Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)

["David P. Quigley" <dpquigl@tycho.nsa.gov>]

Small mistake in my wording I didn't mean to suggest that Pasi is the
one proposing the BOF. I probably should have used something other than
"you".

Dave

On Tue, 2008-09-30 at 18:03 -0400, David P. Quigley wrote:
> It may just be me but this just sounds like you want an environment that
> enforces mandatory access controls and has some sort of MLS or MCS
> policy in place. I am planning a bar BOF for 73 to cover MAC security
> labels and when planning it I was told that you really need a clear set
> of goals that you want to accomplish at the BOF. I didn't see any goals
> published on the saag list for this BOF so I am not quite sure what you
> are trying to accomplish here but it sounds like the same situation you
> find with respect to documents in the military.
> 
> Dave 
> 
> 
> On Wed, 2008-10-01 at 00:52 +0300, Pasi.Eronen@nokia.com wrote:
> > Thomas,
> > 
> > If I remember the history correctly, the IDRM and PERM BOFs were about
> > DRM for copyright enforcement, or managing rights for entertainment 
> > content that is usually publicly available (to anyone who pays). As 
> > you point out, this is an area where several other organizations have 
> > also been active (not very successfully, some folks might say), and 
> > I don't think IETF work in this area would have much chances either.
> > 
> > However, this BOF proposal is about managing rights for *confidential*
> > information (inside an enterprise, or between cooperating enterprises); 
> > some folks are using the term "data-centric security" to mean something 
> > similar.
> > 
> > This topic has received perhaps less attention (although e.g. Microsoft 
> > Office has related features), and there are some differences. For 
> > example, entertainment DRM often considers the user to be the adversary, 
> > but inside an enterprise, most users aren't actively trying to leak 
> > confidential information to competitors.  Also, entertainment DRM is 
> > usually "break once, run anywhere", so if it works only 50% of time, 
> > it's useless -- but preventing 50% of information leaks could be 
> > worthwhile.
> > 
> > Even this kind of "rights management" is a somewhat controversial
> > topic (especially if used outside enterprise scenarios), and personally, 
> > I have some doubts whether we at IETF have the right set of people 
> > (e.g., vendors, potential users, etc.) for this work (and it's not
> > clear what "this work" even is). However, I think the topic is 
> > sufficiently different from entertainment DRM that it might succeed
> > somewhere (even if it turns out IETF wasn't the right place).
> > 
> > Unlike Paul (who replied to you already), I might even consider going 
> > to the bar BOF, if it happens and they have good beer :-) However,
> > I want to clarify that the IETF is *not* proposing anything here -- 
> > a bar BOF is just individuals chatting over drinks.
> > 
> > Best regards,
> > Pasi
> > 
> > > -----Original Message-----
> > > From: ext Thomas Hardjono [mailto:thardjono@yahoo.com] 
> > > Sent: 30 September, 2008 21:28
> > > To: saag@ietf.org; secdir@mit.edu; Eronen Pasi (Nokia-NRC/Helsinki)
> > > Cc: Mark Baugher; thardjono@yahoo.com
> > > Subject: Re: [saag] Pasi's AD notes for September 2008
> > > 
> > > 
> > > 
> > > Pasi, Tim,
> > > 
> > > Apologies for asking, but I was wondering about the proposed 
> > > Content Rights Management (ie. DRM) BOF. More specifically, I 
> > > was wondering if the IETF is now open to discussing such a 
> > > "DRM standard".
> > > 
> > > Back in 2001, Mark Baugher and myself went through two (2) 
> > > BOFs proposing the creation of an IETF open standards for a 
> > > DRM protocol.  If my memory serves me right the presiding ADs 
> > > was Steve Bellovin and Russ Housley. The specific protocol 
> > > was called PERM, and the slides can be found here:
> > > http://hardjono.net/idrm/
> > > 
> > > At that time the outcry against this effort was deafening. I 
> > > was arguing that it was better for the IETF to own such a 
> > > protocol and made it it "open" (ie. not proprietary and no 
> > > need to sign consortium legal paperwork). Since that time 
> > > there has been a plethora of DRM related products and 
> > > standards (eg. Apple, MSFT RM, OMA-download, CableLabs, 5C, 
> > > etc, etc). In a sense, the IETF missed the boat on this one.
> > > 
> > > Not that I'm unsupportive, but I was wondering what is 
> > > motivating the IETF to propose such a BOF again at this time :)
> > > 
> > > Thanks.
> > > 
> > > Regards.
> > > 
> > > /thomas/
> > > 
> > > --- On Tue, 9/30/08, Pasi.Eronen@nokia.com 
> > > <Pasi.Eronen@nokia.com> wrote:
> > > 
> > > > From: Pasi.Eronen@nokia.com <Pasi.Eronen@nokia.com>
> > > > Subject: [saag] Pasi's AD notes for September 2008
> > > > To: saag@ietf.org, secdir@mit.edu
> > > > Date: Tuesday, September 30, 2008, 3:21 AM
> > > > Hi all,
> > > > 
> > > > Here's again a short status update about what things
> > > > are going on 
> > > > from my point-of-view. If you notice anything that
> > > > doesn't look
> > > > right, let me know -- miscommunication and mix-ups do
> > > > happen.
> > > > 
> > > > Best regards,
> > > > Pasi
> > > > 
> > > > MISC NOTES
> > > > 
> > > > - There have been two security-related BoF requests for
> > > > IETF73:
> > > >   OAuth (in the applications area), and Content Rights
> > > > Management
> > > >   (in the security area). For the latter, Tim and I have
> > > > recommended 
> > > >   having a bar BoF first. 
> > > > - SecDir mailing list is in the process of being moved from
> > > > mit.edu 
> > > >   to ietf.org servers.
> > > > - I've spent some time this month on tools development
> > > > and IESG
> > > >   process improvements -- nothing is ready yet, but
> > > > hopefully soon..
> > > > 
> > > > WORKING GROUPS
> > > > 
> > > > DKIM
> > > > - draft-ietf-dkim-ssp: in Publication Requested, waiting
> > > > for 
> > > >   me to read it.
> > > > - Waiting for WG to send list of RFC errata IDs the WG
> > > > agrees on.
> > > > 
> > > > EMU
> > > > - draft-ietf-emu-gpsk: in AD Evaluation -- waiting for
> > > > revised 
> > > >   ID that reflects the new WG consensus on MAC length/key
> > > > size 
> > > >   issue before going to IETF last call (since 2008-08-25)
> > > > - A liaison statement reply was sent to ITU-T SG 17
> > > > regarding X.1034, 
> > > >   "Guidelines on EAP-based authentication and key
> > > > management in a 
> > > >   data communication network".
> > > > - IESG appointed Joe Salowey as the designated expert for
> > > > IANA 
> > > >   allocation of EAP Type Codes
> > > > - (not WG item) draft-arkko-eap-aka-kdf ís now in IETF
> > > > Last Call
> > > > 
> > > > IPSECME
> > > > - Lots of emails that I need to read (but haven't done
> > > > so yet)
> > > > - (not wearing AD hat) I sent my "things that need to
> > > > be looked at" 
> > > >   list about IKEv2bis to the mailing list; I need to check
> > > > that   
> > > >   they got entered in the issue tracker, too.
> > > > 
> > > > ISMS
> > > > - It seems the discussion has largely converged; I'm
> > > > waiting for
> > > >   revised IDs to read and review.
> > > > 
> > > > KEYPROV
> > > > - I sent more comments regarding PSKC; I need to read the
> > > > replies
> > > >   and participate in discussion.
> > > > - I need to review and comment DSKPP, too.
> > > >   
> > > > SASL
> > > > - I replied to Frank Ellermann's appeal about WG
> > > > chairs' handling 
> > > >   of draft-ietf-sasl-crammd5.
> > > > - Waiting for charter update text from the chairs (>6
> > > > months)
> > > > 
> > > > SYSLOG
> > > > - draft-ietf-syslog-transport-tls: a revised version
> > > > addressing
> > > >   Chris Newman's DISCUSS should be posted in a couple
> > > > of days.
> > > > - draft-ietf-syslog-sign: there has been a bunch of replies
> > > > to my
> > > >   AD evaluation comments that I need to read and process,
> > > > but I 
> > > >   haven't done so yet.
> > > > 
> > > > TLS
> > > > - (not WG item) draft-rescorla-tls-suiteb is now in IETF
> > > > Last Call.
> > > > - (not WG item) draft-hajjeh-tls-identity-protection: IESG
> > > > reviewed
> > > >   this independent submission to the RFC Editor, and
> > > > recommended
> > > >   not publishing it.
> > > > 
> > > > OTHER DOCUMENTS
> > > > 
> > > > - draft-ietf-capwap-*: I've been working with Pat and
> > > > others,
> > > >   and I think we're done (except that agreed text needs
> > > > to be   
> > > >   edited in, and some editorial nits fixed).
> > > > - draft-ietf-avt-rtcpssm: no news; waiting for Joerg to
> > > > explore
> > > >   "feedback debug" messages.
> > > > - draft-santesson-digestbind: I read this and sent comments
> > > > to
> > > >   Stefan.
> > > > - PKCS #1/RFC 3447 update: waiting for James Randall to
> > > > post an
> > > >   update including the various errata.
> > > > - draft-mattsson-srtp-store-and-forward: I've promised
> > > > to read 
> > > >   this and send comments, but haven't done so yet.
> > > > - draft-ietf-mpls-mpls-and-gmpls-security-framework:
> > > > I've promised 
> > > >   to read this once there's a new version.
> > > > - "Security roadmap for routing protocols":
> > > > I've promised to read
> > > >   and comment this once Gregory sends something.
> > > >   
> > > > DISCUSSES (active -- something happened within last month)
> > > > 
> > > > - draft-ietf-capwap-protocol-binding-ieee80211: text
> > > > agreed,
> > > >   waiting for authors to submit a revised ID [since
> > > > 2008-09-26]
> > > > - draft-ietf-lemonade-msgevent: waiting for authors to
> > > > submit
> > > >   a revised ID [since 2008-09-08]
> > > > - draft-ietf-mip6-whyauthdataoption: waiting for authors to
> > > > submit 
> > > >   a revised ID [since 2008-09-08]
> > > > - draft-ietf-mipshop-mstp-solution: the authors have
> > > > replied to  
> > > >   my comments; I need to read the replies [since
> > > > 2008-09-26]
> > > > - draft-ietf-nfsv4-rpcsec-gss-v2: waiting for authors to
> > > >   reply to my comments [since 2008-09-25]
> > > > - draft-ietf-sieve-refuse-reject: waiting for authors to
> > > > reply
> > > >   to my comments [since 2008-09-11]
> > > > - draft-ietf-sipping-race-examples: waiting for document
> > > > shepherd
> > > >   or Jon to comment the "Updates" issue [since
> > > > 2008-09-26]
> > > > - draft-ietf-v6ops-addcon: the changes in version -10 were
> > > > sent
> > > >   to 6MAN WG for review; I'll clear once this has
> > > > happened 
> > > >   [expected to happen on 2008-10-01]
> > > > - draft-mraihi-inch-thraud: version -07 addressed almost
> > > > all of 
> > > >   my comments; waiting for authors to send RFC Editor Note
> > > > text
> > > >   fixing the IANA issue, too [since 2008-09-02]
> > > > 
> > > > DISCUSSES (stalled -- I haven't heard anything from the
> > > > authors 
> > > > or document shepherd for over one month)
> > > > 
> > > > - draft-cain-post-inch-phishingextns: waiting for authors
> > > > to reply 
> > > >   to my comments or submit a revised ID [since 2008-08-28]
> > > > - draft-cam-winget-eap-fast-provisioning: waiting for
> > > > authors to 
> > > >   reply to my comments or submit a revised ID [since
> > > > 2008-08-28]
> > > > - draft-hautakorpi-sipping-uri-list-handling-refused: text
> > > > agreed, 
> > > >   waiting for authors to submit a revised ID [since
> > > > 2008-07-03]
> > > > - draft-ietf-enum-experiences: talked briefly with Jon
> > > > Peterson 
> > > >   in Dublin -- waiting to hear more from the authors and/or
> > > > Jon
> > > >   [since 2008-07-31]
> > > > - draft-ietf-pce-pcep: new version -15 addressed some
> > > > comments from
> > > >   other ADs; some discussions about my comments has
> > > > occured;
> > > >   waiting for proposed text or revised ID [since
> > > > 2008-06-16]
> > > > - draft-ietf-pwe3-pw-atm-mib: waiting for authors to reply
> > > > to
> > > >   my comments or submit a revised ID [since 2008-07-02]
> > > > - draft-zhou-emu-fast-gtc: changes probably agreed, waiting
> > > > for authors
> > > >   to submit a revised ID to see exact text [since
> > > > 2008-08-28]
> > > > 
> > > > DISCUSSES (presumed dead -- I haven't heard anything
> > > > from the authors
> > > > or document shepherd for over three months)
> > > > 
> > > > - draft-ietf-bfd-base: waiting for authors to reply to my 
> > > >   comments or submit a revised ID [since 2008-06-05]
> > > > - draft-ietf-bfd-multihop: waiting for authors to reply to 
> > > >   my comments or submit a revised ID [since 2008-06-05]
> > > > - draft-ietf-bfd-v4v6-1hop: waiting for authors to reply to
> > > > 
> > > >   my comments or submit a revised ID [since 2008-06-05]
> > > > - draft-ietf-shim6-proto: waiting for Erik to propose
> > > > something 
> > > >   to solve IPsec interaction issue [since 2008-06-18]
> > > > - draft-ietf-simple-imdn: waiting for authors to reply to
> > > > my 
> > > >   comments or submit a revised ID [since 2008-05-14]
> > > > - draft-ietf-sipping-sbc-funcs: new version (-06) addressed
> > > >   all comments except one; text agreed for the remaining
> > > > one,
> > > >   waiting for RFC editor note or revised ID [since
> > > > 2008-06-17]
> > > > - draft-ietf-tsvwg-emergency-rsvp: this document has large 
> > > >   number of discusses/abstains; waiting for Magnus to
> > > > figure
> > > >   out next steps [since 2008-06-03]
> > > > 
> > > > --end--
> > > > _______________________________________________
> > > > saag mailing list
> > > > saag@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/saag
> > > 
> > > 
> > > 
> > > 
> > > 
> > _______________________________________________
> > saag mailing list
> > saag@ietf.org
> > https://www.ietf.org/mailman/listinfo/saag
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag