Re: [saag] draft-mm-wg-effect-encrypt-03 - Next Steps
<nalini.elkins@insidethestack.com> Tue, 18 October 2016 21:32 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40108129895 for <saag@ietfa.amsl.com>; Tue, 18 Oct 2016 14:32:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6RXtO6tg5gW for <saag@ietfa.amsl.com>; Tue, 18 Oct 2016 14:32:41 -0700 (PDT)
Received: from nm5-vm5.bullet.mail.ne1.yahoo.com (nm5-vm5.bullet.mail.ne1.yahoo.com [98.138.91.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50AC11294E7 for <saag@ietf.org>; Tue, 18 Oct 2016 14:32:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1476826360; bh=ifYjbe8YRfONE0FkIm9iYRWzm1EeA0LytBWTDHemgMs=; h=Date:From:Reply-To:To:Cc:Subject:References:From:Subject; b=uGaRVi5xRonc5AxjMvlXB2kymX8rVI8jlGh1BkiCG6mLksc1DJKwVoiRpB+V4ruFEOBxtZMU8Vxv6rTCExaRlnlvDfUCKZzi6XzrgeftuU8ETMe1qlcLa3RXmnGLk6pWtK/Q7uv7X1VHs2e9zklEel1KDfXEnN820GUUrr0fRP/jPqvIcFajLHZCBU/argrtJc9/RVZqhVHi+9RJp4CCfr6NI73AjRLi4JjYw68wfbYvQAR83tEb1r7vQBhTVwbQr5Ho7KGK1sGyJfo4sNbyVj5/umkCyENntlqTakDoVMT0+4xVmf1c+++II6lO1Y8s+N8KhzimSPXOZVNuNeljvw==
Received: from [98.138.100.117] by nm5.bullet.mail.ne1.yahoo.com with NNFMP; 18 Oct 2016 21:32:40 -0000
Received: from [98.138.89.175] by tm108.bullet.mail.ne1.yahoo.com with NNFMP; 18 Oct 2016 21:32:40 -0000
Received: from [127.0.0.1] by omp1031.mail.ne1.yahoo.com with NNFMP; 18 Oct 2016 21:32:40 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 765551.67756.bm@omp1031.mail.ne1.yahoo.com
X-YMail-OSG: 6Y2U5MEVM1kxyKckoJ6xZbk4NfjT.3nmy0lYO2nxIEF8U73jx1WgF82vVl72.X3 zv03kWGa_e0h8aBjWKRQtImW8bm8iCBZkfuH3cGIHDjFPyfOCt_ONN8Hd5_KlclD.YS5CyX9NBjl wyPmoLK_tkHIBsBxfygrl1YBEMa0sIV6H7uWIWLBLSnIFDaVcMjK.vzcTOwDmjE.yrFDY4cn6wJJ deifkgoGoggV95tD6odDDwQvhjHnPZHG82.wbCaJdU3bl0MMVAjoCmTi6tg3B3P_aqwy2p9_VisI bYcPzkxiCscOGkRjfT0hckjTlf6gXV6.Bl20ltG3Qe9UDfeGisJJzh4rDIRPDc5fdivDqN4nrFUE xH2SCAmhXinm2bb5uADKASoiY6FbiKJaTAv9o2TCLT392SYqeaX4q8h21C1HPK0d0yEupPK6ZsOP flPF3GK2si03hYW2yWO8e6ulSPRbt8U.gR4HekWVpk_lESCCcekMG5RF9Cz7QdJVrxGdGv.XjxY3 cMzaK0WvDfv6EcSWgT2SXaCPSEkJYZcB.IdxOFVvuS65L7anCmm.wMaxRGaPaoi7Ei2fsZ.32Z03 l99nNIhd3
Received: from jws200062.mail.ne1.yahoo.com by sendmailws147.mail.ne1.yahoo.com; Tue, 18 Oct 2016 21:32:40 +0000; 1476826360.380
Date: Tue, 18 Oct 2016 21:32:21 +0000
From: nalini.elkins@insidethestack.com
To: Security Area Advisory Group <saag@ietf.org>
Message-ID: <1291206601.2408471.1476826341029@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_2408470_1265036106.1476826341027"
References: <1291206601.2408471.1476826341029.ref@mail.yahoo.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/FksNSD2hmmaPQprfWqa46z83Uag>
Cc: "MORTON ALFRED C (AL)" <acmorton@att.com>
Subject: Re: [saag] draft-mm-wg-effect-encrypt-03 - Next Steps
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: nalini.elkins@insidethestack.com
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 21:32:43 -0000
All, One thing that occurs to me is that this document is in a sense a "Gap Analysis" document. It seems to beg the question, "Now what?" That is, what are the best practices or recommended solutions for the problems or gaps which have been documented? For example, Section 2: Network Service Provider Monitoring mentions: "The EFF reported several network service providers taking steps to prevent the use of TLS over SMTP by breaking StartTLS, preventing the negotiation process resulting in fallback to the use of clear text." So then I wonder, what exactly is going on? What is it that NSPs are hoping to see in clear text? Is there more logging required? A better API? Do they just not know how to manage their mail servers correctly? I notice that a new email list was just formed (DLNEX) "to discuss various latency characteristics that can be exposed by network elements or segments and to explore if there are any latency related attributes that can be utilized by upper layer. For example, could there be latency exposure that upper layer can utilize to plan how to distribute their content to the right edges to achieve optimal user experience?" A very interesting question. It leads me to wonder if there are other classes of information which need to be exposed (or logged) also? And then doing so while maintaining privacy & security. (I am also looking forward to the information that may be provided by the new PLUS WG.) I wonder if this document, draft-mm-wg-effect-encrypt-03, may be the foundation document for something like a SECOps (Security Operations) group. (As in v6Ops, we discussed best practices and user experiences of IPv6). Maybe we can take each of the topics raised by draft-mm-wg-effect-encrypt-03 and dive more deeply into each one and really discuss the use cases, etc. Of course, there is work being done in other WGs (ex. PLUS) which may prove to be a solution for some of these problems. But, I really like the operational and topical approach taken by this draft and I wonder if it can be the seminal document for add-on work? And a place to centralize some of these thoughts. But, maybe SAAG is the home for this? Am I completely out to lunch? Or does this resonate with anyone else? Thanks, Nalini Elkins Inside Products, Inc. www.insidethestack.com (831) 659-8360
- Re: [saag] draft-mm-wg-effect-encrypt-03 - Next S… nalini.elkins
- Re: [saag] draft-mm-wg-effect-encrypt-03 - Next S… Stephen Farrell