IETF Logo Mail Archive

Re: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?

"Salz, Rich" <rsalz@akamai.com> Mon, 26 April 2021 15:24 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EA0A3A21EA for <ietf@ietfa.amsl.com>; Mon, 26 Apr 2021 08:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14dQBcfxKIov for <ietf@ietfa.amsl.com>; Mon, 26 Apr 2021 08:24:24 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52B363A250B for <ietf@ietf.org>; Mon, 26 Apr 2021 08:24:24 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 13QFHm3H000535; Mon, 26 Apr 2021 16:24:22 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=Eoi8E1yyovheRfPETV5qKb5sxaeZRO72/ULeT7fnp0c=; b=Qxtm5qXbKHBlI2D3NMICKoRQr2CO4PF1wg19UVLarV8mex9aSsIoKTI04x5x8DRk17yF PzFjvXf04ublKEAz+bKJNHCJbRs6TFV8foDf6Twm+fBTd/31RyewpbT4o9LPwgRDk9x7 5fMMULf2Y71tGFQGj5561vkuJaPwo+frfcY6Y3/pWT24JvKc2i3HVt6icDFraEXJZXre /yeJavBrc4h4z/iYQnkonHPoE+Qv+xSQEPvkVX2TX64HpxkYQ1BIh7Q7GOyBfGRHxJKV Z4/tpmh4ASStXGuqr1ibU8ITKEzyt4bZxlASqqQUv0rsDRUZSdswJOtGhYbYrYWZZxlM fQ==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 385htpwtrv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Apr 2021 16:24:22 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 13QFK6uJ009238; Mon, 26 Apr 2021 11:24:21 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 384enyn7qy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 26 Apr 2021 11:24:21 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 26 Apr 2021 11:24:20 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.015; Mon, 26 Apr 2021 11:24:20 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Quan Thoi Minh Nguyen <msuntmquan@gmail.com>
CC: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
Thread-Topic: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
Thread-Index: AQHXOp7CED1hBYcbt0qgYZzZVN06lKrG27UAgABLwID//79NgIAARksA//++JwA=
Date: Mon, 26 Apr 2021 15:24:19 +0000
Message-ID: <DA7E8D75-2643-431A-A043-0C0317F5A824@akamai.com>
References: <CAAEB6g=tU=MF1_QKduEN55ft0rWe+7x0wBbywS083fJrjzP=XA@mail.gmail.com> <CAAEB6gn+QWuCX4BxCJuofz6JF6amaPtWiDtg7ZAmRT9FwaX8vA@mail.gmail.com> <C2025926-ECD9-4846-BE36-9B243000DF5F@akamai.com> <CAAEB6gm710=5KrNEpVPWRKpMWFupcYFuCBiHP80=BwOormiABg@mail.gmail.com> <30B2523F-F116-454A-BE64-349A260F54D7@akamai.com> <CAAEB6gm2815anAJyugVkah5dFBQxEawHiGtodk2q=O4g8Q+kOA@mail.gmail.com>
In-Reply-To: <CAAEB6gm2815anAJyugVkah5dFBQxEawHiGtodk2q=O4g8Q+kOA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_DA7E8D752643431AA0430C0317F5A824akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-26_07:2021-04-26, 2021-04-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 phishscore=0 mlxlogscore=649 suspectscore=0 malwarescore=0 spamscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104060000 definitions=main-2104260120
X-Proofpoint-GUID: MiAtuNi5ME1FzxvYPwMfn0uhPJF1V-MQ
X-Proofpoint-ORIG-GUID: MiAtuNi5ME1FzxvYPwMfn0uhPJF1V-MQ
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-26_07:2021-04-26, 2021-04-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 malwarescore=0 mlxlogscore=573 priorityscore=1501 adultscore=0 spamscore=0 impostorscore=0 clxscore=1015 suspectscore=0 lowpriorityscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104060000 definitions=main-2104260120
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.18) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint1
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ajBt2MNMMP0LRcAQY22txTvoPT8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2021 15:24:29 -0000

  *   It doesn't matter to you, but it does matter to other people like me.

You have been told several times, by several people, that a draft is not a standard.  No matter what vendors do, no matter what emails say about it. Even if the subject of the document says “A Standard BLS Mechanism,” until it is an RFC it is not a standard.

People within the IETF often use the word standard in a number of ways.  That doesn’t mean the document IS a standard.

I unmderstand this is frustrating to you, but just because some vendors implemented a draft, and you found a bug, that doesn’t mean the draft authors have to push out an update immediately. There is a reason, after all, why the document is called a *draft*

v2.23.0 | Report a Bug | By Email