Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)
"David P. Quigley" <dpquigl@tycho.nsa.gov> Tue, 30 September 2008 22:22 UTC
Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4358A3A6BCF; Tue, 30 Sep 2008 15:22:43 -0700 (PDT)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 15CCB3A68C8 for <saag@core3.amsl.com>; Tue, 30 Sep 2008 15:22:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hU5ROU9ctum3 for <saag@core3.amsl.com>; Tue, 30 Sep 2008 15:22:40 -0700 (PDT)
Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by core3.amsl.com (Postfix) with ESMTP id 316A23A6BD1 for <saag@ietf.org>; Tue, 30 Sep 2008 15:22:40 -0700 (PDT)
Received: from facesaver.epoch.ncsc.mil (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id m8UMMjxl004368; Tue, 30 Sep 2008 22:22:45 GMT
Received: from [144.51.25.2] (moss-terrapins [144.51.25.2]) by facesaver.epoch.ncsc.mil (8.13.1/8.13.1) with ESMTP id m8UMMebY014192; Tue, 30 Sep 2008 18:22:41 -0400
From: "David P. Quigley" <dpquigl@tycho.nsa.gov>
To: Pasi.Eronen@nokia.com
In-Reply-To: <1696498986EFEC4D9153717DA325CB7201C311C7@vaebe104.NOE.Nokia.com>
References: <224856.81582.qm@web31809.mail.mud.yahoo.com> <1696498986EFEC4D9153717DA325CB7201C311C7@vaebe104.NOE.Nokia.com>
Date: Tue, 30 Sep 2008 18:03:49 -0400
Message-Id: <1222812229.31539.38.camel@moss-terrapins.epoch.ncsc.mil>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9)
Cc: saag@ietf.org
Subject: Re: [saag] Content rights management (was: Pasi's AD notes for September 2008)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org
It may just be me but this just sounds like you want an environment that enforces mandatory access controls and has some sort of MLS or MCS policy in place. I am planning a bar BOF for 73 to cover MAC security labels and when planning it I was told that you really need a clear set of goals that you want to accomplish at the BOF. I didn't see any goals published on the saag list for this BOF so I am not quite sure what you are trying to accomplish here but it sounds like the same situation you find with respect to documents in the military. Dave On Wed, 2008-10-01 at 00:52 +0300, Pasi.Eronen@nokia.com wrote: > Thomas, > > If I remember the history correctly, the IDRM and PERM BOFs were about > DRM for copyright enforcement, or managing rights for entertainment > content that is usually publicly available (to anyone who pays). As > you point out, this is an area where several other organizations have > also been active (not very successfully, some folks might say), and > I don't think IETF work in this area would have much chances either. > > However, this BOF proposal is about managing rights for *confidential* > information (inside an enterprise, or between cooperating enterprises); > some folks are using the term "data-centric security" to mean something > similar. > > This topic has received perhaps less attention (although e.g. Microsoft > Office has related features), and there are some differences. For > example, entertainment DRM often considers the user to be the adversary, > but inside an enterprise, most users aren't actively trying to leak > confidential information to competitors. Also, entertainment DRM is > usually "break once, run anywhere", so if it works only 50% of time, > it's useless -- but preventing 50% of information leaks could be > worthwhile. > > Even this kind of "rights management" is a somewhat controversial > topic (especially if used outside enterprise scenarios), and personally, > I have some doubts whether we at IETF have the right set of people > (e.g., vendors, potential users, etc.) for this work (and it's not > clear what "this work" even is). However, I think the topic is > sufficiently different from entertainment DRM that it might succeed > somewhere (even if it turns out IETF wasn't the right place). > > Unlike Paul (who replied to you already), I might even consider going > to the bar BOF, if it happens and they have good beer :-) However, > I want to clarify that the IETF is *not* proposing anything here -- > a bar BOF is just individuals chatting over drinks. > > Best regards, > Pasi > > > -----Original Message----- > > From: ext Thomas Hardjono [mailto:thardjono@yahoo.com] > > Sent: 30 September, 2008 21:28 > > To: saag@ietf.org; secdir@mit.edu; Eronen Pasi (Nokia-NRC/Helsinki) > > Cc: Mark Baugher; thardjono@yahoo.com > > Subject: Re: [saag] Pasi's AD notes for September 2008 > > > > > > > > Pasi, Tim, > > > > Apologies for asking, but I was wondering about the proposed > > Content Rights Management (ie. DRM) BOF. More specifically, I > > was wondering if the IETF is now open to discussing such a > > "DRM standard". > > > > Back in 2001, Mark Baugher and myself went through two (2) > > BOFs proposing the creation of an IETF open standards for a > > DRM protocol. If my memory serves me right the presiding ADs > > was Steve Bellovin and Russ Housley. The specific protocol > > was called PERM, and the slides can be found here: > > http://hardjono.net/idrm/ > > > > At that time the outcry against this effort was deafening. I > > was arguing that it was better for the IETF to own such a > > protocol and made it it "open" (ie. not proprietary and no > > need to sign consortium legal paperwork). Since that time > > there has been a plethora of DRM related products and > > standards (eg. Apple, MSFT RM, OMA-download, CableLabs, 5C, > > etc, etc). In a sense, the IETF missed the boat on this one. > > > > Not that I'm unsupportive, but I was wondering what is > > motivating the IETF to propose such a BOF again at this time :) > > > > Thanks. > > > > Regards. > > > > /thomas/ > > > > --- On Tue, 9/30/08, Pasi.Eronen@nokia.com > > <Pasi.Eronen@nokia.com> wrote: > > > > > From: Pasi.Eronen@nokia.com <Pasi.Eronen@nokia.com> > > > Subject: [saag] Pasi's AD notes for September 2008 > > > To: saag@ietf.org, secdir@mit.edu > > > Date: Tuesday, September 30, 2008, 3:21 AM > > > Hi all, > > > > > > Here's again a short status update about what things > > > are going on > > > from my point-of-view. If you notice anything that > > > doesn't look > > > right, let me know -- miscommunication and mix-ups do > > > happen. > > > > > > Best regards, > > > Pasi > > > > > > MISC NOTES > > > > > > - There have been two security-related BoF requests for > > > IETF73: > > > OAuth (in the applications area), and Content Rights > > > Management > > > (in the security area). For the latter, Tim and I have > > > recommended > > > having a bar BoF first. > > > - SecDir mailing list is in the process of being moved from > > > mit.edu > > > to ietf.org servers. > > > - I've spent some time this month on tools development > > > and IESG > > > process improvements -- nothing is ready yet, but > > > hopefully soon.. > > > > > > WORKING GROUPS > > > > > > DKIM > > > - draft-ietf-dkim-ssp: in Publication Requested, waiting > > > for > > > me to read it. > > > - Waiting for WG to send list of RFC errata IDs the WG > > > agrees on. > > > > > > EMU > > > - draft-ietf-emu-gpsk: in AD Evaluation -- waiting for > > > revised > > > ID that reflects the new WG consensus on MAC length/key > > > size > > > issue before going to IETF last call (since 2008-08-25) > > > - A liaison statement reply was sent to ITU-T SG 17 > > > regarding X.1034, > > > "Guidelines on EAP-based authentication and key > > > management in a > > > data communication network". > > > - IESG appointed Joe Salowey as the designated expert for > > > IANA > > > allocation of EAP Type Codes > > > - (not WG item) draft-arkko-eap-aka-kdf ís now in IETF > > > Last Call > > > > > > IPSECME > > > - Lots of emails that I need to read (but haven't done > > > so yet) > > > - (not wearing AD hat) I sent my "things that need to > > > be looked at" > > > list about IKEv2bis to the mailing list; I need to check > > > that > > > they got entered in the issue tracker, too. > > > > > > ISMS > > > - It seems the discussion has largely converged; I'm > > > waiting for > > > revised IDs to read and review. > > > > > > KEYPROV > > > - I sent more comments regarding PSKC; I need to read the > > > replies > > > and participate in discussion. > > > - I need to review and comment DSKPP, too. > > > > > > SASL > > > - I replied to Frank Ellermann's appeal about WG > > > chairs' handling > > > of draft-ietf-sasl-crammd5. > > > - Waiting for charter update text from the chairs (>6 > > > months) > > > > > > SYSLOG > > > - draft-ietf-syslog-transport-tls: a revised version > > > addressing > > > Chris Newman's DISCUSS should be posted in a couple > > > of days. > > > - draft-ietf-syslog-sign: there has been a bunch of replies > > > to my > > > AD evaluation comments that I need to read and process, > > > but I > > > haven't done so yet. > > > > > > TLS > > > - (not WG item) draft-rescorla-tls-suiteb is now in IETF > > > Last Call. > > > - (not WG item) draft-hajjeh-tls-identity-protection: IESG > > > reviewed > > > this independent submission to the RFC Editor, and > > > recommended > > > not publishing it. > > > > > > OTHER DOCUMENTS > > > > > > - draft-ietf-capwap-*: I've been working with Pat and > > > others, > > > and I think we're done (except that agreed text needs > > > to be > > > edited in, and some editorial nits fixed). > > > - draft-ietf-avt-rtcpssm: no news; waiting for Joerg to > > > explore > > > "feedback debug" messages. > > > - draft-santesson-digestbind: I read this and sent comments > > > to > > > Stefan. > > > - PKCS #1/RFC 3447 update: waiting for James Randall to > > > post an > > > update including the various errata. > > > - draft-mattsson-srtp-store-and-forward: I've promised > > > to read > > > this and send comments, but haven't done so yet. > > > - draft-ietf-mpls-mpls-and-gmpls-security-framework: > > > I've promised > > > to read this once there's a new version. > > > - "Security roadmap for routing protocols": > > > I've promised to read > > > and comment this once Gregory sends something. > > > > > > DISCUSSES (active -- something happened within last month) > > > > > > - draft-ietf-capwap-protocol-binding-ieee80211: text > > > agreed, > > > waiting for authors to submit a revised ID [since > > > 2008-09-26] > > > - draft-ietf-lemonade-msgevent: waiting for authors to > > > submit > > > a revised ID [since 2008-09-08] > > > - draft-ietf-mip6-whyauthdataoption: waiting for authors to > > > submit > > > a revised ID [since 2008-09-08] > > > - draft-ietf-mipshop-mstp-solution: the authors have > > > replied to > > > my comments; I need to read the replies [since > > > 2008-09-26] > > > - draft-ietf-nfsv4-rpcsec-gss-v2: waiting for authors to > > > reply to my comments [since 2008-09-25] > > > - draft-ietf-sieve-refuse-reject: waiting for authors to > > > reply > > > to my comments [since 2008-09-11] > > > - draft-ietf-sipping-race-examples: waiting for document > > > shepherd > > > or Jon to comment the "Updates" issue [since > > > 2008-09-26] > > > - draft-ietf-v6ops-addcon: the changes in version -10 were > > > sent > > > to 6MAN WG for review; I'll clear once this has > > > happened > > > [expected to happen on 2008-10-01] > > > - draft-mraihi-inch-thraud: version -07 addressed almost > > > all of > > > my comments; waiting for authors to send RFC Editor Note > > > text > > > fixing the IANA issue, too [since 2008-09-02] > > > > > > DISCUSSES (stalled -- I haven't heard anything from the > > > authors > > > or document shepherd for over one month) > > > > > > - draft-cain-post-inch-phishingextns: waiting for authors > > > to reply > > > to my comments or submit a revised ID [since 2008-08-28] > > > - draft-cam-winget-eap-fast-provisioning: waiting for > > > authors to > > > reply to my comments or submit a revised ID [since > > > 2008-08-28] > > > - draft-hautakorpi-sipping-uri-list-handling-refused: text > > > agreed, > > > waiting for authors to submit a revised ID [since > > > 2008-07-03] > > > - draft-ietf-enum-experiences: talked briefly with Jon > > > Peterson > > > in Dublin -- waiting to hear more from the authors and/or > > > Jon > > > [since 2008-07-31] > > > - draft-ietf-pce-pcep: new version -15 addressed some > > > comments from > > > other ADs; some discussions about my comments has > > > occured; > > > waiting for proposed text or revised ID [since > > > 2008-06-16] > > > - draft-ietf-pwe3-pw-atm-mib: waiting for authors to reply > > > to > > > my comments or submit a revised ID [since 2008-07-02] > > > - draft-zhou-emu-fast-gtc: changes probably agreed, waiting > > > for authors > > > to submit a revised ID to see exact text [since > > > 2008-08-28] > > > > > > DISCUSSES (presumed dead -- I haven't heard anything > > > from the authors > > > or document shepherd for over three months) > > > > > > - draft-ietf-bfd-base: waiting for authors to reply to my > > > comments or submit a revised ID [since 2008-06-05] > > > - draft-ietf-bfd-multihop: waiting for authors to reply to > > > my comments or submit a revised ID [since 2008-06-05] > > > - draft-ietf-bfd-v4v6-1hop: waiting for authors to reply to > > > > > > my comments or submit a revised ID [since 2008-06-05] > > > - draft-ietf-shim6-proto: waiting for Erik to propose > > > something > > > to solve IPsec interaction issue [since 2008-06-18] > > > - draft-ietf-simple-imdn: waiting for authors to reply to > > > my > > > comments or submit a revised ID [since 2008-05-14] > > > - draft-ietf-sipping-sbc-funcs: new version (-06) addressed > > > all comments except one; text agreed for the remaining > > > one, > > > waiting for RFC editor note or revised ID [since > > > 2008-06-17] > > > - draft-ietf-tsvwg-emergency-rsvp: this document has large > > > number of discusses/abstains; waiting for Magnus to > > > figure > > > out next steps [since 2008-06-03] > > > > > > --end-- > > > _______________________________________________ > > > saag mailing list > > > saag@ietf.org > > > https://www.ietf.org/mailman/listinfo/saag > > > > > > > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag
- [saag] Pasi's AD notes for September 2008 Pasi.Eronen
- Re: [saag] Pasi's AD notes for September 2008 Thomas Hardjono
- Re: [saag] Pasi's AD notes for September 2008 Paul Hoffman
- [saag] Content rights management (was: Pasi's AD … Pasi.Eronen
- Re: [saag] Content rights management (was: Pasi's… David P. Quigley
- Re: [saag] Content rights management (was: Pasi's… David P. Quigley
- Re: [saag] Content rights management (was: Pasi's… Paul Gleichauf