IETF Logo Mail Archive

Re: [perpass] my synopsis of the BoF session outcome

Stephen Kent <kent@bbn.com> Tue, 19 November 2013 21:26 UTC

Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655F51AE1A0 for <perpass@ietfa.amsl.com>; Tue, 19 Nov 2013 13:26:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.726
X-Spam-Level:
X-Spam-Status: No, score=-6.726 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BHyx7nGAL5A for <perpass@ietfa.amsl.com>; Tue, 19 Nov 2013 13:26:38 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 205BC1AE168 for <perpass@ietf.org>; Tue, 19 Nov 2013 13:26:38 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:56565 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VisoZ-000FBI-J7 for perpass@ietf.org; Tue, 19 Nov 2013 16:26:31 -0500
Message-ID: <528BD786.5010702@bbn.com>
Date: Tue, 19 Nov 2013 16:26:30 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: perpass@ietf.org
References: <5284E20D.8000402@cs.tcd.ie>
In-Reply-To: <5284E20D.8000402@cs.tcd.ie>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] my synopsis of the BoF session outcome
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 21:26:39 -0000

Stephen,

Nice job of collecting the vast number of comments during the session.

Some thoughts on a few of the notes:
> - IPv6 + IPsec + RFC 6092 => IKE, ESP get in, could make
>    things better?
do we have any info on whether many CPE devices conform to most (all?) 
of the recommendations in 6092?
> Research topics, maybe for IAB w/s or IRTF?:
>
> - problems handling security protocol failures (e.g. cert
>    expiry)
I don't see handling cert expiry as a research problem. it seems that 
vendors
have decided that too many CAs are too sloppy re cert expiration and thus
products are lenient wrt expiration, which, of course, disrupts a possible
feedback loop ...
> Actionable maybe, nothing done yet:
>
> - maybe get servers (web) and CA people together to try
>    develop some usable certification protocols
what protocols do you think we are missing?
> - IETF should go beyond legislative definitions of personal
>    data e.g. meta-data, define PII as privacy impacting
>    information
I disagree with this suggestion. PII is defined by law in several
jurisdictions. If we want to define privacy-related info, create a
new term, but don't start a fight over an existing, defined term
> - (plenary) we should set the GAAP equivalent for
>    security and privacy
GAAP are defined by the IASB. Even though the IESG share several acronym 
letters
and length, there are way too many differences to believe that they can 
be the
source of an analogous set of principles. Also, many of the issues that 
affect
security and privacy in the Internet are host/server issues that are 
outside of
the protocol purview of the IETF.

Steve

v2.23.0 | Report a Bug | By Email