IETF Logo Mail Archive

Re: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

Paul Wouters <paul@nohats.ca> Sat, 08 August 2020 04:53 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DAE63A0CF9; Fri, 7 Aug 2020 21:53:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BaIEpg7l6z6; Fri, 7 Aug 2020 21:53:28 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B68963A0CF3; Fri, 7 Aug 2020 21:53:27 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4BNqcN5JJ2z3Bx; Sat, 8 Aug 2020 06:53:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1596862404; bh=1NxY3JmA5sel/P/Qz05q25nJjWh0Iqjkn4bKYY0XGoo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=PneK16TOgDXCsX6UnqqKqS+FIdmUC/B+2WmOJmiWe4P4mcEkckSN8ATslFvKhCAl8 TQ0D5krhkXhpzRfie7SqFDHLCgmeNwd11EoONEs5eSoNJbU1DpnyI8DInvXkuTEcuq Slf1nLN1emu50uj2VJkwJ/S4jQYzYRK8YBak5PSY=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id UjqyQSURofge; Sat, 8 Aug 2020 06:53:23 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 8 Aug 2020 06:53:23 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C1ECF6020F26; Thu, 6 Aug 2020 18:58:56 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B98D9669F1; Thu, 6 Aug 2020 18:58:56 -0400 (EDT)
Date: Thu, 06 Aug 2020 18:58:56 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jay Daley <jay@ietf.org>
cc: Christopher Morrow <morrowc.lists@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
In-Reply-To: <0BB5CABB-4CAE-459A-AA0A-8CD761AF63CA@ietf.org>
Message-ID: <alpine.LRH.2.23.451.2008061857520.615067@bofh.nohats.ca>
References: <965FAE2A-59D2-4D4B-8D95-76B84483C379@cable.comcast.com> <CAL9jLaa-oJ_Ogp0g8eGH3UOS2BqQ2dLD1Cfwjz6V3e+7kbHtsQ@mail.gmail.com> <0BB5CABB-4CAE-459A-AA0A-8CD761AF63CA@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/HQGoJ1yOypMo1dUhxjoQRIUiXCg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 04:53:30 -0000

On Fri, 7 Aug 2020, Jay Daley wrote:

>> Is the overall effort here really just framing what the security.txt
>> for all IETF-LLC properties/things should be?
>
> Is it your recommendation that we publish a security.txt?  If we were to then I would imagine it would do no more than point to this policy.

Please don't publish a security.txt file. See the previous discussions
on SAAG why security.txt is not useful, and actually harmful.

Paul

v2.23.0 | Report a Bug | By Email