Re: [OPSEC] Adoption call for draft-paine-smart-indicators-of-compromise
Chris Box <chris.box.ietf@gmail.com> Tue, 07 December 2021 14:39 UTC
Return-Path: <chris.box.ietf@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2033A16B2 for <opsec@ietfa.amsl.com>; Tue, 7 Dec 2021 06:39:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RMrFMzS2fQ3Z for <opsec@ietfa.amsl.com>; Tue, 7 Dec 2021 06:39:19 -0800 (PST)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124C33A16D2 for <opsec@ietf.org>; Tue, 7 Dec 2021 06:39:16 -0800 (PST)
Received: by mail-qk1-x734.google.com with SMTP id 193so14784853qkh.10 for <opsec@ietf.org>; Tue, 07 Dec 2021 06:39:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=wmxAnjZS/JjvxjPug/krwq2rN0Jkv1vGJmfrBMJoP0M=; b=Ixqsfk7HX/sjuAqI6W5Um1frlFgiyryK8n/TDG1z5XQpCADT20mcctNivbS/ONqPXS +nHu1mf7zf6/gT9RF58RBbioLjiZnHIGltPybcVOC8o+FRnzG9ckrXNJbmoQpN/TRhk3 BMoVuUSWx3TtyXKpWS6okEox58drsH6MK/E/FGcFV2Dfw+5Mgsm5Mc51GGNss71aPSI2 G5sQutqEpxYSPlcn8V0wInUzp+2o0SsgDKbVMfMXCim/TEU4M0XLFnzDFH3FfvDEIUL2 DznIgtdh9DsUwhHicJ52TeiMCSDqOKMxY0ioCxWbBexuNj3f7S95+1O7EbUjl7u1b5H4 gqYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wmxAnjZS/JjvxjPug/krwq2rN0Jkv1vGJmfrBMJoP0M=; b=qYXmql9v7JbAy5ztjCtL+2gpqsSGU7H9jag17zxBzhCewG9ZZTcVyKuy5le41OLUG7 29LnggYViJWU+5hVQesMg+61zim2RCfdP4Bdnym+JejWyeU4vsZ2japJqvJhDZFSEBbt IDPLYJfWp5Y5z5mf4EsKxBOU9yy/Xi0xRXqJwY6tduJx3+dT8aI25qsnuOKhYun1eGRc TmmrgSMKkp45A0G3RpTMc34g2hDf6IOcycdhf2X944KywXXvr7qhRdxP+LOkKVrc8BPf 4mu7qI/Yr3KyQ2Y26wkLGb5BioC3YAZzY8zjUfXvUgNTABM2rPpSKCrEpS5ylovynD9u 8JFg==
X-Gm-Message-State: AOAM533S50re/eCNJw3xOcWZeIWoNehw0LtLr3eWfWkc4DGvR3ZM/B6C reVByUsrhPIC8tiUiHuGAqzaMHqOXMMt3luCXws7n4xSOu8=
X-Google-Smtp-Source: ABdhPJw3gWPbsSUMiPF8vfDVssF4IxGPwI+Scum27F3eqCMJiWZY9xLAde9jvebMAWSX1WOaaamPHTDUb6oXmLh87fc=
X-Received: by 2002:a05:620a:4307:: with SMTP id u7mr3273903qko.43.1638887952241; Tue, 07 Dec 2021 06:39:12 -0800 (PST)
MIME-Version: 1.0
From: Chris Box <chris.box.ietf@gmail.com>
Date: Tue, 07 Dec 2021 14:39:01 +0000
Message-ID: <CACJ6M17Ob=KmfhTQZt5-2kN1o8RR9gRGBn5pk2hf+vM_FQi_kw@mail.gmail.com>
To: opsec@ietf.org
Content-Type: multipart/alternative; boundary="00000000000038552105d28f5630"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/PVXw5QZJARA_grlb9yHo4BnPC8E>
Subject: Re: [OPSEC] Adoption call for draft-paine-smart-indicators-of-compromise
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2021 14:39:28 -0000
Hi, I'm new to this working group but I now realise it should have been on my radar before, because my employer (BT) is a provider of security to consumers and enterprises. But in my view everyone (people and organisations) needs security from attack. So thumbs up for trying to tackle that never-ending problem here, and reduce the world's vulnerability. Regarding the draft that is the subject of an adoption call, it makes a lot of sense to me. The pyramid is a useful way to think about the issue. I also reviewed the minutes of the 111 meeting. Clearly there is a tension between privacy of communication and the ability of a network to spot indicators of compromise. I tend to agree that it requires research to identify ways to do both or to strike the right balance. In my mind the ideal is full privacy of end users while at the same time being able to reliably identify compromise in a complex heterogeneous network. Is that impossible? I don't know, but it's worth trying. On that basis I support adoption of the draft as a way to clearly state this need. I'd also be happy to discuss or contribute to the document. Chris Hello, > Ths email starts the WG adoption call for the following document: > Title: "Indicators of Compromise (IoCs) and Their Role in Attack Defence" > Link: https://datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/03/ > Please read the document and respond to the list with your comments. > Please state if you support (or don't support) the adoption. > Also, if you are willing to contribute to the document, please include > it in your response. > Thank you!
- [OPSEC] Adoption call for draft-paine-smart-indic… Jen Linkova
- Re: [OPSEC] Adoption call for draft-paine-smart-i… Nancy Cam-Winget (ncamwing)
- Re: [OPSEC] Adoption call for draft-paine-smart-i… Arnaud Taddei
- Re: [OPSEC] Adoption call for draft-paine-smart-i… Chris Box
- Re: [OPSEC] Adoption call for draft-paine-smart-i… Ron Bonica