IETF Logo Mail Archive

Re: [saag] Additions to RFC 3631?

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Thu, 24 May 2012 07:08 UTC

Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63FC911E809A for <saag@ietfa.amsl.com>; Thu, 24 May 2012 00:08:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bzs4XPIWcfrQ for <saag@ietfa.amsl.com>; Thu, 24 May 2012 00:08:19 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 8B56311E80A6 for <saag@ietf.org>; Thu, 24 May 2012 00:08:18 -0700 (PDT)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id q4O78A2Z021744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 24 May 2012 09:08:10 +0200
Received: from demuexc022.nsn-intra.net (demuexc022.nsn-intra.net [10.150.128.35]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id q4O786X3016119; Thu, 24 May 2012 09:08:10 +0200
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by demuexc022.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Thu, 24 May 2012 09:07:50 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 24 May 2012 10:07:48 +0300
Message-ID: <999913AB42CC9341B05A99BBF358718D017BA190@FIESEXC035.nsn-intra.net>
In-Reply-To: <CAK3OfOhEq72GqWDyXHW0CQBC-RC4XYpsjhRDh0+qbVpLyDoGTQ@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] Additions to RFC 3631?
Thread-Index: Ac047kTkBlQZy6m5SA+ycOnDU/n4uQAjGzPA
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu><20120523124200.17700@gmx.net> <CAK3OfOhEq72GqWDyXHW0CQBC-RC4XYpsjhRDh0+qbVpLyDoGTQ@mail.gmail.com>
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: ext Nico Williams <nico@cryptonector.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-OriginalArrivalTime: 24 May 2012 07:07:50.0378 (UTC) FILETIME=[EE3454A0:01CD397B]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 2366
X-purgate-ID: 151667::1337843290-00005945-E46C3426/0-0/0-0
Cc: saag@ietf.org
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 07:08:20 -0000

Hi Nico, 

> On Wed, May 23, 2012 at 7:42 AM, Hannes Tschofenig
> <Hannes.Tschofenig@gmx.net> wrote:
> > to me it is not clear who the target audience of the document is and
> what purpose it serves.
> 
> One target audience would clearly be those who don't wallow in the
> security area.  There's probably an unstated purpose of simple
> advertising, and maybe to have a tool to beat others with (ISTR
> someone trying to argue from absence of some definition in the
> security glossary, that is, using the security glossary as an
> authority).  Perhaps this document can serve as a summary
> applicability statement, say.  There is a risk is that we'll all just
> argue endlessly about various details, possibly leading to a bloated
> document.  But it does seem like a nice idea: to have a guide to an
> entire area's past output.
> 
> Nico

I would like to have a more precise target audience and purpose. 

For example, I make a differentiation between someone who actively
participates in the IETF (but in groups outside the security area) and
wants to address security in his or her favorite protocol design vs.
someone who does not even participate in the IETF. For the former group
we have http://tools.ietf.org/html/rfc3552, also the Sunday IETF
education session, potentially the SAAG meeting, various other IETF
related publications about ongoing security activities (e.g., IPJ). Now,
we also have some privacy related guidance they can look at
http://tools.ietf.org/html/draft-iab-privacy-considerations-02. 
In general, the difficulty is to keep the list of protocols and
recommended best current practice up-to-date. 

If we are, however, talking about engineers outside the IETF who should
also be given guidance about security (since they are supposed to use
IETF protocols as well) then things get a bit more complicated.
Typically, that has not been the audience of our documents. There are,
however, exceptions. Consider for example
http://tools.ietf.org/html/rfc6272 where Fred tried to provide guidance
for those working on smart grids/smart meters and it also includes a
list of protocols that he thought would be relevant for that specific
domain. The writing style is obviously quite different and assumes far
less knowledge about the IETF process and procedures. 

Ciao
Hannes

v2.23.0 | Report a Bug | By Email