IETF Logo Mail Archive

Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Bret Jordan <jordan.ietf@gmail.com> Mon, 15 July 2019 00:45 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 716BA12018D for <smart@ietfa.amsl.com>; Sun, 14 Jul 2019 17:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id owfEvbcK4sis for <smart@ietfa.amsl.com>; Sun, 14 Jul 2019 17:45:25 -0700 (PDT)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B43C12010C for <smart@irtf.org>; Sun, 14 Jul 2019 17:45:25 -0700 (PDT)
Received: by mail-pg1-x536.google.com with SMTP id l21so6868773pgm.3 for <smart@irtf.org>; Sun, 14 Jul 2019 17:45:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=gyoGR8Vw+tWFHlSz5+QiQ4kpvJ/bOGeNbks2BNstQSU=; b=oXm42KdhX7CY96ozikbQ2Z5KzAN2JSFN8A2qAzvat+UXxoFGbq7ZVkB3i62nLAHfaQ h0e/QX9Sn9hWLaQXPftmH5VVSsou7UiTwgB/8EhA0pOjBSiKnSjfMwo2ZLo/CuOYtlLn 1RTBLhQINyJdrzmUliCZcpdmwordA3H9ykX5fd3d1EJ//e6Cr/EnOvHNjYkTdZ1X3/Nj BYixkbb3YXn+b1dIyuYlI9gFoOotzGTkcngNmL2WgA/od0FaI81b+X4Ol9KOr7Hz408+ cnXROZ1L0sNAW37gNBEisf190KH/WcVzYjkcCqC2752qB8I7NFUyq/g/vKMzHAVtLLbW sKsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=gyoGR8Vw+tWFHlSz5+QiQ4kpvJ/bOGeNbks2BNstQSU=; b=QltxdlnC1L/XeNQ8wgoidY24Qj73R3JlmNG6eHoHOMjxFiOrVR4BhzYMvSDopdsrvU MPgXE6VFZrC+6satalLb3cndnCSJxxjtfaCDPwJOv701xK6Rw+UDYgsuuKqdxT4HVglg Y1+zXD6gUNOCiR/gFSgHQmdtdIy8Hib/J1qYLxA7qv9qmAag3tZkp5xyGgZVW89Pw8pT XMS63ccEu3lVW/bjYZ65sxLcjcJpjptwrYDLpPDnIt0IRdnZIJXV0hUOpKv9utSJvs90 uNDSkJanutrVJn4LMU+AM9ZJbWvm86OPdvgJNU3vQX+MC9q9/LGM+2G4ZeetS44zGIcu jLuA==
X-Gm-Message-State: APjAAAXz/heI1fwbwFXGbVfanUCNJrH6IoNFxFkooBbtpFFDSI6uv2U6 CKhsfRS6nxOwA3+sr0CCAo4=
X-Google-Smtp-Source: APXvYqymkA/GonY23/ji9lkTi1ZmoPlR4IV5VGQ6oPEm62OUKbGXn5H+e4TeQFTUo+JBflfRV7rIOQ==
X-Received: by 2002:a17:90a:5806:: with SMTP id h6mr25488907pji.126.1563151524648; Sun, 14 Jul 2019 17:45:24 -0700 (PDT)
Received: from ?IPv6:2605:a601:a990:4d00:6893:ce36:fd8f:62a0? ([2605:a601:a990:4d00:6893:ce36:fd8f:62a0]) by smtp.gmail.com with ESMTPSA id k36sm16589396pgl.42.2019.07.14.17.45.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jul 2019 17:45:23 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <E826FFCF-2F43-4816-9A45-CB876567CECE@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_89C7521D-F535-4D79-BC7F-913F8135617D"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 14 Jul 2019 18:45:21 -0600
In-Reply-To: <CABcZeBOd9YM04OiY1BLw+YTn6FZKVg7PczLMggnowLjPo=k5Lg@mail.gmail.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, smart@irtf.org, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Dominique Lazanski <dml@lastpresslabel.com>, IETF SecDispatch <Secdispatch@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Eric Rescorla <ekr@rtfm.com>
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <78ccb680-9ccb-f13f-0442-02833cc7cc92@cs.tcd.ie> <CABcZeBNwmitpkJn0fCbNHOJtJ25yXdk6i6U9wK0a-9hwK1Tqcw@mail.gmail.com> <CAMm+Lwim0UK9YOO0vh+O0eOCQjZgsPQLdFZFQgsbpxpFNZChrA@mail.gmail.com> <CABcZeBOd9YM04OiY1BLw+YTn6FZKVg7PczLMggnowLjPo=k5Lg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/GR8hKDEz3PxLdsaUme1QWUZWw1U>
Subject: Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 00:45:27 -0000

Hello,


> Hmm... restricting the requirements according to what problems we think we know how to solve seems to be a bit of a systematic problem in the industry. 
> 
> Without taking the position on the industry as a whole, the E in IETF stands for "engineering", so I think trying to solve problems we know how to solve is prudent. As the list of things we know how to solve increases, then we ought to attempt to solve those as well.
> 

Yes, but first we need to make sure we have the open discussions in a congenial manner.  We also need to full understand what is needed by operational security to prevent threat actors and intrusion sets from destroying their networks, users, systems, and data.  

There are many good eco-systems that have very advanced security engineers in them, we should work with them and communicate with them. It would be good for some of us from the IETF to go to these groups and explain what we are working on, why we are working on it, and then ask for feedback from their perspective.  

I believe a document written by the IETF that talks more plainly about the whole security pie, and what parts the IETF is going to try and work on, would be helpful.  We can not boil the ocean.  Further, some parts are better solved outside of the IETF.  We just need to make sure the things we do, do not make other elements of operational security impossible. 

Bret

v2.23.0 | Report a Bug | By Email