Re: [saag] [solace] Slides posted for SAAG heads-up

Carsten Bormann <> Wed, 07 November 2012 21:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB12D21F8C3E; Wed, 7 Nov 2012 13:39:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.181
X-Spam-Status: No, score=-106.181 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IgA0Dr6iCsc7; Wed, 7 Nov 2012 13:39:12 -0800 (PST)
Received: from ( [IPv6:2001:638:708:30c9::12]) by (Postfix) with ESMTP id E690321F8AD3; Wed, 7 Nov 2012 13:39:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id qA7LcvPB015924; Wed, 7 Nov 2012 22:38:57 +0100 (CET)
Received: from ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 597108D5; Wed, 7 Nov 2012 22:38:56 +0100 (CET)
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Content-Type: text/plain; charset=iso-8859-1
From: Carsten Bormann <>
In-Reply-To: <>
Date: Wed, 7 Nov 2012 16:38:54 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: Rene Struik <>
X-Mailer: Apple Mail (2.1499)
Cc: "" <>, "" <>
Subject: Re: [saag] [solace] Slides posted for SAAG heads-up
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Nov 2012 21:39:13 -0000

Hi Rene,

good to hear from you.

Clearly, we cannot stop at exactly one usage scenario.
But I strongly believe we need to start with exactly one.
When we have the contributions for that, we can probably ask much better questions for the next round, where we will add scenarios.

The slides are indeed more for SAAG and less for people who would focus on the logistics of rolling out 50000000000 devices.
SOLACE clearly goes beyond security, or we could do it right there in the security area.

The security objectives slides are divided into one for the specific ones for a scenario and one for the general ones (one could say "motherhood and apple pie" if they were better understood).  Even if the specific ones can be toned down, we still have the general ones, and that includes avoiding susceptibility to mass attacks.  (This is one of the points that were made at the March SoS workshop.)  And that is, very much, the reason why compromising on security always leads to security compromises.

Grüße, Carsten