IETF Logo Mail Archive

Re: [perpass] "Its an attack" BCP draft

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 20 November 2013 23:42 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3BED1AE5B3 for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 15:42:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cIRd0_XSeBy for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 15:42:29 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id D49A91AE5B1 for <perpass@ietf.org>; Wed, 20 Nov 2013 15:42:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EFD06BE6E; Wed, 20 Nov 2013 23:42:21 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y2WdzibzfAhP; Wed, 20 Nov 2013 23:42:20 +0000 (GMT)
Received: from [10.87.48.12] (unknown [86.44.78.110]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4819DBE68; Wed, 20 Nov 2013 23:42:20 +0000 (GMT)
Message-ID: <528D48DC.6020907@cs.tcd.ie>
Date: Wed, 20 Nov 2013 23:42:20 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: "Fred Baker (fred)" <fred@cisco.com>
References: <528D34D7.1010303@cs.tcd.ie> <D643E77C-7978-4167-8482-CA1FE560817A@cisco.com> <B8BC308C-4AF0-4093-AA65-F90B11FCD9E2@cisco.com>
In-Reply-To: <B8BC308C-4AF0-4093-AA65-F90B11FCD9E2@cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] "Its an attack" BCP draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 23:42:33 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thanks Fred.

Interestingly RFC 4949 does define attack but not mitigation
(it does define countermeasure).

I think its a fair point that these need good definitions and
in this document. Pete Resnick btw, was the one who suggested
being specific about these terms. I had just assumed them as
obvious, but now see he (and you) are right about that.

I'll go over what 4949 says and your suggestions below and
come back with something tomorrow/Friday.

Cheers,
S.


On 11/20/2013 11:35 PM, Fred Baker (fred) wrote:
> 
> On Nov 20, 2013, at 3:31 PM, Fred Baker <fred@cisco.com> wrote:
> 
>> I just read your ID.
>> 
>> I think the sense of the ID is pretty much correct. You
>> half-define two words, "attack" and "mitigate", in saying
>> something about what they are not (an attack, you say, has a
>> "bad-actor", but implies nothing about the motivations of the
>> attacker, and a "mitigation" doesn't make the attack go away, it
>> merely makes it more expensive). I think you would do well to
>> actually define the terms.
>> 
>> BTW, I think "bad actor" is a bad choice of words if you want to
>> remove value judgements and motivations from the discussion. I'd
>> suggest a more neutral term.
>> 
>> My definitions probably need work, but I think I'm looking for
>> something like:
>> 
>> 
>> Glossary:
>> 
>> "Attack": In common English usage, an "attack" is an aggressive
>> action perpetrated by an opponent, intended to enforce the
>> opponent's will on the attacked party. In the Internet, the term
>> is used to refer to a behavior that subverts the intent of a
>> communicator without the knowledge of the parties to the
>> communication. It may be active or passive. It may change the
>> content of the communication, record the content of the
>> communication, or through correlation with other communication
>> events or attempts, reveal information the communicator did not
>> intend to be revealed. It may also prevent communication or delay
>> a time-sensitive communication more than its sensitivity
>> permits.
> 
> It may force the communicator to spend money to mitigate attacks
> rather than pursue his personal or business interest.
> 
>> It may also have other effects that similarly subvert the intent
>> of a communicator.
>> 
>> "Mitigation": As in common english usage, the term is used in the
>> Internet in the sense of "make less severe, serious, or painful."
>> (http://www.oxforddictionaries.com/us/definition/american_english/mitigate).
>> Colloquially, the term is also used in the sense of making
>> something of no effect, but this usage is not implied in the
>> Internet context. If a person is cold, common english usage would
>> consider the act of putting on a coat or the act of entering a
>> warm building as mitigations. While the latter (making the matter
>> of no effect) is desirable, for many purposes the former is
>> cost-effective and sufficient for the purpose.
>> 
>> 
>> 
>> You might also walk through the document looking for run-on
>> sentences and verbal lists. Search for the word "and", and ask
>> yourself in each usage whether it could be usefully replaced with
>> a period followed by the start of a new sentence. Search also for
>> the word "or"; a list is "A, B, or C", not "A or B or C". In
>> general, try to use simple sentences in active voice ("A does B
>> to C"), as opposed to more complex sentences or passive voice ("B
>> is done to C by A").
> 
> 
> 
> _______________________________________________ perpass mailing
> list perpass@ietf.org 
> https://www.ietf.org/mailman/listinfo/perpass
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJSjUjbAAoJEC88hzaAX42iKAUIALD1Y3OtD3fGGvWEZeWT+74h
mzNOFGlWM7Pu2CTvZ/7YZnn1pEoPpnspIsehi3Jx0UQ6fTUjNL9ABpMCAetZrV4M
6VJrp8N8gNc0skKXolGBcHf1vNnAj1rU6GsJ8T3kZIwd8KD7dEwynTu8wfw3Sokr
A/o2mbMdPQiq0ev1N5bvs+qtuMOPdFaQAbgkiDZB38SKdGr/297PxctlYf+n0T3K
twcA1hBPyC1IODFybKXdHb9ohBLkb+5/WI9FwVf55iSkc5AFovCy5l7dVcjvncy/
DxcZ1LkDnI1Os5o+pBtdk0yizjL4idopWJLAJD3PnbuiE313GMk6fGdwPVgU7yY=
=PNpg
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email