IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 06 September 2013 16:48 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31F3511E81A0 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 09:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.213
X-Spam-Level:
X-Spam-Status: No, score=-103.213 tagged_above=-999 required=5 tests=[AWL=-0.614, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T7zdaOVoHn18 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 09:47:55 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ietfa.amsl.com (Postfix) with ESMTP id 1C7D411E8199 for <ietf@ietf.org>; Fri, 6 Sep 2013 09:47:54 -0700 (PDT)
Received: from [192.168.100.22] ([91.154.110.176]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MZTbR-1VYpev3UOT-00LB5h for <ietf@ietf.org>; Fri, 06 Sep 2013 18:47:53 +0200
Message-ID: <522A0728.2080008@gmx.net>
Date: Fri, 06 Sep 2013 19:47:36 +0300
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: dcrocker@bbiw.net
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <20130906144548.C22C618C0DA@mercury.lcs.mit.edu> <5229F2B1.70109@dcrocker.net> <20130906153409.GA1399@nic.fr> <5229FBB8.7020300@dcrocker.net>
In-Reply-To: <5229FBB8.7020300@dcrocker.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:R/Dv8FLBMO04yQsnIFghJKDvPpGyiWnh1GBJeYnp1mS/eWnTFaN jUGATUfTarLOFn146jrFZUVHjHBsz3yy+/N/fjk82ZokewrHm/hGf+XlF1yUqrxhCdBtBVY qETt3s+6W6GxxuQs1Vh6BH4dKCaEkzik7iOI7k3oO6EXSD6+RRY/aMSOXfqLkO0VQSTNaP9 VvWhstUehGJVUrMtbM4TQ==
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 16:48:01 -0000

Dave,

On 06.09.2013 18:58, Dave Crocker wrote:
> On 9/6/2013 8:34 AM, Stephane Bortzmeyer wrote:
>> On Fri, Sep 06, 2013 at 08:20:17AM -0700,
>> Dave Crocker <dhc@dcrocker.net> wrote
>> a message of 21 lines which said:
>>
>>> We currently do not have a concise catalog the basic 'privacy'
>>> threats and their typical mitigations, appropriate for concern with
>>> IETF protocols.
>>
>> What about RFC 6973?
>
>
> It certainly provides useful background. As such, it's an excellent
> starting point for the topic.
>
> However it is not concise nor does it offer threat templates nor design
> templates.

The document actually contains a list of common threats that we found 
applicable in the Internet protocol standardization context.

The design template is essentially the questions listed in the 
guidelines section.

Unfortunately, like in security the story is not that easy that you can 
give simple recommendation. As a protocol designer, you unfortunately 
have to think a bit.

> It also doesn't define privacy...

It does define privacy but not in a single sentence.


Ciao
Hannes

>
> d/
>
>

v2.23.0 | Report a Bug | By Email