RE: Security for various IETF services

<l.wood@surrey.ac.uk> Wed, 09 April 2014 02:12 UTC

Return-Path: <l.wood@surrey.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62AE11A0055 for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 19:12:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bb2u5ZQftCRs for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 19:12:43 -0700 (PDT)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.145]) by ietfa.amsl.com (Postfix) with ESMTP id 4DAD41A0735 for <ietf@ietf.org>; Tue, 8 Apr 2014 19:12:43 -0700 (PDT)
Received: from [195.245.231.67:30853] by server-9.bemta-5.messagelabs.com id 5F/2D-04350-A9CA4435; Wed, 09 Apr 2014 02:12:42 +0000
X-Env-Sender: l.wood@surrey.ac.uk
X-Msg-Ref: server-12.tower-82.messagelabs.com!1397009561!33933628!1
X-Originating-IP: [131.227.200.39]
X-StarScan-Received:
X-StarScan-Version: 6.11.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 29705 invoked from network); 9 Apr 2014 02:12:42 -0000
Received: from exht012p.surrey.ac.uk (HELO EXHT012P.surrey.ac.uk) (131.227.200.39) by server-12.tower-82.messagelabs.com with AES128-SHA encrypted SMTP; 9 Apr 2014 02:12:42 -0000
Received: from EXMB01CMS.surrey.ac.uk ([169.254.1.150]) by EXHT012P.surrey.ac.uk ([131.227.200.39]) with mapi; Wed, 9 Apr 2014 03:12:41 +0100
From: <l.wood@surrey.ac.uk>
To: <rwfranks@acm.org>, <daedulus@btconnect.com>
Date: Wed, 9 Apr 2014 03:12:07 +0100
Subject: RE: Security for various IETF services
Thread-Topic: Security for various IETF services
Thread-Index: Ac9Thzq45VwCSS/wT5aApzO4bGzkvwAEeCrM
Message-ID: <290E20B455C66743BE178C5C84F1240847E779EECE@EXMB01CMS.surrey.ac.uk>
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com> <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com> <53427277.30707@cisco.com> <B275762E-3A1A-44A3-80BE-67F4C8B115B2@trammell.ch> <53428593.3020707@cs.tcd.ie> <A33A3F1E-8F6D-4BD9-8D1B-B24FBCD74D8D@nominum.com> <5342B26B.5020704@gmail.com> <011301cf532a$b4cd02a0$4001a8c0@gateway.2wire.net>, <CAKW6Ri5=6eVEKvJ3SVrFxnX9Hd1vxUFW9n4p99g=NM+LHky9kA@mail.gmail.com>
In-Reply-To: <CAKW6Ri5=6eVEKvJ3SVrFxnX9Hd1vxUFW9n4p99g=NM+LHky9kA@mail.gmail.com>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/l4YqLBOXvu19HmZTpAV7hi2oEA4
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 02:12:45 -0000

Gee, you don't need a threat analysis when you're going to protect against EVERYTHING!

That's SECURITY!

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces@ietf.org] On Behalf Of Dick Franks [rwfranks@acm.org]
Sent: 09 April 2014 01:02
To: t.p.
Cc: IETF-Discussion
Subject: Re: Security for various IETF services

On 8 April 2014 09:32, t.p. <daedulus@btconnect.com<mailto:daedulus@btconnect.com>> wrote:


The path that I have seen several Security ADs steer Working Groups down
is to start with a threat analysis before deciding what counter measures
are appropriate.


Several contributors have been saying exactly that for almost a week.

These suggestions have been answered by dismissive emails and a relentless bombardment of magic pixie dust.