Re: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
"Livingood, Jason" <Jason_Livingood@comcast.com> Thu, 06 August 2020 15:00 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCAA3A094B for <ietf@ietfa.amsl.com>; Thu, 6 Aug 2020 08:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=mdZPZTsP; dkim=pass (2048-bit key) header.d=comcast.com header.b=aDVjHRhn; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=RTZ6oMG2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErxyJ4TTY86S for <ietf@ietfa.amsl.com>; Thu, 6 Aug 2020 08:00:11 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F7F93A0917 for <ietf@ietf.org>; Thu, 6 Aug 2020 08:00:11 -0700 (PDT)
Received: from pps.filterd (m0156893.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 076EtcEi006412 for <ietf@ietf.org>; Thu, 6 Aug 2020 11:00:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=ioP7+oJLVjWq4Q0QoZNdk+Jajuf8QZWh+LV/Mlxsk+g=; b=mdZPZTsPsp6OIrkEpNj2VYqdiNXPCfm6FnIcbz7Yb+aaiaNoqn0MwxX6mCyt6dkXoorr o2Bhi0UoQLjO6iszDJK8mpZNtrRh24J8AGQO+sqTcUB54baF3DMLV0yEoW343RJegV+D RqbAdprONJaO3Dtuj0aIOREetwOCfwiNClr0uC6M/63A+prDXbrhdcRdq8RjmZuBPLPe a0/9gaRTn1VWMx8urJZzIDom554K/xQbNZ6QSlh+kgA3Ab81EWT5Ovx+Et+LBFuugsey xP9H3NUOXgDPnvAOL6poUV79tgJFd0loz1fwwa89zeWHnrRQEucbwtAW5/OtATk2A4Lq gg==
Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) by mx0a-00143702.pphosted.com with ESMTP id 32n7t4vsrk-238 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf@ietf.org>; Thu, 06 Aug 2020 11:00:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1596726010; x=2460639610; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ioP7+oJLVjWq4Q0QoZNdk+Jajuf8QZWh+LV/Mlxsk+g=; b=aDVjHRhnjFCJU1/v7TUItLZZQmLxJalWSdDR6xt1Q4w2Ps7tDLuzgqpo/4hL3pxV YgNy2pbltobNtcBXM3K0KxsYa8QCpJm1IICPJGl/5711yZ0mbiDqBBtycsrcL/vH pmS8fPHMvk1CxAA1kuuG+iDAVsgSwjO6vOnRtjIW4cpMbzopENHOgVG3GXB/8QO3 SvKzuLUxtHOwKXHNzafcPpzRrBK2v/Z6bKQFuZfq5b5CEHMierygm+1G84lVEwg9 EjOpXaI+UV/cde2ouu3JnezuZieOXNM2nzaZLX1tmlu62orc1oEb0q/XymJCb0it PLlxmQfW4BiWiYJpQ1t96A==;
X-AuditID: 60729ed4-a49ff70000003048-3b-5f2c1afabead
Received: from COPDCEXC38.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 9D.51.12360.AFA1C2F5; Thu, 6 Aug 2020 09:00:10 -0600 (MDT)
Received: from COPDCEX10.cable.comcast.com (147.191.124.141) by COPDCEXC38.cable.comcast.com (147.191.125.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 6 Aug 2020 09:00:09 -0600
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by COPDCEX10.cable.comcast.com (147.191.124.141) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 6 Aug 2020 09:00:09 -0600
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 6 Aug 2020 10:59:52 -0400
Received: from MN2PR11MB4287.namprd11.prod.outlook.com (2603:10b6:208:189::17) by BL0PR11MB3235.namprd11.prod.outlook.com (2603:10b6:208:6b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.15; Thu, 6 Aug 2020 14:59:43 +0000
Received: from MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::a8bd:6861:d1e5:e613]) by MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::a8bd:6861:d1e5:e613%3]) with mapi id 15.20.3261.019; Thu, 6 Aug 2020 14:59:43 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: "ietf@ietf.org" <ietf@ietf.org>, Jay Daley <jay@ietf.org>
Subject: Re: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
Thread-Topic: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
Thread-Index: AQHWbAI3zbupAS5px0i1n9NAFehPLQ==
Date: Thu, 06 Aug 2020 14:59:43 +0000
Message-ID: <965FAE2A-59D2-4D4B-8D95-76B84483C379@cable.comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: ietf.org; dkim=none (message not signed) header.d=none; ietf.org; dmarc=none action=none header.from=cable.comcast.com;
x-originating-ip: [2601:87:4280:7190:7182:7d98:df48:c3ed]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0b30cd47-e260-400f-b4ac-08d83a195a65
x-ms-traffictypediagnostic: BL0PR11MB3235:
x-microsoft-antispam-prvs: <BL0PR11MB3235E756028D52966BBD7289C7480@BL0PR11MB3235.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4vFb6SD3ZHLMPChQ4Het2EgYIRA/NW5GrqYpEkFkswbBHL5Jie8fOm8p5ON3j9fDRdXkOkFUwxY38c8aSypslWmga8Zdib2rhZyqVYRjrTiQP/wrEXq+njt18RTVLmFnoIrluJXdzAFWLlXYAeyIGrcZv2eRQ3cx1Kzo3QEyKheC8rYUwqalbzjNx3zjA9m9Anpy8No4jS5ET/Hv8P1RfCqVwjDFHitOkhQZfkp5DaaE/EHMxTwt7/yuaiG8p/o3nUoqniXXh7mRP2Fs+/+TZ9Bk7hfPx63k5KLlT278AKvAXOEXh6U7RjPCuBX7KjzFa/lKfhwQ0Blc1C26c++OGg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4287.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(366004)(376002)(136003)(346002)(39860400002)(186003)(2616005)(2906002)(6512007)(110136005)(33656002)(83380400001)(66446008)(71200400001)(5660300002)(316002)(76116006)(66946007)(450100002)(6486002)(478600001)(8936002)(6506007)(86362001)(8676002)(64756008)(66476007)(66556008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 5PUuFhfxLAAZfgxm226g4O0h2j5rwENGAjFNnjt3e1PZpyxm+IygA1xOPGeO/AhTfu9X9jDgYod1tZkv/Qvds+urmE4PkeHyxtGV3j2tnyfQlPmMAlCrQk7l3Yq0B1iKjy1/7MHLttUUeFUm60ccG34+2haKBrMYX5x81KPbHs2plSsBQLFzoJRMRuhncuZOHKkohF2nRW21rfQh4CtUCQiIZ7lctWFNmSBB8A+qZOxlcO5SwDiZreUtcVs+CIZmEAlmtnKUDHgjeVV0NmT0ncJJ9OGyI/p6YSUc7gYWJHzfRAdE4Q8T2VO6agUZsCfE99ok1A6S5idsp8/J+PUkfishpseaafLRdvQzm8OhB3r/5kdb3ZkW4X4Jc08HqDwZlOoY/go39qcg9hOvhLce+ay/LtsUCr8n6uwz7TedQ/w1b5z5CQnrMOjAqeZsBUB6IU6uZzPp6hXT/CZ94DeLcT66U81xYioDSV3v2bRY+9q9oGIr1rBIw+r8NUudnQiY96boFpuonzPwdRu//7EKXp+clR+cHbOOPs+hRu4tOhWYfuRTBE3GAGNDqocpuHp8wi0AGSvAiXt5ndgm6/InbWb3zEQYsxVk1CfidoHqBRgHN2zhTdLYsnYf9x59jbFbe8Vwt1FYHxd7Dwou2JPhxIVGnEXgYny00mv6CmZ8AdxCIiypyDgdBKP0eVX4/RJfL4S2ZOMXWFnu+OldxtdqFw==
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S6H5eUJGyNWdpMmwd4bn7FVg1AEchZINGPePycih2RIx9CHnD1WL2GYJyOuslM30wQ7gQRqoqRdpet8i5xH3eDKhJytjDxQpbv752TsZfmNZfpARmP+HVDYkl71ROlew0+sjK1mSJGqT63DS2O2BI1LPB7qqzYaJebZ6fCuE9NHn5MrjHwcB3JqOL/TTx8oPa9TYfMso2sZ0FkjBg94JGeQwX2dOSz0vuSmdwANmmbbAGxTtUqZJXi6zM8wIlxdhMNd0jYEBlRoM3tbTHUhugGvnkf+UP8vihma3WVLu266wlPRSaUBZ7/eXQGE0taZDWEU5/Co122Mjpi1Evd0a2g==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F5arorojWTeLo9UKIbqbxEjIJIAqU517TFMzPnUDxGE=; b=c3j+0qeURRhCevq0BMQPoPolvrv8qeZ9BIBrk8/nFIgzfhLqp+3llh6gq6yFaDxzBIADNow4qezDcRGRoSTMnk7L7j1FtGZK9vnPirmEoWLV7RBwWKpEQOxlPo3DwdyE3SATlWZN0xyEuxwJwdE9Do4uKN/jo0E/nX00APXqJTErQNrEjwxEJDf59mkYLZY9RMcXGCwo7qOIqxJpSgcXqsGq6NSBXoRZwI5O4ZIM3nxu2aAS9O89ldf6hzjFX7I3sWneTn/d8p65am6g3zGiP2pbdql5DTmcRBRsn8J57INAv39aZZzyoRpsYfJ8quN1Pvu6cN+U4ljms69nTcHjJg==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F5arorojWTeLo9UKIbqbxEjIJIAqU517TFMzPnUDxGE=; b=RTZ6oMG25GmxOX9VIx17fy6UJkv60Twd7Bdi8NpMcAV5Tqvo94HdGjPUI8ixu1UJcW9GO/9uRD3OeR7qSqCLBJ50HoPuui5WcFmcfXel4C/d73+INqXtdNTQe7+Q8zdJ6K7WsUhigPnnh6W5CPumtN1pvT5HYxt4EtViqgSn3j4=
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4287.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 0b30cd47-e260-400f-b4ac-08d83a195a65
x-ms-exchange-crosstenant-originalarrivaltime: 06 Aug 2020 14:59:43.6574 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: /1qUngtdw9zp0cfpUynLkvdeMYZzZ2bmIJg9jnbcB734qnSi5Ik9O8KcPDeAGepgsHErpnH07WvONlVSCFpww2BnETxkfI9ywf9bAv+/TTY=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3235
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <65007238D7D5BA4AA4B29FA14227FAB1@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTYRTHee69m3ez5dPy5bAsaFiS2mxqopBSELUCodIvhjZHXvI92cyc EKgppfMtG2ZzbVqGIGVqaGWKNftQYm7qglASlzOSKFYUoVNrd3dB337/c/78n3MOD02Ka3gS OreohFEXqQqkfCGVpTbe3L8miVIeWGwMT/jUb6YSltvb0WFC0dW1SpxCZ4WHspmC3FJGHZ2c JcxZmzMSxev+ZX0jRqoC2f3rkIAGHAdWt82vDglpMX5FwODQD8SJKgJerBh5nJhH0Nex4eu8 RtB01Ulx4h4B5q9zvgAHAn3bAGKT+TgePnTaSZYDcRK4unsolrfjy+Bu/Uhx9TJYGx7zsQyu TU0TLFM4DDY7lv1YFuGjMD5g9HoQDobfEw+8HhKHwJzTTHBbYOgasZIcB8HK0iaP5SAcDV+u PyPY4RBu9oxd7fKYaI8pETr1ezn/Tpgx6xDHKfDS3OTLjIDRfhvB2fNhbKmQK4dD9XcTj+Nd 0NPgoDgOhcX3T/jsU4DdBNS6rDxOzJLQaF1AnFjngW28wZfq2dKibUaxhv/2MXg6JN4Hj4aj ubICTKPzfI53g17n8DN4z7IN3tx2Uh2I14O2JsbL5PI4mfxggixGHjOAvJ/DZH+KZm8pLAjT SLpFdDwoSinmqUo12kILApqUBoryPkcqxaJslbacUV9Uqi8VMBoL2kFT0hBRZubbc2J8QVXC 5DNMMaP+1yVogaQCCftm2mqG4gSGE3/wnt4zlUfIlt76n/MZh/TUu9qW9mRFa3p/aEDU87uD OpFpol2ld3RLKiZc510LzklDmiQ94xuVXv44OWdyeiytvEqd+utOGP90ov2YNliyWhy5cQOW lh8GzOQJbCZdEv9+6shQ7FRbfeVJ0ZWUamONG8ullCZHJY8g1RrVX0hiiZQYAwAA
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-06_12:2020-08-06, 2020-08-06 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/jDho047PBKtUSN7JhLRY_sZ_Zws>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 15:00:14 -0000
I would love to see comment on these 2 key questions: (1) > * The proposed mechanism for reporting a vulnerability. When I originally thought about this I was concerned at the default to use email, acknowledging that this is something with which most IETF participants are quite comfortable. I wondered if it might be better to specify that a web interface was the reporting method, which would automatically generate a report ID number on submission that a bug reporter could use for their reference later on. In contrast, an email may not arrive or may be delayed and automatically generating an acknowledgement response with a ticket/tracking number would rely on an additional system that may have communications issues with the email system. It seems like a web-based reporting system may also provide a better level of security protection by encrypting the channel & contents of the communication vs. less secure email. (2) > * What the email address should be for reports to be sent to. @Jay - Can you list the options being considered here to help aid the discussion? Thanks Jason
- Re: Method of Contact - Consultation on DRAFT Inf… Livingood, Jason
- Re: Method of Contact - Consultation on DRAFT Inf… Salz, Rich
- Re: Method of Contact - Consultation on DRAFT Inf… Randy Bush
- Re: Method of Contact - Consultation on DRAFT Inf… Christopher Morrow
- Re: Method of Contact - Consultation on DRAFT Inf… Jay Daley
- Re: Method of Contact - Consultation on DRAFT Inf… Jay Daley
- Re: Method of Contact - Consultation on DRAFT Inf… Livingood, Jason
- Re: Method of Contact - Consultation on DRAFT Inf… Salz, Rich
- Re: Method of Contact - Consultation on DRAFT Inf… Michael Richardson
- Re: Method of Contact - Consultation on DRAFT Inf… Paul Wouters
- Re: Method of Contact - Consultation on DRAFT Inf… Benjamin Kaduk
- Re: Method of Contact - Consultation on DRAFT Inf… Salz, Rich