Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)
"David P. Quigley" <dpquigl@tycho.nsa.gov> Tue, 30 September 2008 22:36 UTC
Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DAC6A3A6906; Tue, 30 Sep 2008 15:36:27 -0700 (PDT)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DA703A6800 for <saag@core3.amsl.com>; Tue, 30 Sep 2008 15:36:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yx6Lqs8PL9sY for <saag@core3.amsl.com>; Tue, 30 Sep 2008 15:36:25 -0700 (PDT)
Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by core3.amsl.com (Postfix) with ESMTP id 912913A688E for <saag@ietf.org>; Tue, 30 Sep 2008 15:36:25 -0700 (PDT)
Received: from facesaver.epoch.ncsc.mil (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id m8UMaHxl007195; Tue, 30 Sep 2008 22:36:17 GMT
Received: from [144.51.25.2] (moss-terrapins [144.51.25.2]) by facesaver.epoch.ncsc.mil (8.13.1/8.13.1) with ESMTP id m8UMaFi5014636; Tue, 30 Sep 2008 18:36:15 -0400
From: "David P. Quigley" <dpquigl@tycho.nsa.gov>
To: Pasi.Eronen@nokia.com
In-Reply-To: <1222812229.31539.38.camel@moss-terrapins.epoch.ncsc.mil>
References: <224856.81582.qm@web31809.mail.mud.yahoo.com> <1696498986EFEC4D9153717DA325CB7201C311C7@vaebe104.NOE.Nokia.com> <1222812229.31539.38.camel@moss-terrapins.epoch.ncsc.mil>
Date: Tue, 30 Sep 2008 18:17:24 -0400
Message-Id: <1222813044.31539.43.camel@moss-terrapins.epoch.ncsc.mil>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9)
Cc: saag@ietf.org
Subject: Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org
Small mistake in my wording I didn't mean to suggest that Pasi is the one proposing the BOF. I probably should have used something other than "you". Dave On Tue, 2008-09-30 at 18:03 -0400, David P. Quigley wrote: > It may just be me but this just sounds like you want an environment that > enforces mandatory access controls and has some sort of MLS or MCS > policy in place. I am planning a bar BOF for 73 to cover MAC security > labels and when planning it I was told that you really need a clear set > of goals that you want to accomplish at the BOF. I didn't see any goals > published on the saag list for this BOF so I am not quite sure what you > are trying to accomplish here but it sounds like the same situation you > find with respect to documents in the military. > > Dave > > > On Wed, 2008-10-01 at 00:52 +0300, Pasi.Eronen@nokia.com wrote: > > Thomas, > > > > If I remember the history correctly, the IDRM and PERM BOFs were about > > DRM for copyright enforcement, or managing rights for entertainment > > content that is usually publicly available (to anyone who pays). As > > you point out, this is an area where several other organizations have > > also been active (not very successfully, some folks might say), and > > I don't think IETF work in this area would have much chances either. > > > > However, this BOF proposal is about managing rights for *confidential* > > information (inside an enterprise, or between cooperating enterprises); > > some folks are using the term "data-centric security" to mean something > > similar. > > > > This topic has received perhaps less attention (although e.g. Microsoft > > Office has related features), and there are some differences. For > > example, entertainment DRM often considers the user to be the adversary, > > but inside an enterprise, most users aren't actively trying to leak > > confidential information to competitors. Also, entertainment DRM is > > usually "break once, run anywhere", so if it works only 50% of time, > > it's useless -- but preventing 50% of information leaks could be > > worthwhile. > > > > Even this kind of "rights management" is a somewhat controversial > > topic (especially if used outside enterprise scenarios), and personally, > > I have some doubts whether we at IETF have the right set of people > > (e.g., vendors, potential users, etc.) for this work (and it's not > > clear what "this work" even is). However, I think the topic is > > sufficiently different from entertainment DRM that it might succeed > > somewhere (even if it turns out IETF wasn't the right place). > > > > Unlike Paul (who replied to you already), I might even consider going > > to the bar BOF, if it happens and they have good beer :-) However, > > I want to clarify that the IETF is *not* proposing anything here -- > > a bar BOF is just individuals chatting over drinks. > > > > Best regards, > > Pasi > > > > > -----Original Message----- > > > From: ext Thomas Hardjono [mailto:thardjono@yahoo.com] > > > Sent: 30 September, 2008 21:28 > > > To: saag@ietf.org; secdir@mit.edu; Eronen Pasi (Nokia-NRC/Helsinki) > > > Cc: Mark Baugher; thardjono@yahoo.com > > > Subject: Re: [saag] Pasi's AD notes for September 2008 > > > > > > > > > > > > Pasi, Tim, > > > > > > Apologies for asking, but I was wondering about the proposed > > > Content Rights Management (ie. DRM) BOF. More specifically, I > > > was wondering if the IETF is now open to discussing such a > > > "DRM standard". > > > > > > Back in 2001, Mark Baugher and myself went through two (2) > > > BOFs proposing the creation of an IETF open standards for a > > > DRM protocol. If my memory serves me right the presiding ADs > > > was Steve Bellovin and Russ Housley. The specific protocol > > > was called PERM, and the slides can be found here: > > > http://hardjono.net/idrm/ > > > > > > At that time the outcry against this effort was deafening. I > > > was arguing that it was better for the IETF to own such a > > > protocol and made it it "open" (ie. not proprietary and no > > > need to sign consortium legal paperwork). Since that time > > > there has been a plethora of DRM related products and > > > standards (eg. Apple, MSFT RM, OMA-download, CableLabs, 5C, > > > etc, etc). In a sense, the IETF missed the boat on this one. > > > > > > Not that I'm unsupportive, but I was wondering what is > > > motivating the IETF to propose such a BOF again at this time :) > > > > > > Thanks. > > > > > > Regards. > > > > > > /thomas/ > > > > > > --- On Tue, 9/30/08, Pasi.Eronen@nokia.com > > > <Pasi.Eronen@nokia.com> wrote: > > > > > > > From: Pasi.Eronen@nokia.com <Pasi.Eronen@nokia.com> > > > > Subject: [saag] Pasi's AD notes for September 2008 > > > > To: saag@ietf.org, secdir@mit.edu > > > > Date: Tuesday, September 30, 2008, 3:21 AM > > > > Hi all, > > > > > > > > Here's again a short status update about what things > > > > are going on > > > > from my point-of-view. If you notice anything that > > > > doesn't look > > > > right, let me know -- miscommunication and mix-ups do > > > > happen. > > > > > > > > Best regards, > > > > Pasi > > > > > > > > MISC NOTES > > > > > > > > - There have been two security-related BoF requests for > > > > IETF73: > > > > OAuth (in the applications area), and Content Rights > > > > Management > > > > (in the security area). For the latter, Tim and I have > > > > recommended > > > > having a bar BoF first. > > > > - SecDir mailing list is in the process of being moved from > > > > mit.edu > > > > to ietf.org servers. > > > > - I've spent some time this month on tools development > > > > and IESG > > > > process improvements -- nothing is ready yet, but > > > > hopefully soon.. > > > > > > > > WORKING GROUPS > > > > > > > > DKIM > > > > - draft-ietf-dkim-ssp: in Publication Requested, waiting > > > > for > > > > me to read it. > > > > - Waiting for WG to send list of RFC errata IDs the WG > > > > agrees on. > > > > > > > > EMU > > > > - draft-ietf-emu-gpsk: in AD Evaluation -- waiting for > > > > revised > > > > ID that reflects the new WG consensus on MAC length/key > > > > size > > > > issue before going to IETF last call (since 2008-08-25) > > > > - A liaison statement reply was sent to ITU-T SG 17 > > > > regarding X.1034, > > > > "Guidelines on EAP-based authentication and key > > > > management in a > > > > data communication network". > > > > - IESG appointed Joe Salowey as the designated expert for > > > > IANA > > > > allocation of EAP Type Codes > > > > - (not WG item) draft-arkko-eap-aka-kdf ís now in IETF > > > > Last Call > > > > > > > > IPSECME > > > > - Lots of emails that I need to read (but haven't done > > > > so yet) > > > > - (not wearing AD hat) I sent my "things that need to > > > > be looked at" > > > > list about IKEv2bis to the mailing list; I need to check > > > > that > > > > they got entered in the issue tracker, too. > > > > > > > > ISMS > > > > - It seems the discussion has largely converged; I'm > > > > waiting for > > > > revised IDs to read and review. > > > > > > > > KEYPROV > > > > - I sent more comments regarding PSKC; I need to read the > > > > replies > > > > and participate in discussion. > > > > - I need to review and comment DSKPP, too. > > > > > > > > SASL > > > > - I replied to Frank Ellermann's appeal about WG > > > > chairs' handling > > > > of draft-ietf-sasl-crammd5. > > > > - Waiting for charter update text from the chairs (>6 > > > > months) > > > > > > > > SYSLOG > > > > - draft-ietf-syslog-transport-tls: a revised version > > > > addressing > > > > Chris Newman's DISCUSS should be posted in a couple > > > > of days. > > > > - draft-ietf-syslog-sign: there has been a bunch of replies > > > > to my > > > > AD evaluation comments that I need to read and process, > > > > but I > > > > haven't done so yet. > > > > > > > > TLS > > > > - (not WG item) draft-rescorla-tls-suiteb is now in IETF > > > > Last Call. > > > > - (not WG item) draft-hajjeh-tls-identity-protection: IESG > > > > reviewed > > > > this independent submission to the RFC Editor, and > > > > recommended > > > > not publishing it. > > > > > > > > OTHER DOCUMENTS > > > > > > > > - draft-ietf-capwap-*: I've been working with Pat and > > > > others, > > > > and I think we're done (except that agreed text needs > > > > to be > > > > edited in, and some editorial nits fixed). > > > > - draft-ietf-avt-rtcpssm: no news; waiting for Joerg to > > > > explore > > > > "feedback debug" messages. > > > > - draft-santesson-digestbind: I read this and sent comments > > > > to > > > > Stefan. > > > > - PKCS #1/RFC 3447 update: waiting for James Randall to > > > > post an > > > > update including the various errata. > > > > - draft-mattsson-srtp-store-and-forward: I've promised > > > > to read > > > > this and send comments, but haven't done so yet. > > > > - draft-ietf-mpls-mpls-and-gmpls-security-framework: > > > > I've promised > > > > to read this once there's a new version. > > > > - "Security roadmap for routing protocols": > > > > I've promised to read > > > > and comment this once Gregory sends something. > > > > > > > > DISCUSSES (active -- something happened within last month) > > > > > > > > - draft-ietf-capwap-protocol-binding-ieee80211: text > > > > agreed, > > > > waiting for authors to submit a revised ID [since > > > > 2008-09-26] > > > > - draft-ietf-lemonade-msgevent: waiting for authors to > > > > submit > > > > a revised ID [since 2008-09-08] > > > > - draft-ietf-mip6-whyauthdataoption: waiting for authors to > > > > submit > > > > a revised ID [since 2008-09-08] > > > > - draft-ietf-mipshop-mstp-solution: the authors have > > > > replied to > > > > my comments; I need to read the replies [since > > > > 2008-09-26] > > > > - draft-ietf-nfsv4-rpcsec-gss-v2: waiting for authors to > > > > reply to my comments [since 2008-09-25] > > > > - draft-ietf-sieve-refuse-reject: waiting for authors to > > > > reply > > > > to my comments [since 2008-09-11] > > > > - draft-ietf-sipping-race-examples: waiting for document > > > > shepherd > > > > or Jon to comment the "Updates" issue [since > > > > 2008-09-26] > > > > - draft-ietf-v6ops-addcon: the changes in version -10 were > > > > sent > > > > to 6MAN WG for review; I'll clear once this has > > > > happened > > > > [expected to happen on 2008-10-01] > > > > - draft-mraihi-inch-thraud: version -07 addressed almost > > > > all of > > > > my comments; waiting for authors to send RFC Editor Note > > > > text > > > > fixing the IANA issue, too [since 2008-09-02] > > > > > > > > DISCUSSES (stalled -- I haven't heard anything from the > > > > authors > > > > or document shepherd for over one month) > > > > > > > > - draft-cain-post-inch-phishingextns: waiting for authors > > > > to reply > > > > to my comments or submit a revised ID [since 2008-08-28] > > > > - draft-cam-winget-eap-fast-provisioning: waiting for > > > > authors to > > > > reply to my comments or submit a revised ID [since > > > > 2008-08-28] > > > > - draft-hautakorpi-sipping-uri-list-handling-refused: text > > > > agreed, > > > > waiting for authors to submit a revised ID [since > > > > 2008-07-03] > > > > - draft-ietf-enum-experiences: talked briefly with Jon > > > > Peterson > > > > in Dublin -- waiting to hear more from the authors and/or > > > > Jon > > > > [since 2008-07-31] > > > > - draft-ietf-pce-pcep: new version -15 addressed some > > > > comments from > > > > other ADs; some discussions about my comments has > > > > occured; > > > > waiting for proposed text or revised ID [since > > > > 2008-06-16] > > > > - draft-ietf-pwe3-pw-atm-mib: waiting for authors to reply > > > > to > > > > my comments or submit a revised ID [since 2008-07-02] > > > > - draft-zhou-emu-fast-gtc: changes probably agreed, waiting > > > > for authors > > > > to submit a revised ID to see exact text [since > > > > 2008-08-28] > > > > > > > > DISCUSSES (presumed dead -- I haven't heard anything > > > > from the authors > > > > or document shepherd for over three months) > > > > > > > > - draft-ietf-bfd-base: waiting for authors to reply to my > > > > comments or submit a revised ID [since 2008-06-05] > > > > - draft-ietf-bfd-multihop: waiting for authors to reply to > > > > my comments or submit a revised ID [since 2008-06-05] > > > > - draft-ietf-bfd-v4v6-1hop: waiting for authors to reply to > > > > > > > > my comments or submit a revised ID [since 2008-06-05] > > > > - draft-ietf-shim6-proto: waiting for Erik to propose > > > > something > > > > to solve IPsec interaction issue [since 2008-06-18] > > > > - draft-ietf-simple-imdn: waiting for authors to reply to > > > > my > > > > comments or submit a revised ID [since 2008-05-14] > > > > - draft-ietf-sipping-sbc-funcs: new version (-06) addressed > > > > all comments except one; text agreed for the remaining > > > > one, > > > > waiting for RFC editor note or revised ID [since > > > > 2008-06-17] > > > > - draft-ietf-tsvwg-emergency-rsvp: this document has large > > > > number of discusses/abstains; waiting for Magnus to > > > > figure > > > > out next steps [since 2008-06-03] > > > > > > > > --end-- > > > > _______________________________________________ > > > > saag mailing list > > > > saag@ietf.org > > > > https://www.ietf.org/mailman/listinfo/saag > > > > > > > > > > > > > > > > > _______________________________________________ > > saag mailing list > > saag@ietf.org > > https://www.ietf.org/mailman/listinfo/saag > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag
- [saag] Pasi's AD notes for September 2008 Pasi.Eronen
- Re: [saag] Pasi's AD notes for September 2008 Thomas Hardjono
- Re: [saag] Pasi's AD notes for September 2008 Paul Hoffman
- [saag] Content rights management (was: Pasi's AD … Pasi.Eronen
- Re: [saag] Content rights management (was: Pasi's… David P. Quigley
- Re: [saag] Content rights management (was: Pasi's… David P. Quigley
- Re: [saag] Content rights management (was: Pasi's… Paul Gleichauf