Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact

Warren Kumari <warren@kumari.net> Mon, 15 June 2020 18:57 UTC

Return-Path: <warren@kumari.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A02E53A0956 for <opsec@ietfa.amsl.com>; Mon, 15 Jun 2020 11:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NM_3xIWzF_RR for <opsec@ietfa.amsl.com>; Mon, 15 Jun 2020 11:57:52 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAF733A094B for <opsec@ietf.org>; Mon, 15 Jun 2020 11:57:51 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id 9so20537252ljc.8 for <opsec@ietf.org>; Mon, 15 Jun 2020 11:57:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=/wLdpmQit8bkv18vrwi1Kzc9sFwhbkyLZwKAgzkuIJ4=; b=voYiPXlyK62ABjvUxGokea6JJS45ME/CfrPHH+c+G5mIojcetLfHY6kCruzwO1Hxag oVtYOmaQMeCmZ/gnUqCJwhiUAf9S73o3gEKWnVP58wKZwhmgajNngHxz8MnDGZBlafTw aTA7DVDeqgEp6GBw/n9+jyh0qRuFPw1Nr6RoF2JMw0zBMumFGmG0i6LbCWiukPT2c+6N okRvLo2KQXTQzvzz6eVxdmZcyq2IxFrHWprtxapJK6I9Qk2ZgdPVZernPdrkkHDQtAo4 /i1kuY/IaJK+ePoh4DD720kQcWBXzXsPwWSMQcrw+7XeoVAEC/iileLIvRhVAP/0/uzC HG/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=/wLdpmQit8bkv18vrwi1Kzc9sFwhbkyLZwKAgzkuIJ4=; b=PODn5Z3IadGXXW/d6X18cRtFoU0ewimnsBI5RMqJ4RqHLc9Xzg+dC1XBIf1J1wDl3p 2PfjCh0+xkv/RGyV87vM/EM2rghPmstoOOchK+yfXVWvCkyVMX28NEcOOuEO/xq36R2A asQlFdiVwHoz7XTkk80Z+Po95Eu6w6GNqEkCXcOu7FWGbFlu3Cgs6nZQsJFrZKLBd7Fb oLkS3QS2Qy9+zGX50PHYEx1XCdDcx0AiAZ5yFHDDfgKJ4ufhDh/GDTl7pzm0L9hCFmp4 9p0SMmV6GQ7++FnS8aEXRlCCywDBoXF92GcPHl1Xx+nuxeVs67KTc9cjzFG/kjH0Slyr 6VQg==
X-Gm-Message-State: AOAM533p6SQxmvUEgD2WiegE4lxfcI4zlmddA8wYZ9y3bX45Z0V5c4S3 jO+WjwqKmxcNlSF0z1YBNAF15iS0Kx/oYKvvZNwnzQ==
X-Google-Smtp-Source: ABdhPJyKsLpkuEKVB6BDpNK1C88eolDHcKKvUmVw23tuJRlfU1sj4YmmUiZRhiYuPuUyw8R7fqS4eku0OLnrJJjo/oQ=
X-Received: by 2002:a2e:7105:: with SMTP id m5mr12529067ljc.79.1592247469240; Mon, 15 Jun 2020 11:57:49 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB63480144A85175AA35841326AE860@DM6PR05MB6348.namprd05.prod.outlook.com> <DB7PR07MB534069F46322B83AD13C216CA2830@DB7PR07MB5340.eurprd07.prod.outlook.com> <CAHw9_iJvJk16oPYEON_+G=jxUtFVHBnpZUt0RTE6aosQytHpew@mail.gmail.com> <7ECCE190-01DA-410C-B891-6732EB300FC1@cisco.com> <DB7PR07MB5340FC40FE8614C69BAD1FFBA2800@DB7PR07MB5340.eurprd07.prod.outlook.com>
In-Reply-To: <DB7PR07MB5340FC40FE8614C69BAD1FFBA2800@DB7PR07MB5340.eurprd07.prod.outlook.com>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 15 Jun 2020 14:57:12 -0400
Message-ID: <CAHw9_iJ5Kz3okmf2vK9NH7ZfFxaHTGAnamYeS5jaZXtUcY9wMg@mail.gmail.com>
To: tom petch <ietfa@btconnect.com>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/rEjzsgJPbVW806BRVp1jqEsH234>
Subject: Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 18:57:54 -0000

[ Top post ]

Thanks Nancy, Tom, et al,

I also checked with the TLS chairs and ADs[0], and Ben replied saying
that he feels it should be fine in OPSEC[1], but that it's probably
worth giving a heads-up to TLS if / when this approaches WGLC.

So, great - as I think I've already mentioned, I happen to think that
this is useful.

Thanks everyone,
W

[0]: It's really not good having WGs stepping on each other's toes,
and I hadn't been following this in TLS...
[1]: Seeing as Roman is an author, I'm gonna count that as implicit
support for it being here :-)




On Thu, Jun 11, 2020 at 4:14 AM tom petch <ietfa@btconnect.com> wrote:
>
> From: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>
> Sent: 11 June 2020 03:30
>
> On 6/10/20, 5:42 AM, "OPSEC on behalf of Warren Kumari" <opsec-bounces@ietf.org on behalf of warren@kumari.net> wrote:
>
>     On Wed, Jun 10, 2020 at 6:18 AM tom petch <ietfa@btconnect.com> wrote:
>     > From: OPSEC <opsec-bounces@ietf.org> on behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
>     > Sent: 05 June 2020 16:04
>     >
>     > Folks,
>     >
>     > This email begins a call for adoption on draft-camwinget-opsec-ns-impact<https://datatracker.ietf.org/doc/draft-camwinget-opsec-ns-impact/>t/>. The call for adoption will end on 6/19/2020.
>     >
>     > Support
>     >
>     > I would have liked this to be a TLS document but the fact that it is not makes it even more important that it is adopted.
>
>     Actually, that raises an important point -- why is it *not* a TLS
>     document? Are we wading into deep waters here? Did TLS object to this
>     document, or just show no interest, or say "'tis a fine idea, but too
>     operational for here, vaya con dios"?
> [NCW] It is the latter, that is, it is more about the operational impacts of network security.  When it was presented at the TLS WG,
> It was noted that the draft presented TLS use cases but from an operational perspective and didn't fit with their current charter.
> There were suggestions that opsec could be a better fit.
>
> <tp>
> I track the discussions on the TLS list, saw the discussion there inter alia and have a more jaundiced view.
> <rant>
> The TLS WG has many highly skilled, highly active proponents, more so than any other IETF WG I know.  Its culture I see as perfect security no matter what.  TLS 1.3 thus addresses all known problems no matter what.  If this renders it unusable in places, too bad - perfect security cannot be compromised.  This I-D says TLS 1.3 is not perfect in some settings so the TLS WG would commit suicide before ever adopting it.  Which is a shame since that is where the expertise lies and where any infelicities in the I-D might be detected.  Shame, but that is how it is.
> </rant>
> Tom Petch
>
>     Can this CfA be CCed to the TLS WG so that we get more review?
>
>
>     W
>
>     >
>     > Tom Petch
>     >
>     >                                         Ron and Jen
>     >
>     >
>     > Juniper Business Use Only
>     >
>     > _______________________________________________
>     > OPSEC mailing list
>     > OPSEC@ietf.org
>     > https://www.ietf.org/mailman/listinfo/opsec
>
>
>
>     --
>     I don't think the execution is relevant when it was obviously a bad
>     idea in the first place.
>     This is like putting rabid weasels in your pants, and later expressing
>     regret at having chosen those particular rabid weasels and that pair
>     of pants.
>        ---maf
>
>     _______________________________________________
>     OPSEC mailing list
>     OPSEC@ietf.org
>     https://www.ietf.org/mailman/listinfo/opsec
>
>


-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf