IETF Logo Mail Archive

Re: [perpass] "Its an attack" BCP draft

joel jaeggli <joelja@bogus.com> Wed, 20 November 2013 22:55 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30C041AE17F for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 14:55:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjkajtOQB8-s for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 14:55:08 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 207DE1AE133 for <perpass@ietf.org>; Wed, 20 Nov 2013 14:55:08 -0800 (PST)
Received: from mb-aye.local (c-50-174-18-221.hsd1.ca.comcast.net [50.174.18.221]) (authenticated bits=0) by nagasaki.bogus.com (8.14.7/8.14.7) with ESMTP id rAKMsZ8t093727 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Wed, 20 Nov 2013 22:54:36 GMT (envelope-from joelja@bogus.com)
Message-ID: <528D3DA6.1030505@bogus.com>
Date: Wed, 20 Nov 2013 14:54:30 -0800
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Thunderbird/25.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <528D34D7.1010303@cs.tcd.ie> <528D3A85.5090003@gmail.com> <528D3B28.8020406@cs.tcd.ie>
In-Reply-To: <528D3B28.8020406@cs.tcd.ie>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="oitGdqfhOPLCmaKLnSWqlRlFdEjDATBCB"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (nagasaki.bogus.com [147.28.0.81]); Wed, 20 Nov 2013 22:54:38 +0000 (UTC)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] "Its an attack" BCP draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 22:55:10 -0000

On 11/20/13, 2:43 PM, Stephen Farrell wrote:
> 
> 
> On 11/20/2013 10:41 PM, Brian E Carpenter wrote:
>> Just do it.
> 
> I wish:-)
> 
>> However, I am concerned by the 'bad actor' phrase. The problem is
>> that it's fine as explained in the draft, but it's highly likely to
>> be quoted out of context and thereby cause confusion. It would be
>> safer to use a neutral term ('observer'? 'surveyor'?).
> 
> Fair point, and "bad-actor" doesn't fit that well anyway. Will
> find a better term or gladly take suggestions.

a surveillor and a surveyor are rather different things.

> 
> S.
> 
>>
>> Regards
>>    Brian
>>
>> On 21/11/2013 11:16, Stephen Farrell wrote:
>>> Hi all,
>>>
>>> Following up on item 3a from the status/plan mail [1] I sent
>>> last week, Hannes and myself have written up an I-D [2] that
>>> tries to capture the consensus in the room from the Vancouver
>>> tech plenary and we're proposing as a BCP.
>>>
>>> We're deliberately trying to keep this short and sweet and to
>>> not (yet) go beyond what was the gist of the hums - we think
>>> progressing e.g. the threat model or the privacy BCP or other
>>> bits of related work is liable to take longer and there's value
>>> in documenting that the IETF as a whole has consensus on the
>>> most significant bit first so those and other bits of work
>>> don't all have to re-establish that as they are processed.
>>> Hopefully we can all easily agree that that's a useful target
>>> and focus comments on whether on not we've expressed that
>>> consensus well or not.
>>>
>>> <boring-bit>
>>> We've been bouncing versions of this around amongst the IESG
>>> and IAB for the last week, and process-wise, that has been
>>> fun already. As you'll see from section 3 of the draft, we can
>>> no longer just shoot out an RFC agreed by the IESG and IAB so
>>> the plan for this is that when Hannes and I figure this looks
>>> ready, based on your comments, then we'll ask Jari to start a
>>> 4-week IETF LC for it. When he thinks that's ok he'll start it
>>> and then we'll see how that goes. Assuming that goes well, then
>>> sometime during IESG evaluation the IAB will decide if they
>>> like the final text (or not, which'd be "interesting") and if
>>> they do then an IAB note saying "yep, we like it" will be added
>>> sometime during/after IESG evaluation before this goes to the
>>> RFC editor. In an ideal world, you'll all love the -00 already
>>> and tell us that and we'll be done with all of the above super
>>> duper process stuff by the end of the year. (Haven't we built
>>> ourselves a lovely crazy process? ;-)
>>>
>>> I really hope we don't end up with a process debate over this,
>>> since the above, silly and all as it is, should achieve the
>>> desirable outcome which is a simple BCP, approved by the IESG
>>> after an IETF LC and also supported by the IAB. The value in
>>> that is that it seems to be as close as we can get to the same
>>> setup as RFCs 1984 and 2804 which is the right kind of heritage
>>> for this one. So there is a reasonably good reason for the
>>> process-crap.
>>> </boring-bit>
>>>
>>> Anyway, ignoring process, comments on this are welcome, so
>>> please take a read of the two pages of content and let us know
>>> what you think. If you do think its already good enough for
>>> starting an IETF last call, then saying that is useful as well.
>>>
>>> And since the IETF LC will happen on the ietf@ietf.org list,
>>> using this list for initial processing should be fine.
>>>
>>> Cheers,
>>> S.
>>>
>>> [1] http://www.ietf.org/mail-archive/web/perpass/current/msg01016.html
>>> [2] http://tools.ietf.org/html/draft-farrell-perpass-attack
>>> _______________________________________________
>>> perpass mailing list
>>> perpass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perpass
>>>
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>
>>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

v2.23.0 | Report a Bug | By Email