Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Bret Jordan <jordan.ietf@gmail.com> Mon, 15 July 2019 14:50 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6014B12016B for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 07:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eC_WuVP-HThw for <secdispatch@ietfa.amsl.com>; Mon, 15 Jul 2019 07:50:22 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E095B120116 for <Secdispatch@ietf.org>; Mon, 15 Jul 2019 07:50:22 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id u17so7828412pgi.6 for <Secdispatch@ietf.org>; Mon, 15 Jul 2019 07:50:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=JLPuo2OVxed6SkGZsCOFYnhf0veQ4fefMur2lkQpciM=; b=ldmdXjXcf2DPsKcE2hmNoJDIg5VwpAhyiUlSUI7bMfU6RKa8D5szTCnEfCSjFSULKQ 6dV/RuMHHSyJP/9T8JCWGiclm3jcv3nE7cWgpm4s9E71BBgmj2SHuZ5R+HgrjJc2DLfl 9TmA4GSWlq4D2Opse8jiksQON4UXnXneg/8s9vwc8JB2bLK4bvgHQoO1+h9vjvXiosmW 0J+6PAk7o2anpW4kafad59PwREx4nsJ+FKqFVzHji9ePcbaRHf7X+QFqKV/qb2KnjZKw DzNOTsPllKh7C9PmDnQxZQv+la6cgm0fVzLAPAjCU3DDJuDvIZkLTSDk0iflbkqUI4LK BSdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=JLPuo2OVxed6SkGZsCOFYnhf0veQ4fefMur2lkQpciM=; b=clnoFFlQC/GYrILBjlZaSusl8dFRTFQGwW+6LcwXMRKuK4Lg7ZkP5ROXTr/wyQQkjJ lddJgZdbUF3pCnQh11UsKT5+E7b2TAWv/fOQs8qqT5Wz8n6jGc17YZ4NYHc1C+t2XaTV WyU+i18uztm3NPvMbpH3HrXiUZ4vIWYwvMcl+xLd6FfdkwAScS04ixJzsIhb/b+9nNYO hRkNDskvBDNG0IEMX9iFEBIOkgsvfkhrWOjvcxe8acTlpYmL3Vd+Xe/rcYsp8LJkjIjx K7eB6pK4ww6Qb0MmUxo3J52CJJcBZceGLWjUeN7SbuzBWuWtiMLpXM0eHdz6q8dPSV6m db7Q==
X-Gm-Message-State: APjAAAVNDfCDS4ZgXTFQ8Mv+gTk+10wcrnl2EA3tHXwHvjZpyqz5kk/Y lKVcEw8z1u84+OFL3bZU9yI=
X-Google-Smtp-Source: APXvYqw1erdgq9mZ0LM3FxbCjrIMTtsCaBjfm+74+b0MWItfoJJcdhdbvDlL3ZEczBQdHorBKviZ7g==
X-Received: by 2002:a63:7358:: with SMTP id d24mr27355311pgn.224.1563202222445; Mon, 15 Jul 2019 07:50:22 -0700 (PDT)
Received: from ?IPv6:2605:a601:a990:4d00:c449:d519:8ae0:afe7? ([2605:a601:a990:4d00:c449:d519:8ae0:afe7]) by smtp.gmail.com with ESMTPSA id p19sm21872629pfn.99.2019.07.15.07.50.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 07:50:21 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <B0DB25BD-9187-410E-8561-4A35422F3591@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8E2B2E27-5B60-40A3-9A94-FAF44A31223A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 08:50:18 -0600
In-Reply-To: <CAHbuEH4E2Q6WhCpHvbwBqLQFFusXp0Rp6ozuaW4twN6=mBd5Hw@mail.gmail.com>
Cc: Eliot Lear <lear@cisco.com>, smart@irtf.org, Eric Rescorla <ekr@rtfm.com>, Dominique Lazanski <dml@lastpresslabel.com>, IETF SecDispatch <Secdispatch@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <78ccb680-9ccb-f13f-0442-02833cc7cc92@cs.tcd.ie> <CABcZeBNwmitpkJn0fCbNHOJtJ25yXdk6i6U9wK0a-9hwK1Tqcw@mail.gmail.com> <D484DBE1-8136-42C6-882C-307DC48E06DE@cisco.com> <CABcZeBPrhs+UmWgEu7M8g_6j3+Yzp0+wkz0_OTtvnuUmCUFwSw@mail.gmail.com> <F17D1910-38B1-4919-8C67-E8902C155099@cisco.com> <CAHbuEH4E2Q6WhCpHvbwBqLQFFusXp0Rp6ozuaW4twN6=mBd5Hw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/pflOrm89iR-brwpUNJkSR3Z9JQU>
Subject: Re: [Secdispatch] [Smart] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 14:50:25 -0000

Kathleen,


> I do think there is work for the IRTF as well and would like to see that encouraged.  The shift to strong encryption is good, but upends the current security management models for many.

This is one of the points I made during my talk at RSA.  These technologies by themselves, are all really great.  The problem comes is when you start using all of them together.  To the naive comment earlier that this is about vendors trying to sell product, no, this is about network and cyber defenders and SoC analysts trying to do their job. There are things like regulatory compliance that organizations and enterprises are required to follow. Some times I feel like we are so worried about one piece of the security pie, that we completely neglect the others. 

Here in the IETF everyone needs to better understand how SoC analysts and network/cyber defenders do their jobs, what they are asked to do, and what tools are available to them. 

Bret