IETF Logo Mail Archive

Re: [secdir] [Last-Call] Secdir last call review of draft-foudil-securitytxt-08

"Salz, Rich" <rsalz@akamai.com> Sat, 28 December 2019 20:38 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319751201DC; Sat, 28 Dec 2019 12:38:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MoFcvLQ2gjvN; Sat, 28 Dec 2019 12:38:15 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 915061200F9; Sat, 28 Dec 2019 12:38:15 -0800 (PST)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id xBSKYKYW012730; Sat, 28 Dec 2019 20:38:13 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=gv+A/t4/v7+/LKzT1nUa9/jWeiCSk6TyFdiJe3ylH0M=; b=NyOWXauCycjH6nAeUlZ68VH5oH43D0XTkq9xkcxWH7lqsQ1QZtjHjbwxIXCcgAHgHdf9 vkFD78zJVLnxMVstoB5a/cJAp7Dwt7iNCggAIXuq1im+043LOHNuKt+M0FlQ9AFl5zrW REHYjWDpZAcmJmAb9sS0cFB/HGomeio8fBhHdppm7puvazWuWY1c5ULzcVmmNCit0qaU cck6+J5qEgatQ/SfcIgciM3TUWPu3hVG9+6T42stMyUY1ruj+RJ+s5z1ZT7HQ92YDhod uOMVJiBsKAVjfT3RCcsZf/Qup46ve9qxV4pwj9JskU4Zc1mSv1C7oLRvWhNZkpEXMUsG Iw==
Received: from prod-mail-ppoint8 (prod-mail-ppoint8.akamai.com [96.6.114.122] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2x60be1vja-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 28 Dec 2019 20:38:13 +0000
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.27/8.16.0.27) with SMTP id xBSKWBsZ022721; Sat, 28 Dec 2019 15:38:12 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint8.akamai.com with ESMTP id 2x638yjmtf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 28 Dec 2019 15:38:11 -0500
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb3.msg.corp.akamai.com (172.27.123.58) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 28 Dec 2019 15:38:08 -0500
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 28 Dec 2019 15:38:08 -0500
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1473.005; Sat, 28 Dec 2019 15:38:08 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Paul Wouters <paul@nohats.ca>
CC: Tero Kivinen <kivinen@iki.fi>, Yakov Shafranovich <yakov@nightwatchcybersecurity.com>, "last-call@ietf.org" <last-call@ietf.org>, "draft-foudil-securitytxt.all@ietf.org" <draft-foudil-securitytxt.all@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [Last-Call] Secdir last call review of draft-foudil-securitytxt-08
Thread-Index: AQHVvQ5F5NhPo4WnF02kWL0VZuiUIKfPricAgABrFQD//+oUAA==
Date: Sat, 28 Dec 2019 20:38:08 +0000
Message-ID: <9C5DEC2D-03CB-424B-B1F5-B98BAD84ADD9@akamai.com>
References: <157720267698.19361.11750709876624228448@ietfa.amsl.com> <CAAyEnSOx-MH0Ua6o9j-zMKwLktvYGXzBUw1ZkuO49BWD+1yxRQ@mail.gmail.com> <24070.38156.658126.30539@fireball.acr.fi> <760F7FE4-B10B-42FA-B3FF-0F73BEFEC953@akamai.com> <F73568E4-2AD0-4C9F-AD03-EBA831D569AB@nohats.ca>
In-Reply-To: <F73568E4-2AD0-4C9F-AD03-EBA831D569AB@nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.115.9]
Content-Type: text/plain; charset="utf-8"
Content-ID: <282C231E245A074D916E9625A0C2BAC0@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-28_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=658 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-1912280192
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-28_07:2019-12-27,2019-12-28 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 suspectscore=0 spamscore=0 clxscore=1015 adultscore=0 mlxlogscore=622 mlxscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912280192
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XVt0ypqrNMnzwie-Z1FTtR0wXQ0>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-foudil-securitytxt-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Dec 2019 20:38:17 -0000

    
>    Putting this information in the same realm you have a security issue with is just not a good idea ...

It depends.  If someone uses the one at openssl.org, will they be reporting an issue in the libraries, the software, the website?  My money's on the first.  Similarly, if there were one at www.akamai.com, how would that be used?

>perfect example of 927

No, seems pretty clear that the others aren't as successful as we want/need.  Whois/rdap?  Who uses that?

v2.23.0 | Report a Bug | By Email