Re: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
Randy Bush <randy@psg.com> Wed, 05 August 2020 20:22 UTC
Return-Path: <randy@psg.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4FE3A0F3F; Wed, 5 Aug 2020 13:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npMIW5VRW1tJ; Wed, 5 Aug 2020 13:22:56 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09E323A0F3D; Wed, 5 Aug 2020 13:22:55 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1k3Pw5-0007BV-VJ; Wed, 05 Aug 2020 20:22:54 +0000
Date: Wed, 05 Aug 2020 13:22:53 -0700
Message-ID: <m2tuxgn8pu.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jay Daley <jay@ietf.org>
Cc: IETF Rinse Repeat <ietf@ietf.org>
Subject: Re: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
In-Reply-To: <DCA840AE-5620-40E7-AD24-E1CC0C7BF8C7@ietf.org>
References: <159651200228.24262.1827308624474280314@ietfa.amsl.com> <m2k0yeca1a.wl-randy@psg.com> <793241C9-C75C-407D-AD98-06E13C789154@ietf.org> <m28seuc4po.wl-randy@psg.com> <DCA840AE-5620-40E7-AD24-E1CC0C7BF8C7@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/f86WXLTGfe7dZ7PBR8_rQFaQ0PA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 20:22:58 -0000
i had planned to drop the thread, but mirja beat me up for being obscure. so my apologies for trying again. first, i am an amateur here. i do some opsec, have taught, but am not an expert. which is why i passed it to a friend with deeper expertise. embargo periods seem to vary. but my amateur observation is that the mode seems to be 90 days. as long as it is not ridiculous, i would prefer not to have a dog in this fight. but the issue my friend raised which concerns me more is adding more a restrictive "Limitations" section than already covered by law and custom. i am a researcher. i have dabbled in opsec research, and conducted attacks on the live global internet for that purpose, e.g. see [0]. real researchers act responsibly. attackers do not. do not deter and further complicate the lives of the researchers who are trying to help you deter the attackers. the ietf is not a special snowflake, just a noisy one. randy [0] - https://archive.psg.com/181101.imc-communities.pdf
- Re: Consultation on DRAFT Infrastructure and Serv… Randy Bush
- Re: Consultation on DRAFT Infrastructure and Serv… Jay Daley
- Re: Consultation on DRAFT Infrastructure and Serv… Randy Bush
- Re: Consultation on DRAFT Infrastructure and Serv… Randy Bush
- Re: Consultation on DRAFT Infrastructure and Serv… Jay Daley
- Re: Consultation on DRAFT Infrastructure and Serv… Stephane Bortzmeyer
- Re: Consultation on DRAFT Infrastructure and Serv… Randy Bush
- Re: Consultation on DRAFT Infrastructure and Serv… Russ Housley
- Re: Consultation on DRAFT Infrastructure and Serv… Jay Daley
- Re: Consultation on DRAFT Infrastructure and Serv… John C Klensin
- Re: Consultation on DRAFT Infrastructure and Serv… John C Klensin
- Re: Consultation on DRAFT Infrastructure and Serv… Jay Daley
- Use of I-Ds by the IETF LLC for consultations (wa… Jay Daley
- Re: Consultation on DRAFT Infrastructure and Serv… Randy Bush
- Re: Use of I-Ds by the IETF LLC for consultations… Livingood, Jason
- Re: Use of I-Ds by the IETF LLC for consultations… Russ Housley