Re: [Smart] Future of SMART

[Henry Story <henry.story@co-operating.systems>]

I am sorry I could not attend the Prague summit, for the simple reason that I
just have used up all my savings, and was working hard to finish my 2nd year 
PhD report which had to be returned on April 1st. I am happy to say it passed.
But I am out of funds.

The part of the thesis relevant to this group comes from a geopolitical observation
that what is missing on the web (and internet) are ways for people to recognise
institutions. In real life we recognize these because these come with buildings
that cannot be built overnight or faked. They are in full public view. On the internet
on the other hand it is easy to do both.

To add that feature to the internet we need an institutional web of trust, 
that allows citizens to recognize their institutions (universities, companies, 
governments, health, etc…) and those of other countries related by diplomatic 
links to their own. 

I gave an outline of how that could work here
"Stopping (https) phishing"
https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9

and showed how the same logic used by Abadi for distributed security
could be used for thinking about user interfaces

"Phishing in Context — Epistemology of the screen"
https://medium.com/cybersoton/phishing-in-context-9c84ca451314

If people are interested in helping further work on this please let me know.
It requires both thinking of the internet as in terms of geopolitics, security,
institutions, semantics (and so the semantic web) and insitutions.

This requires one to bring some very different fields together,
and some of them appear in mathematical dual spaces. For example the IETF
works mostly with Protocols, which are coalgebraic, and the W3C with data
that are algebraic. In the thesis I even detail how this distinction created
misunderstandings within the semantic web and linked data community, which
is rather more closely knit.

Anyway, I am up for helping on these projects for anyone with funds.

Sincerely,

	Henry Story

> On 6 Jun 2019, at 08:24, Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org> wrote:
> 
> 
> I'm sorry to say that SMART is not holding a formal meeting at IETF 105 in Montreal; the charter we
> proposed was not viewed as defining a programme of research activity suitable for the IRTF. Despite
> the attendance and interest at SMART's previous meeting at IETF 104 in Prague*, acknowledgement that
> the IETF’s current security threat model is outdated and under-researched, and contributions of
> new academic research on SMART topics, it has not been possible to secure a formal meeting at IETF
> 105 as a proposed IRTF RG. 
> 
> We plan to arrange a side-meeting in Montreal to review the drafts currently in development and
> discuss the way forward.  Work on the CLESS draft and research projects from CARIS2 will continue
> and the shape they take may guide the decision for a way forward.
> 
> We will continue to welcome the knowledge and experience of cyber security experts on this list and
> encourage these experts to attend IETF and IRTF meetings because their expertise is not commonplace
> there.  This means both assisting with developing drafts towards the goals of SMART and outcomes
> from CARIS2, but also integrating into working and research groups to assist with security
> improvements in developing work. For those who are already regular participants in the IRTF, we hope
> that you will welcome newcomers who are experts in their own field and learn from what they
> contribute. We encourage experts to post individual drafts on the topic of detecting and mitigating
> cyber attack threats, and where these drafts have no natural home in the IETF (and struggle to find
> one), to cross-post to SMART. SMART and its base will still aim to bring the cyber defence viewpoint
> and expertise into IETF groups more consistently.
> 
> Finally, a minor success. When I (Kirsty) first attended an IETF meeting, one concerning security
> aspect that stood out for me was the IETF view of the Internet threat model, which bizarrely doesn't
> major on the vast scale and variety of cyber attacks we see today. Now there are two drafts
> discussing this threat model and its need to be updated: draft-arkko-arch-internet-threat-model and
> draft-farrell-etm. Both drafts start a needed analysis of Internet security, which will need to be
> supported by robust research. Although the IRTF will not presently support the creation of a RG to
> stimulate research in this area, the SMART non-working group mailing list can still be a place to
> bring and share evidence on protocol-enabled attacks.
> 
> Thank you to everyone who continues to support improving cyber defence on the Internet. We hope that
> SMART has started enough conversations that, in future, every person who designs a part of the
> Internet will have a solid knowledge of attack defence. Ultimately, however SMART work happens and
> whoever leads the effort, the need to improve security and reduce all types of attacks (and not
> create new ones!) should be the most important priority for the people who design the Internet.
> 
> Kirsty & Kathleen
> 
> 
> *We were the 10th most attended session of the week, with 150 people at the meeting and roughly half
> of the room willing to work on these topics.
> This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk -- 
> Smart mailing list
> Smart@irtf.org
> https://www.irtf.org/mailman/listinfo/smart