com>
Subject: Re: Security for various IETF services
To: l.wood@surrey.ac.uk
Content-Type: multipart/alternative; boundary="089e0112c5e6b2119c04f664c117"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/AM9RStYjtwWQmyweGiQqv-MxJp4
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 19:28:44 -0000
On 5 April 2014 14:40, <l.wood@surrey.ac.uk> wrote: > "I didn't see anything that stood out. Are you referring to his why > question? Really? It seems others answered why." > > they did not. > > Other noises off-stage are rrelevant The author(s) of the proposal MUST provide the threat model for each service and a reasoned argument why the proposed action mitigates the identified threat or threats. Engineering best practice demands no less. Transparent decision process demands no less. Ignoring Lloyd Wood's question is not an option. Dick Franks
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent