Re: [secdir] EU Cyber Security Strategy.

Olaf Kolkman <> Tue, 29 January 2013 09:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A62A421F85BC; Tue, 29 Jan 2013 01:37:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.413
X-Spam-Status: No, score=-102.413 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CiSVNWptJNkW; Tue, 29 Jan 2013 01:37:06 -0800 (PST)
Received: from ( [IPv6:2001:7b8:206:1::1]) by (Postfix) with ESMTP id 172EE21F84DC; Tue, 29 Jan 2013 01:37:05 -0800 (PST)
Received: from [IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14] ([IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14]) (authenticated bits=0) by (8.14.5/8.14.4) with ESMTP id r0T9ZVHw030171 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 29 Jan 2013 10:35:32 +0100 (CET) (envelope-from
DKIM-Filter: OpenDKIM Filter v2.7.3 r0T9ZVHw030171
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1359452136; bh=GnvgStwm0c0OApQ6UYi+VrhoQ4jNbA1FntpUt+PzhZ0=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=v0I0YvkDYLEiaU5XdOpb18SatbE9x44aGp/S5WqLpXmwNA5Ij5vF4SwJF64uUpt0H 4asTPVSGhUoV5fW9iqHY3azcdAcwbtYzcLscBzZlAXbHFpULNECmV+S760FIeTj+Rj 2w6WBl/iolK0rImSXbe1WXt8X4sxkGUXpRNwYC9I=
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_4F1AA8A0-3CEB-4737-BE84-241146AAFE82"
From: Olaf Kolkman <>
In-Reply-To: <>
Date: Tue, 29 Jan 2013 10:35:36 +0100
Message-Id: <>
References: <> <>
To: Stephen Farrell <>
X-Mailer: Apple Mail (2.1499)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 ( [IPv6:2001:7b8:206:1::53]); Tue, 29 Jan 2013 10:35:36 +0100 (CET)
Cc: IAB IAB <>, Hannes Tschofenig <>,
Subject: Re: [secdir] EU Cyber Security Strategy.
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Jan 2013 09:37:07 -0000

On Jan 28, 2013, at 10:02 PM, Stephen Farrell <> wrote:

> Hi Olaf,
> I think Hannes' answer was right, and there are more security
> related BCPs (e.g. BCP107). Would it help to make a list or
> can you just say there's a bunch of those and here're some
> examples? If the former we can get you a longer list I guess;-)

I am not quite sure what the dynamics in the MSP will be on topics like this and given that the agenda for the Feb 7 meeting is challengingly long I am afraid not much detail will be discussed. Anyhow, the answer from you and Hannes are useful bagage to have in the back pocket.

> And I've a question back to you: might it be useful to have
> some kind of engagement between the IETF security area and
> ENISA and would that be something to bring up in this context?
> If a very light form of that was useful we'd be happy to
> invite some ENISA person(s) to come to a secdir lunch or give
> a talk at a saag session whenever. (Note: I don't mean from
> some known IETFer who's done stuff with ENISA but rather
> someone from ENISA who's not been to an IETF but might
> usefully inhale our fumes;-)

Yes, I think so.

But the MSP is not affiliated with ENISA, Enisa is clearly a different channel. 

That said, with the IETF being in Berlin in summer we have just sufficient time to try and organize something. I think that it is useful to try and engage in conversation if you have a clear goal in mind of what you want to achieve.

For me: Establishing informal contacts and informing about the going ons in the IETF is a reasonable idea.

As for making that go: We have at least one channel into ENISA, but that is at a rather high level that I wouldn't like to use unless there is a solid a plan and some draft agenda (My co-worker knows one of the guys in the management boards).

A brain-fart along the same lines; maybe we could do something 'regional' by inviting members of the MultiStakeHolder platform for a one day tour. With as sole goal to expose them to the IETF and possibly introduce them to some key leadership figures. The impact of such could be a lot of goodwill, although they might also walk away in suprise :-). It would be a way to get a lot of key Standardization people, especially from all countries, exposed to the IETF. Maybe organizing for Berlin is a bit of a challenge (If we were to do it there I think we should gauge interest during the 7 Feb meeting, and I don't think we have a solid idea by then). But London next year? Perhaps linked to an IAB plenary (deadly boring, but probably of relevance).

The last paragraph was me thinking out loud, not thinking things through.


Olaf M. Kolkman

Science Park 400, 1098 XH Amsterdam, The Netherlands