Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)

[Paul Gleichauf <pgleicha@cisco.com>]

The term "data leakage" is often used to describe the management of  
confidential information within and across Enterprises. Such systems  
tend to be preventative in character rather than secure against  
malicious behaviors.

The

On Sep 30, 2008, at Sep 30, 20082:52 PM, <Pasi.Eronen@nokia.com> wrote:

> Thomas,
>
> If I remember the history correctly, the IDRM and PERM BOFs were about
> DRM for copyright enforcement, or managing rights for entertainment
> content that is usually publicly available (to anyone who pays). As
> you point out, this is an area where several other organizations have
> also been active (not very successfully, some folks might say), and
> I don't think IETF work in this area would have much chances either.
>
> However, this BOF proposal is about managing rights for *confidential*
> information (inside an enterprise, or between cooperating  
> enterprises);
> some folks are using the term "data-centric security" to mean  
> something
> similar.
>
> This topic has received perhaps less attention (although e.g.  
> Microsoft
> Office has related features), and there are some differences. For
> example, entertainment DRM often considers the user to be the  
> adversary,
> but inside an enterprise, most users aren't actively trying to leak
> confidential information to competitors.  Also, entertainment DRM is
> usually "break once, run anywhere", so if it works only 50% of time,
> it's useless -- but preventing 50% of information leaks could be
> worthwhile.
>
> Even this kind of "rights management" is a somewhat controversial
> topic (especially if used outside enterprise scenarios), and  
> personally,
> I have some doubts whether we at IETF have the right set of people
> (e.g., vendors, potential users, etc.) for this work (and it's not
> clear what "this work" even is). However, I think the topic is
> sufficiently different from entertainment DRM that it might succeed
> somewhere (even if it turns out IETF wasn't the right place).
>
> Unlike Paul (who replied to you already), I might even consider going
> to the bar BOF, if it happens and they have good beer :-) However,
> I want to clarify that the IETF is *not* proposing anything here --
> a bar BOF is just individuals chatting over drinks.
>
> Best regards,
> Pasi
>
>> -----Original Message-----
>> From: ext Thomas Hardjono [mailto:thardjono@yahoo.com]
>> Sent: 30 September, 2008 21:28
>> To: saag@ietf.org; secdir@mit.edu; Eronen Pasi (Nokia-NRC/Helsinki)
>> Cc: Mark Baugher; thardjono@yahoo.com
>> Subject: Re: [saag] Pasi's AD notes for September 2008
>>
>>
>>
>> Pasi, Tim,
>>
>> Apologies for asking, but I was wondering about the proposed
>> Content Rights Management (ie. DRM) BOF. More specifically, I
>> was wondering if the IETF is now open to discussing such a
>> "DRM standard".
>>
>> Back in 2001, Mark Baugher and myself went through two (2)
>> BOFs proposing the creation of an IETF open standards for a
>> DRM protocol.  If my memory serves me right the presiding ADs
>> was Steve Bellovin and Russ Housley. The specific protocol
>> was called PERM, and the slides can be found here:
>> http://hardjono.net/idrm/
>>
>> At that time the outcry against this effort was deafening. I
>> was arguing that it was better for the IETF to own such a
>> protocol and made it it "open" (ie. not proprietary and no
>> need to sign consortium legal paperwork). Since that time
>> there has been a plethora of DRM related products and
>> standards (eg. Apple, MSFT RM, OMA-download, CableLabs, 5C,
>> etc, etc). In a sense, the IETF missed the boat on this one.
>>
>> Not that I'm unsupportive, but I was wondering what is
>> motivating the IETF to propose such a BOF again at this time :)
>>
>> Thanks.
>>
>> Regards.
>>
>> /thomas/
>>
>> --- On Tue, 9/30/08, Pasi.Eronen@nokia.com
>> <Pasi.Eronen@nokia.com> wrote:
>>
>>> From: Pasi.Eronen@nokia.com <Pasi.Eronen@nokia.com>
>>> Subject: [saag] Pasi's AD notes for September 2008
>>> To: saag@ietf.org, secdir@mit.edu
>>> Date: Tuesday, September 30, 2008, 3:21 AM
>>> Hi all,
>>>
>>> Here's again a short status update about what things
>>> are going on
>>> from my point-of-view. If you notice anything that
>>> doesn't look
>>> right, let me know -- miscommunication and mix-ups do
>>> happen.
>>>
>>> Best regards,
>>> Pasi
>>>
>>> MISC NOTES
>>>
>>> - There have been two security-related BoF requests for
>>> IETF73:
>>>   OAuth (in the applications area), and Content Rights
>>> Management
>>>   (in the security area). For the latter, Tim and I have
>>> recommended
>>>   having a bar BoF first.
>>> - SecDir mailing list is in the process of being moved from
>>> mit.edu
>>>   to ietf.org servers.
>>> - I've spent some time this month on tools development
>>> and IESG
>>>   process improvements -- nothing is ready yet, but
>>> hopefully soon..
>>>
>>> WORKING GROUPS
>>>
>>> DKIM
>>> - draft-ietf-dkim-ssp: in Publication Requested, waiting
>>> for
>>>   me to read it.
>>> - Waiting for WG to send list of RFC errata IDs the WG
>>> agrees on.
>>>
>>> EMU
>>> - draft-ietf-emu-gpsk: in AD Evaluation -- waiting for
>>> revised
>>>   ID that reflects the new WG consensus on MAC length/key
>>> size
>>>   issue before going to IETF last call (since 2008-08-25)
>>> - A liaison statement reply was sent to ITU-T SG 17
>>> regarding X.1034,
>>>   "Guidelines on EAP-based authentication and key
>>> management in a
>>>   data communication network".
>>> - IESG appointed Joe Salowey as the designated expert for
>>> IANA
>>>   allocation of EAP Type Codes
>>> - (not WG item) draft-arkko-eap-aka-kdf ís now in IETF
>>> Last Call
>>>
>>> IPSECME
>>> - Lots of emails that I need to read (but haven't done
>>> so yet)
>>> - (not wearing AD hat) I sent my "things that need to
>>> be looked at"
>>>   list about IKEv2bis to the mailing list; I need to check
>>> that
>>>   they got entered in the issue tracker, too.
>>>
>>> ISMS
>>> - It seems the discussion has largely converged; I'm
>>> waiting for
>>>   revised IDs to read and review.
>>>
>>> KEYPROV
>>> - I sent more comments regarding PSKC; I need to read the
>>> replies
>>>   and participate in discussion.
>>> - I need to review and comment DSKPP, too.
>>>
>>> SASL
>>> - I replied to Frank Ellermann's appeal about WG
>>> chairs' handling
>>>   of draft-ietf-sasl-crammd5.
>>> - Waiting for charter update text from the chairs (>6
>>> months)
>>>
>>> SYSLOG
>>> - draft-ietf-syslog-transport-tls: a revised version
>>> addressing
>>>   Chris Newman's DISCUSS should be posted in a couple
>>> of days.
>>> - draft-ietf-syslog-sign: there has been a bunch of replies
>>> to my
>>>   AD evaluation comments that I need to read and process,
>>> but I
>>>   haven't done so yet.
>>>
>>> TLS
>>> - (not WG item) draft-rescorla-tls-suiteb is now in IETF
>>> Last Call.
>>> - (not WG item) draft-hajjeh-tls-identity-protection: IESG
>>> reviewed
>>>   this independent submission to the RFC Editor, and
>>> recommended
>>>   not publishing it.
>>>
>>> OTHER DOCUMENTS
>>>
>>> - draft-ietf-capwap-*: I've been working with Pat and
>>> others,
>>>   and I think we're done (except that agreed text needs
>>> to be
>>>   edited in, and some editorial nits fixed).
>>> - draft-ietf-avt-rtcpssm: no news; waiting for Joerg to
>>> explore
>>>   "feedback debug" messages.
>>> - draft-santesson-digestbind: I read this and sent comments
>>> to
>>>   Stefan.
>>> - PKCS #1/RFC 3447 update: waiting for James Randall to
>>> post an
>>>   update including the various errata.
>>> - draft-mattsson-srtp-store-and-forward: I've promised
>>> to read
>>>   this and send comments, but haven't done so yet.
>>> - draft-ietf-mpls-mpls-and-gmpls-security-framework:
>>> I've promised
>>>   to read this once there's a new version.
>>> - "Security roadmap for routing protocols":
>>> I've promised to read
>>>   and comment this once Gregory sends something.
>>>
>>> DISCUSSES (active -- something happened within last month)
>>>
>>> - draft-ietf-capwap-protocol-binding-ieee80211: text
>>> agreed,
>>>   waiting for authors to submit a revised ID [since
>>> 2008-09-26]
>>> - draft-ietf-lemonade-msgevent: waiting for authors to
>>> submit
>>>   a revised ID [since 2008-09-08]
>>> - draft-ietf-mip6-whyauthdataoption: waiting for authors to
>>> submit
>>>   a revised ID [since 2008-09-08]
>>> - draft-ietf-mipshop-mstp-solution: the authors have
>>> replied to
>>>   my comments; I need to read the replies [since
>>> 2008-09-26]
>>> - draft-ietf-nfsv4-rpcsec-gss-v2: waiting for authors to
>>>   reply to my comments [since 2008-09-25]
>>> - draft-ietf-sieve-refuse-reject: waiting for authors to
>>> reply
>>>   to my comments [since 2008-09-11]
>>> - draft-ietf-sipping-race-examples: waiting for document
>>> shepherd
>>>   or Jon to comment the "Updates" issue [since
>>> 2008-09-26]
>>> - draft-ietf-v6ops-addcon: the changes in version -10 were
>>> sent
>>>   to 6MAN WG for review; I'll clear once this has
>>> happened
>>>   [expected to happen on 2008-10-01]
>>> - draft-mraihi-inch-thraud: version -07 addressed almost
>>> all of
>>>   my comments; waiting for authors to send RFC Editor Note
>>> text
>>>   fixing the IANA issue, too [since 2008-09-02]
>>>
>>> DISCUSSES (stalled -- I haven't heard anything from the
>>> authors
>>> or document shepherd for over one month)
>>>
>>> - draft-cain-post-inch-phishingextns: waiting for authors
>>> to reply
>>>   to my comments or submit a revised ID [since 2008-08-28]
>>> - draft-cam-winget-eap-fast-provisioning: waiting for
>>> authors to
>>>   reply to my comments or submit a revised ID [since
>>> 2008-08-28]
>>> - draft-hautakorpi-sipping-uri-list-handling-refused: text
>>> agreed,
>>>   waiting for authors to submit a revised ID [since
>>> 2008-07-03]
>>> - draft-ietf-enum-experiences: talked briefly with Jon
>>> Peterson
>>>   in Dublin -- waiting to hear more from the authors and/or
>>> Jon
>>>   [since 2008-07-31]
>>> - draft-ietf-pce-pcep: new version -15 addressed some
>>> comments from
>>>   other ADs; some discussions about my comments has
>>> occured;
>>>   waiting for proposed text or revised ID [since
>>> 2008-06-16]
>>> - draft-ietf-pwe3-pw-atm-mib: waiting for authors to reply
>>> to
>>>   my comments or submit a revised ID [since 2008-07-02]
>>> - draft-zhou-emu-fast-gtc: changes probably agreed, waiting
>>> for authors
>>>   to submit a revised ID to see exact text [since
>>> 2008-08-28]
>>>
>>> DISCUSSES (presumed dead -- I haven't heard anything
>>> from the authors
>>> or document shepherd for over three months)
>>>
>>> - draft-ietf-bfd-base: waiting for authors to reply to my
>>>   comments or submit a revised ID [since 2008-06-05]
>>> - draft-ietf-bfd-multihop: waiting for authors to reply to
>>>   my comments or submit a revised ID [since 2008-06-05]
>>> - draft-ietf-bfd-v4v6-1hop: waiting for authors to reply to
>>>
>>>   my comments or submit a revised ID [since 2008-06-05]
>>> - draft-ietf-shim6-proto: waiting for Erik to propose
>>> something
>>>   to solve IPsec interaction issue [since 2008-06-18]
>>> - draft-ietf-simple-imdn: waiting for authors to reply to
>>> my
>>>   comments or submit a revised ID [since 2008-05-14]
>>> - draft-ietf-sipping-sbc-funcs: new version (-06) addressed
>>>   all comments except one; text agreed for the remaining
>>> one,
>>>   waiting for RFC editor note or revised ID [since
>>> 2008-06-17]
>>> - draft-ietf-tsvwg-emergency-rsvp: this document has large
>>>   number of discusses/abstains; waiting for Magnus to
>>> figure
>>>   out next steps [since 2008-06-03]
>>>
>>> --end--
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>>
>>
>>
>>
>>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag