IETF Logo Mail Archive

Re: Re-chartering for extension work

"Martin Thomson" <mt@lowentropy.net> Fri, 10 January 2020 01:41 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF02E120131 for <quic@ietfa.amsl.com>; Thu, 9 Jan 2020 17:41:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=YQlI7cgT; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=FuZMPQ5E
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SokL2xepcgrK for <quic@ietfa.amsl.com>; Thu, 9 Jan 2020 17:41:36 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CA9E120288 for <quic@ietf.org>; Thu, 9 Jan 2020 17:41:36 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 7A8455F1 for <quic@ietf.org>; Thu, 9 Jan 2020 20:41:35 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Thu, 09 Jan 2020 20:41:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=nsjJkxikvoyFpfkZJKE3KL1XZ+161MX LSX9um89m4bk=; b=YQlI7cgTMTZ83B/MMPfhRVHY89KdMUKudlrE3Soxspsc4ok YmlrAJir9qhyzlzWGTaKWYHkA8tP9kGAljI8hzhztxk41jMMLy8+GR005Vbt+SQ8 O+pxLlgY5XKjOpK/IIJ+lNOyWYiz2cBbn/w1xXlu1r0pbtazCOGjy5bT1bUbwpXc qsICM/fSnp6VxXIxjzwMVK2rdAk+/WecUdmlOiMi+ZN9KlYqoFJgTU1ZaWzaSr9B RS3LRZzvIcuSX+0wn17azKkuGgXx6Qd0PS3wfbCQo1cljUJT1i+I7mrIvymOY8RK VCHNUswx0Q/wqGOQxk2yzefTfOdbzJ3fyahAWjQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=nsjJkx ikvoyFpfkZJKE3KL1XZ+161MXLSX9um89m4bk=; b=FuZMPQ5E9mBhT/56Fe39M4 54MciIRWbQ0kVCfBo7tIQbQIhK2oDQfLjsT1QFNj+fRgS25iiaIkvV6y5UHBPELm QMRGoQxNF+Qmik22F4pmEgnIh7YhEtNA8FlUiXSlHm0IXWCexeYPKnuSCAmJaSnL CMMuPzBxyc2Mgz/pl/x4j3QnoLhopWgA/03HwdJqxTAfJXhz5RQ5hOb0ZD9aPiPT OUXug8B/KBrQ6nMv3kQNxv7L8V90gqV2TqGoK7D6+Fcz3B3k6qpGwYdIIeDC7OVa WmNhhEzJ5Kx8V1NbWGIOSXIq2sxYJhR/6cbZmNnUjIHPityByYoLgpTh1uqZU2yg ==
X-ME-Sender: <xms:TtYXXuzCayfwwEqjqtDAaCt9RQtgGfppi0zbo5xdmpJYMKvvbwpPmw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdeivddgfeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehloh ifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:TtYXXlb3eGqiDaLYyqNuaS8IYPqguNE_3ewWdIfg2P_WqPQaRk_Vig> <xmx:TtYXXqrDdHIuWPmljke3EyVJxald8dIR2kOh9A6K2FYD6gWfCZtf3g> <xmx:TtYXXhEDAw_xX7CRdnCnUHhjOKwvO_BnitjCPd2LoaITRWBL-sKqSQ> <xmx:T9YXXi0iK6vyUh5VFxtbR-dsiPRliLVfUYUzSUHR7kSxhYaq_HYd3w>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D8B09E00A2; Thu, 9 Jan 2020 20:41:34 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-740-g7d9d84e-fmstable-20200109v1
Mime-Version: 1.0
Message-Id: <72ef65b4-0a12-4fba-975b-a35b1a425ec7@www.fastmail.com>
In-Reply-To: <20200109140145.GC7263@ubuntu-dmitri>
References: <A56547B6-2E3B-4ABE-8C9B-BA9ACC489FB2@mnot.net> <6E58094ECC8D8344914996DAD28F1CCD27D34F98@dggemm526-mbx.china.huawei.com> <A51C42AD-6D1C-432D-99B4-8BB0FB824348@mnot.net> <6E58094ECC8D8344914996DAD28F1CCD27D34FD8@dggemm526-mbx.china.huawei.com> <18FA3A15-D580-43FD-A64C-E12E79D91419@mnot.net> <6E58094ECC8D8344914996DAD28F1CCD27D35044@dggemm526-mbx.china.huawei.com> <1575ae9dcdcade6a8ec68289fd6b735eae04ed32.camel@ericsson.com> <6E58094ECC8D8344914996DAD28F1CCD27D3512A@dggemm526-mbx.china.huawei.com> <c98ddfd008714672857833383153efb7@ustx2ex-dag1mb5.msg.corp.akamai.com> <EB9765F4-C07E-4142-BCEC-5DA8AA9710E9@mnot.net> <20200109140145.GC7263@ubuntu-dmitri>
Date: Fri, 10 Jan 2020 12:41:15 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: Re-chartering for extension work
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/sznIVdSQ5gMThLAxdi7dqGZlxaQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 01:41:38 -0000

On Fri, Jan 10, 2020, at 01:01, Dmitri Tikhonov wrote:
> What is the security evaluation process?  Can just anyone do it
> (for example, myself sitting down and thinking about it really
> hard) or are there designated IETF people or entities that do
> this sort of thing?

The goal is to reach consensus on what the properties of the proposal are.  Maybe we might not agree on the value proposition, but we should be able to agree on the impact a proposal has to the privacy and security of different participants.  When we did the spin bit, we formed a design team that discussed potential threats and produced an assessment of the overall impact of the proposal.  That design team reported their findings to the group, people asked questions that were answered, we each reached our own conclusions, and ultimately we concluded that the findings were sound.  That meant that we were able to make a decision about adoption that wasn't confused by a disagreement about the facts.

It's probably not the case that everything needs a design team or that level of process as long as we are able to reach consensus, but for contentious or complicated topics, you could need even more support or background work when it comes to establishing what the facts are.  For instance, when we did HPACK, Google funded academic research into the proposal and the researchers set out to break the scheme.  That was hugely helpful in informing our decision to adopt that approach.

v2.23.0 | Report a Bug | By Email