IETF Logo Mail Archive

Re: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

Jay Daley <jay@ietf.org> Wed, 05 August 2020 00:46 UTC

Return-Path: <jay@ietf.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C0E3A0D61 for <ietf@ietfa.amsl.com>; Tue, 4 Aug 2020 17:46:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9XAbk9sPPvuV; Tue, 4 Aug 2020 17:46:07 -0700 (PDT)
Received: from jays-mbp.localdomain (unknown [158.140.230.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 314853A12CB; Tue, 4 Aug 2020 17:45:58 -0700 (PDT)
From: Jay Daley <jay@ietf.org>
Message-Id: <DCA840AE-5620-40E7-AD24-E1CC0C7BF8C7@ietf.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_42803044-5269-42C7-BCE8-733CA41B0149"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
Date: Wed, 05 Aug 2020 12:45:55 +1200
In-Reply-To: <m28seuc4po.wl-randy@psg.com>
Cc: IETF Discussion List <ietf@ietf.org>
To: Randy Bush <randy@psg.com>
References: <159651200228.24262.1827308624474280314@ietfa.amsl.com> <m2k0yeca1a.wl-randy@psg.com> <793241C9-C75C-407D-AD98-06E13C789154@ietf.org> <m28seuc4po.wl-randy@psg.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/d5Vpb0N19Ebe1SN_Mkh7bGg55xI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 00:46:09 -0000


> On 5/08/2020, at 12:32 PM, Randy Bush <randy@psg.com> wrote:
> 
>> First, just to note that as feedback comes in, a new branch is being
>> updated to address that feedback:
> 
> in what way was i not clear about "internet draft?"  i have a nightly
> rsunk direceory of all drafts and have no desire for yet more browser
> tabs.
> 
>> If your friend doesn’t like email then they can always add a github
>> issue directly.
> 
> my friend already gave at the office.  ex ietf sec ad.  has negative
> desire to see anything like an ietf mailing list again.
> 
>> I agree that it would be useful to include a time commitment but we
>> are in an unusual position as a semi-professional/semi-volunteer
>> organisation and it is therefore difficult for us to make commitments
>> about what volunteers can do.
> 
> you seem able to make excuses quickly. :)
> 
> what you do not seem to understand that the 90 day limit is what folk
> will give you.  well, the polite ones.  you can like that or not.

I’m not sure why, but you omitted my next sentence "However, combining this with your last point, it’s not unreasonable for us to commit to 90 days so I’ve added an issue to capture that".

BTW 120 days is quite common (e.g ZDI) as is 45 days which is used by many CERTs.

> 
>> It would be useful if your friend could provide details of where these
>> don’t work in practice and suggested fixes.
> 
> have the security ADs and operational security folk helped with this?

Yes.

Jay

> 
> randy
> 

-- 
Jay Daley
IETF Executive Director
jay@ietf.org

v2.23.0 | Report a Bug | By Email