IETF Logo Mail Archive

Re: A report on certain standards (was Re: United Nations report on Internet standards)

Wout de Natris <denatrisconsult@hotmail.nl> Fri, 20 March 2020 10:57 UTC

Return-Path: <denatrisconsult@hotmail.nl>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED393A07F0 for <ietf@ietfa.amsl.com>; Fri, 20 Mar 2020 03:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kg_ZS57FoFCQ for <ietf@ietfa.amsl.com>; Fri, 20 Mar 2020 03:57:40 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-oln040092068056.outbound.protection.outlook.com [40.92.68.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC1AF3A0814 for <ietf@ietf.org>; Fri, 20 Mar 2020 03:57:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S+fG48fihqYF4F4kcvmJ+lNACKm7XGOT+acdk63tjGH3xCbnF69TGYCbWQomPOVIeGaCKIO84xMoj6YprqW+zZ3pRNxbT7STKZyXtNbdlHc0ZVV7GdTuhVQ2rxI+9t+Y/sbB3Bd9tYAJ3cVB4QXIthyI3wSWh2O0FoQIxAwYDXZZZjughXVpc4/4fvt8c4WzFsK1R2Lo4iXYw6BhmI8CEK1MEghipZ495mXAr9tvpBfxDKNYhOdDtHNmA4oZlC10TanvDWfbIz6JXofWntkAEnJmRoH/ImDt+z+PwR+P86qCf6K9HxI8lvQvNQoGQYs0/TEbSindUJ9imRLP/CFt8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=begwvFyvrkvUJcRESG+F/jTPrkP59CCpdtiA9sm4CuQ=; b=A5sfIFpqbbgj+COfnksWvGrjEsAOLuY71eqElgk8ZLsHD+NgjIQMsyHoDrcjokzdL1Y6w+ayvTt2Nk+sIRqU3A7hS4CclJhdQ2qAfpev84PKK73kzJBjAMWpFaVpv2c091hN3JpPWoQpQhZOah2X/mxkeexsGr/xSl6/DLYzrWfAjjgosacdsULAWPFVNEOg5a2kjEEmk9MhzV8s2t5STaaCNt9Eb04DldVQ+J1kxEn0mLq4iUFQ7aFaj9daw4qd4h3q2b7V9Uyscrj7alOz8SwOGMGuVxBx8QleEvNUeTfg03s7q0sgy28iEyXxxTAsGc/AZDoG5VFq8tB4k4Z+lw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Received: from AM5EUR02FT045.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1c::35) by AM5EUR02HT058.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1c::272) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13; Fri, 20 Mar 2020 10:57:31 +0000
Received: from AM0PR05MB6564.eurprd05.prod.outlook.com (10.152.8.59) by AM5EUR02FT045.mail.protection.outlook.com (10.152.9.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13 via Frontend Transport; Fri, 20 Mar 2020 10:57:31 +0000
Received: from AM0PR05MB6564.eurprd05.prod.outlook.com ([fe80::5d21:c4b3:8405:6001]) by AM0PR05MB6564.eurprd05.prod.outlook.com ([fe80::5d21:c4b3:8405:6001%5]) with mapi id 15.20.2835.017; Fri, 20 Mar 2020 10:57:31 +0000
From: Wout de Natris <denatrisconsult@hotmail.nl>
To: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: A report on certain standards (was Re: United Nations report on Internet standards)
Thread-Topic: A report on certain standards (was Re: United Nations report on Internet standards)
Thread-Index: AQHV/qAh1vs/XqyBa0iViXh4Fd6yvQ==
Date: Fri, 20 Mar 2020 10:57:31 +0000
Message-ID: <AM0PR05MB6564247B76BE9434E87D1A90C2F50@AM0PR05MB6564.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:F39D4E77DB8F303D06F70A40350276F9910BF9E7A9F2DF34E55471CE1BC7F0B1; UpperCasedChecksum:95B2B1EFA76CC98A686AC84A6B0EC1396B8A400249CFE30254C48AEBE1512F8B; SizeAsReceived:6781; Count:42
x-tmn: [cQPBFAXRkS1sjhszF+rgtMFpK4oFBmOM]
x-ms-publictraffictype: Email
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 7397de59-0e0b-4f1f-a4c8-08d7ccbd7d21
x-ms-traffictypediagnostic: AM5EUR02HT058:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7tDmmnedoLOCITLeBlAJrVJx53x+9q0Pf9suE8CANYwjXGQlPUNHfqWuerAdLilCZy3/l1UzqlRIyNYLDvPCB9iAjcNI5fBKtoAhJxf3ZpH3s5ng2YyJ8geri2eXOoSbvNDUnNL/pRgEZLEFQEOkvu2v6vTyNJoMOlos8WiH2J8FxLkSOoaZwvlJfrnN5bdZFguJHY8g9C2psobKLpk377jH5I8iFdHKi609BnAiaJ4=
x-ms-exchange-antispam-messagedata: jMNJl1PGL36ZevCXhTtw7N54ceihsT/hDb4yVrmEgexjBakrWeJOYMAanE0pGNwKvcxWztiigH5izAjxMN4Y9CU0WXlnmlyK8EzNKCcXlQM2e6xO56Xi6kqzG1kxQYDX5h1ziEM3cx/BjiEWQBt0Wg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR05MB6564247B76BE9434E87D1A90C2F50AM0PR05MB6564eurp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 7397de59-0e0b-4f1f-a4c8-08d7ccbd7d21
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2020 10:57:31.6066 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5EUR02HT058
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/wvUz9NUo_n5JI9qTRgG38fKoKG0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2020 10:57:46 -0000

Dear all,

Thank you for discussing the report in your community. As main author of the report. There are three things I would like to stress:

1) This is not a U.N. commissioned report, but a pilot within the Internet Governance Forum to test whether the IGF is able to accelerate a long lasting internet governance issue instead of debating it once a year and go home. To go beyond the "talkshop", a long held wish of representatives from the Dutch technical community. The topic of choice became deployment of internet standards: e.g. DNSSEC, RPKI and BCP38, but also the OWASP top 10, ISO 27001 and secure software;
2) The report does not focus on nor passes any judgement on IETF's or on any other standards bodies' internal procedures. It focuses on how to disseminate the outcomes better, spread knowledge in an understandable language for non-technicians and to deploy the widely agreed upon standards faster. The comments made about the IETF were made by individuals participating in IETF processes, thinking out loud about how the goal of the report could be achieved;
3) The recommendations and steps forward are aggregated opinions from the hundreds of people that took the questionnaire, participated in the break out sessions at the Berlin IGF, from interviews and desk research. From them the authors compiled what we called "pressure points".

Nearly 100% of participants, from all stakeholder communities, agreed that creating a law is not the answer to fast deployment. So we looked at alternatives and identified what we called pressure points in society where those that decide on deployment, usually senior management and higher, can be influenced and put under pressure to start deploying. We identified 25 such points, ranging from consumer product testing, to involving trade organisations, and parliamentarians asking questions in hearings, to research in media on the lack of deployment, and CISO management-handling training.

Others involve people with knowledge, i.e. your community, to assist in translating new standards into layman's speech and in dissemination to non-technical communities. To focus not only on the technicians that have to deploy physically, but on those who can influence decisions to deploy and those deciding on the financial and resource wherewithal to deploy. Many participants, including IETF active, agreed that steps outside of the technical realm are necessary for these standards -and not only the IETF ones as you could see- to be deployed in a serious way, making all internet users more secure immediately and indiscriminately. Ideally without primarily government involvement.

As authors we welcome your opinion, questions and suggestions. The plan is to take this one step further, to start getting messages out, attract missing stakeholders and work together towards solutions and agreed upon steps forward. And indeed, as someone mentioned, as one community. That is the goal. Therefore the next step must be to bring all involved on the same page, like you are for decades already within IETF.

Yours sincerely,

Wout de Natris


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
De Natris Consult

Kamerlingh Onnesstraat 43                                                        Tel: +31 648388813

2014 EK Haarlem                                                                          Skype: wout.de.natris

denatrisconsult@hotmail.nl<mailto:denatrisconsult@hotmail.nl>

http://www.denatrisconsult.nl

Blog http://woutdenatris.wordpress.com

v2.23.0 | Report a Bug | By Email