[Maprg] Draft on Quantitative Analysis of Security Considerations
mark@internetpolicyadvisors.com Fri, 12 June 2020 14:59 UTC
Return-Path: <mark@internetpolicyadvisors.com>
X-Original-To: maprg@ietfa.amsl.com
Delivered-To: maprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84CE73A0825 for <maprg@ietfa.amsl.com>; Fri, 12 Jun 2020 07:59:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=internetpolicyadvisors.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BuR_3alVb8f7 for <maprg@ietfa.amsl.com>; Fri, 12 Jun 2020 07:59:45 -0700 (PDT)
Received: from antelope.elm.relay.mailchannels.net (antelope.elm.relay.mailchannels.net [23.83.212.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6764B3A0AFB for <maprg@irtf.org>; Fri, 12 Jun 2020 07:59:45 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|mark@internetpolicyadvisors.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 494AF340052 for <maprg@irtf.org>; Fri, 12 Jun 2020 14:59:44 +0000 (UTC)
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (100-96-137-10.trex.outbound.svc.cluster.local [100.96.137.10]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id ABB7E341599 for <maprg@irtf.org>; Fri, 12 Jun 2020 14:59:43 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|mark@internetpolicyadvisors.com
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.8); Fri, 12 Jun 2020 14:59:44 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|mark@internetpolicyadvisors.com
X-MailChannels-Auth-Id: dreamhost
X-Tart-Cellar: 07a3db3a6b70122c_1591973984090_938248935
X-MC-Loop-Signature: 1591973984090:2269082267
X-MC-Ingress-Time: 1591973984090
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a58.g.dreamhost.com (Postfix) with ESMTP id 4F1F27F57C for <maprg@irtf.org>; Fri, 12 Jun 2020 07:59:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d= internetpolicyadvisors.com; h=reply-to:from:to:subject:date :message-id:mime-version:content-type:content-transfer-encoding; s=internetpolicyadvisors.com; bh=K2mOiaMEeYXvgkxtGqw3+oRdYqU=; b= sqaG3vewjl6VamWKjSVat6ueK3Xm29vdlvK7n71PbpBRxBlfl0L2HGjeFy/up1BI ClzfJvReugZAEarzt+b77KIUbu4ZecJGNcXKoPVg4yE6qfJhWL9m64pPkcDc0qFh 0tNYAoQJOzVQ3EiXMDwRFMn4Cuf66+OwvWTDrwnZQJg=
Received: from Kahlo (047-034-059-016.res.spectrum.com [47.34.59.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: mark@internetpolicyadvisors.com) by pdx1-sub0-mail-a58.g.dreamhost.com (Postfix) with ESMTPSA id 7BD157F57B for <maprg@irtf.org>; Fri, 12 Jun 2020 07:59:40 -0700 (PDT)
Reply-To: mark@internetpolicyadvisors.com
X-DH-BACKEND: pdx1-sub0-mail-a58
From: mark@internetpolicyadvisors.com
To: maprg@irtf.org
Date: Fri, 12 Jun 2020 09:59:38 -0500
Organization: internet policy advisors
Message-ID: <01ac01d640ca$1a387f50$4ea97df0$@internetpolicyadvisors.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZAyhfl5fVstTioSc6kqKEpxDqayg==
Content-Language: en-us
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudeiuddgkeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucenucfjughrpehrhffvufffohfkgggtgffothesthejghdtvddtvdenucfhrhhomhepoehmrghrkhesihhnthgvrhhnvghtphholhhitgihrgguvhhishhorhhsrdgtohhmqeenucggtffrrghtthgvrhhnpefggeejkefgtdekteevgeeifeehfeelueffkefhgfejffelgffgtddtgeekvdffleenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppeegjedrfeegrdehledrudeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghlohepmfgrhhhlohdpihhnvghtpeegjedrfeegrdehledrudeipdhrvghtuhhrnhdqphgrthhhpeeomhgrrhhksehinhhtvghrnhgvthhpohhlihgthigrughvihhsohhrshdrtghomheqpdhmrghilhhfrhhomhepmhgrrhhksehinhhtvghrnhgvthhpohhlihgthigrughvihhsohhrshdrtghomhdpnhhrtghpthhtohepmhgrphhrghesihhrthhfrdhorhhg
Archived-At: <https://mailarchive.ietf.org/arch/msg/maprg/2fEOKSKJTviKaPmCMxKYaCucv5I>
Subject: [Maprg] Draft on Quantitative Analysis of Security Considerations
X-BeenThere: maprg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Measurement and Analysis for Protocols \(MAP\) \(Proposed\) RG mailing list" <maprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/maprg>, <mailto:maprg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/maprg/>
List-Post: <mailto:maprg@irtf.org>
List-Help: <mailto:maprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/maprg>, <mailto:maprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2020 14:59:47 -0000
All: Knowing that MAPRG is not going to meet for IETF 108, I wanted to bring your attention to a piece of work a colleague and I are doing. Our interest is how security considerations sections have changed over time. RFC3552 provides guidance to authors in crafting RFC text on Security Considerations. The RFC is more than fifteen years old. With the threat landscape and security ecosystem significantly changed since the RFC was published, RFC3552 is a candidate for update. Our draft proposes that, prior to drafting an update to RFC3552, an examination of recent, published Security Considerations sections be carried out as a baseline for how to improve RFC3552. It suggests a methodology for examining Security Considerations sections in published RFCs and the extraction of both quantitative and qualitative information that could inform a revision of the older guidance. It also reports on a recent experiment on textual analysis of sixteen years of RFC Security Consideration sections. The draft is available at: https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-textual-resear ch/ I would welcome comments and would be interested in presenting at the joint interim with RIPE MATWG in August. mark Mark McFadden