Re: [secdir] EU Cyber Security Strategy.

Hannes Tschofenig <> Mon, 28 January 2013 13:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 25E7F21F87C3 for <>; Mon, 28 Jan 2013 05:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.792
X-Spam-Status: No, score=-101.792 tagged_above=-999 required=5 tests=[AWL=0.807, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0zXYW+wU1gNP for <>; Mon, 28 Jan 2013 05:13:29 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 3B77A21F86FF for <>; Mon, 28 Jan 2013 05:13:29 -0800 (PST)
Received: from ([]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0Ljwk3-1UbcBN0k3N-00bvth for <>; Mon, 28 Jan 2013 14:13:28 +0100
Received: (qmail invoked by alias); 28 Jan 2013 13:13:27 -0000
Received: from (EHLO []) [] by (mp017) with SMTP; 28 Jan 2013 14:13:27 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/mjO8cAm3mgCTKcIldL9yrsDyHilEu2yN2c/bPFF q8NCeOP3imC1jx
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <>
In-Reply-To: <>
Date: Mon, 28 Jan 2013 15:13:25 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Olaf Kolkman <>
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Cc: Hannes Tschofenig <>, IAB IAB <>,
Subject: Re: [secdir] EU Cyber Security Strategy.
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 28 Jan 2013 13:13:30 -0000

The challenge with CyberSecurity (or Internet Security as I call it) is the unclear scope. Depending on your scope pretty much every security specification in the IETF is relevant. 
Of course there are other factors that matter for security that are outside the scope of the IETF. For example, the best security protocol will not help when the software implementation is buggy. 

As an example, you could call RFC 3552 a document that provides "security-by-design guidelines". You could also call the documents from the Messaging Abuse Reporting Format (marf) working group "standards related to information exchange". 


On Jan 28, 2013, at 2:42 PM, Olaf Kolkman wrote:

> Folk,
> This mail is FYI, it may be of business/personal interest to some of you. 
> I have a specific question.
> Context: MSP for ICT St.
> You may or may not be aware that the EU has a Multi Stakeholder Platform for ICT standardization. One of the stakeholders at the table is the IETF/IAB and your truly is, with Hannes Tschofenig as backup, the representative for the IETF/IAB.
> The platform is chartered to give the Commission advise on all matters standard and to identify standards, developed by fora and consortia, that can be used in public procurement (formally RFCs can not be reference in EU procurement: when these folk talk about standards they think ISO, ITU, ETSI etc etc.)
> Specific: EU Cyber Sec Strat.
> What is attached is part on the advise on all matters standard aspect. The document gives a short executive level overview of what the EU intends with its cyber security strategy. The document is FYI mainly.
> However I have one particular bit of information that I need. See the section on "Where do standards come in". I do not think there is any relevant IETF work in this area (info exchange and such) and would like to get guidance if that is a misunderstanding.
> The platform is having its 3rd meeting 7 Feb.
> <04420Brief20on20Cybersecurity20Strategy20and.pdf>
> NLnet
> Labs
> Olaf M. Kolkman
> Science Park 400, 1098 XH Amsterdam, The Netherlands
> _______________________________________________
> secdir mailing list
> wiki: