IETF Logo Mail Archive

Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact

tom petch <ietfa@btconnect.com> Thu, 11 June 2020 08:14 UTC

Return-Path: <ietfa@btconnect.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD3D3A0F7D for <opsec@ietfa.amsl.com>; Thu, 11 Jun 2020 01:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RuvG8cfuSacQ for <opsec@ietfa.amsl.com>; Thu, 11 Jun 2020 01:14:55 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40121.outbound.protection.outlook.com [40.107.4.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACDAE3A0F74 for <opsec@ietf.org>; Thu, 11 Jun 2020 01:14:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ahmg1ff+STPZippGnD3A8aJUmvn5oJM21KZhBnWpzRWS/vDSq5t1Vr2eucXwy0RjSzc8L0nPVkIYt0ElJUCHEpCGVXUGOQTNJ3rEo2A7A2FxW6NGVLAQJUuD/hZ9/fJvVmzN5ht3ZlEVnza9vUDMzKRVEGTETxGiKabzt2R2j334pBMdwP/jHxEeDl/WCJ8NvM/TAAG1AZRg3oXyQt84PmjQ0H/lTi0IhGYRLWX2b9ojzyUV7YJir73+pwnWGe2yXZDX+W+PhYDYpvrY1jJhnLOeWLzavpuG0YH9uCE0N39/uk2PQxBwEFVZd+dtrZm3ldgsQdBgbe2YZfVTwf5zjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GMtX0wHWGQLYb3i9I6nxsh5LyOUB80T+yNEPi+J7eF4=; b=Om9PcnAXFgX3qx8/izTk1vz6waMq5/l8of1xL9XQOFzF5gB5V5pPdP3ZDEVGS1XGgfYX1Uhy89/dC0jBjc/kvNuuAjtPBqAToSbEjcd6bMmxD4wxjtTda9vS71S11I1XRirBcmmWO69sEWV8KwGMYDHB/VdNhNzTdLnylmUJsOqs3SXYKn95sujdpAlA3xtFBd1u3wyye/mUY4q84j5Bthr5AxIobkbrCI6tatgu1RI+vmuIPS+ZChVTkYBX6ZTvaR9a7nwDIFjFdQToN1EamjKBgSbs3Ail+DE7cQXD7xuer8wCuJRf4ovBVfELgnla0cAjlmrwUbgJ3rQZfLqajA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GMtX0wHWGQLYb3i9I6nxsh5LyOUB80T+yNEPi+J7eF4=; b=mmvHTUQfxDPnOz9nB7WTN/IIpq+X/ul/zh4mNZUlsmCP1Kg2aknjiGdmYVWp0U0G4L6TKf+IrQQGdCNSEfO3Paj1JPpQcKJytxcToFEWqQGc3Z3eXMSgG39vCgQgLnn+3ZpUFRBlEBRcXqomJiAxL0qS0v2DSL5sxzgmgh3Pi70=
Received: from DB7PR07MB5340.eurprd07.prod.outlook.com (2603:10a6:10:69::25) by DB7PR07MB4762.eurprd07.prod.outlook.com (2603:10a6:5:2d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.9; Thu, 11 Jun 2020 08:14:53 +0000
Received: from DB7PR07MB5340.eurprd07.prod.outlook.com ([fe80::6d73:b879:b380:bed4]) by DB7PR07MB5340.eurprd07.prod.outlook.com ([fe80::6d73:b879:b380:bed4%7]) with mapi id 15.20.3088.019; Thu, 11 Jun 2020 08:14:53 +0000
From: tom petch <ietfa@btconnect.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Warren Kumari <warren@kumari.net>
CC: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>
Thread-Topic: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact
Thread-Index: AdY7SqenvbjZws5fQM2HvBhyR2hakgDxZGhwAAURfQAADkiYgAAaV6Ak
Date: Thu, 11 Jun 2020 08:14:53 +0000
Message-ID: <DB7PR07MB5340FC40FE8614C69BAD1FFBA2800@DB7PR07MB5340.eurprd07.prod.outlook.com>
References: <DM6PR05MB63480144A85175AA35841326AE860@DM6PR05MB6348.namprd05.prod.outlook.com> <DB7PR07MB534069F46322B83AD13C216CA2830@DB7PR07MB5340.eurprd07.prod.outlook.com> <CAHw9_iJvJk16oPYEON_+G=jxUtFVHBnpZUt0RTE6aosQytHpew@mail.gmail.com>, <7ECCE190-01DA-410C-B891-6732EB300FC1@cisco.com>
In-Reply-To: <7ECCE190-01DA-410C-B891-6732EB300FC1@cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [86.139.211.47]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 034b4640-958d-44dc-c7cc-08d80ddf84ff
x-ms-traffictypediagnostic: DB7PR07MB4762:
x-microsoft-antispam-prvs: <DB7PR07MB476266D361FE3E409F070857A2800@DB7PR07MB4762.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 0431F981D8
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wMKB6ShShnUZxaFGEbIus3zwH4q5+G35bxzdeaRIeqrclXPoey/Rpvbc7d8J4+H3KQa7//pFsV4OD13aYDDAL62cWUX28XIhYGjUYad6TX6BFH1GHPwqd50L/+sEIcxpiS2G4RdJKor0fbw7mNvBq0fECVKySxIA5uUC9PsU/mYKfEpZmIbcEbXbIjXRC4kBAYbKcRY7hHUK4QPaYPVoYHGsRitRI6KmRnAuZHu9/Ni45E89uOhPmFephYgIMj1mew0pvLI7Qf+xNrLoobysYzGA3APIBo6jA+JCq5Fm4dGcTq9GPF1eZVymOkFVrDokAYxjew4TWFTkHKfRSp6EqK+8l0ebSDGTEtfMMCgoA94zcLI/wRX3u9d9nAvhHjwSs5Nx2O12sgJ39jD7MuVGZA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR07MB5340.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(366004)(346002)(396003)(376002)(39860400002)(136003)(4326008)(110136005)(54906003)(8936002)(8676002)(966005)(2906002)(83380400001)(316002)(478600001)(64756008)(66446008)(66476007)(66556008)(71200400001)(53546011)(26005)(55016002)(186003)(6506007)(86362001)(7696005)(9686003)(66946007)(91956017)(33656002)(52536014)(5660300002)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: F+YHn2i8tqKYyC5MT9d6ZuElmqUBfJIEqBvzVMI3iebqCN2I50WF4MmwxLTeGmWWRDcKY+Slpdpx5fp7IKhaiuOep95l6SBC8dfxeMDI8rn1I5/Cqy2kpbl28RE6U7unLLJDJPGWYbXyEKHJ+GZmgOWAGArnUvuGi9nZ1buswdBD1E1QRJ7vmv97ar7TPoVMhzjU5dX7IBVH6VawWF0MUAKGBQrsJgOA04qcAsqN0p3CouIW3nx7qWPqrSQ8SNAfSRI7hbWh6guFtTeeNqjL4YGWE5fN8CjlG1VxFEZfk1RblrjeJ2YWskjHOKG7VWfK4q3fJz/59MfHAmcB6vYDhBYViDLJz967lsPO5SbTaUgb57sKvnJyOXZKezwAij79kL8rtziwnnf4FnKYkjuN6lzMF5I9q3tI54Hw64oLrsBNC1JXO3nwoq6Mej0INfNtulHtqIj0uQ9eZKuXZbBSmbgd7eGFJFinStGuovi1Zzg=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 034b4640-958d-44dc-c7cc-08d80ddf84ff
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2020 08:14:53.1980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OP2eriD5kfkmgFrPLz8vie3AmWXbkwVpcqNQBc3BAgT3Qkejfv8nfNEYaa+vmlls/sqUezyALaUwbaMedB1YdA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4762
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/GEwmfo0s9oAF_uQ9bmtWwE4IBPU>
Subject: Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 08:14:59 -0000

From: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>
Sent: 11 June 2020 03:30

On 6/10/20, 5:42 AM, "OPSEC on behalf of Warren Kumari" <opsec-bounces@ietf.org on behalf of warren@kumari.net> wrote:

    On Wed, Jun 10, 2020 at 6:18 AM tom petch <ietfa@btconnect.com> wrote:
    > From: OPSEC <opsec-bounces@ietf.org> on behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
    > Sent: 05 June 2020 16:04
    >
    > Folks,
    >
    > This email begins a call for adoption on draft-camwinget-opsec-ns-impact<https://datatracker.ietf.org/doc/draft-camwinget-opsec-ns-impact/>. The call for adoption will end on 6/19/2020.
    >
    > Support
    >
    > I would have liked this to be a TLS document but the fact that it is not makes it even more important that it is adopted.

    Actually, that raises an important point -- why is it *not* a TLS
    document? Are we wading into deep waters here? Did TLS object to this
    document, or just show no interest, or say "'tis a fine idea, but too
    operational for here, vaya con dios"?
[NCW] It is the latter, that is, it is more about the operational impacts of network security.  When it was presented at the TLS WG,
It was noted that the draft presented TLS use cases but from an operational perspective and didn't fit with their current charter.
There were suggestions that opsec could be a better fit.

<tp>
I track the discussions on the TLS list, saw the discussion there inter alia and have a more jaundiced view.
<rant>
The TLS WG has many highly skilled, highly active proponents, more so than any other IETF WG I know.  Its culture I see as perfect security no matter what.  TLS 1.3 thus addresses all known problems no matter what.  If this renders it unusable in places, too bad - perfect security cannot be compromised.  This I-D says TLS 1.3 is not perfect in some settings so the TLS WG would commit suicide before ever adopting it.  Which is a shame since that is where the expertise lies and where any infelicities in the I-D might be detected.  Shame, but that is how it is.
</rant>
Tom Petch

    Can this CfA be CCed to the TLS WG so that we get more review?


    W

    >
    > Tom Petch
    >
    >                                         Ron and Jen
    >
    >
    > Juniper Business Use Only
    >
    > _______________________________________________
    > OPSEC mailing list
    > OPSEC@ietf.org
    > https://www.ietf.org/mailman/listinfo/opsec



    --
    I don't think the execution is relevant when it was obviously a bad
    idea in the first place.
    This is like putting rabid weasels in your pants, and later expressing
    regret at having chosen those particular rabid weasels and that pair
    of pants.
       ---maf

    _______________________________________________
    OPSEC mailing list
    OPSEC@ietf.org
    https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email