IETF Logo Mail Archive

Re: [Smart] Future of SMART

"Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com> Sat, 08 June 2019 07:31 UTC

Return-Path: <Arnaud.Taddei.IETF@protonmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7E81120131 for <smart@ietfa.amsl.com>; Sat, 8 Jun 2019 00:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_WORDY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9RZr5trDia3 for <smart@ietfa.amsl.com>; Sat, 8 Jun 2019 00:31:27 -0700 (PDT)
Received: from mail1.protonmail.ch (mail1.protonmail.ch [185.70.40.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C97C12002E for <smart@irtf.org>; Sat, 8 Jun 2019 00:31:25 -0700 (PDT)
Date: Sat, 08 Jun 2019 07:31:21 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1559979082; bh=Gyrb9dEiCVvhCIr+MGWz90xDJWYS//gUJ/Kniwbxeb0=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=Z0wuxCW8EWWLkNJ0oL8D+ZjHE2p6UEUT2ROf9OufTtWheL0ZVx4UEXgE+gRIXVuus 0aFRXaHjp35vTbJvcehkzaY0ERmIGD0zzpzC5x3IbOPfKtaADgbGD8SB6oRq2VASEN JfjbJgIGG4XhK8Bq3nHauTIm7xM9hfOLvkGNMZjw=
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
From: "Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>
Cc: Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>, "smart@irtf.org" <smart@irtf.org>
Reply-To: "Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>
Message-ID: <TvfzYanZeApB0qDNS9TiyFOkzGjYl2zpllLt23BONykMIg_oFWmslR4RKKlt8fzK3KVPthYPs0r0T8h83HRskEgOnMrFn2Ixrf9vXe_5-IY=@protonmail.com>
In-Reply-To: <EFC3FB41-DCC4-4082-9897-60F6B7C00BBC@telefonica.com>
References: <EFC3FB41-DCC4-4082-9897-60F6B7C00BBC@telefonica.com>
Feedback-ID: kou6vaSHQeY5dgFN9dCIYKo4z6hnnNmKuV4IBJw2wx4vSVPtftyhWUTBigri6zMJ3K1hxYJjI-3RAIGaizMt5g==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_4559db079714f2dfa042194694bf33d1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/Ivl7o0ZpbKxTNPWPQPZ5LilTZwg>
Subject: Re: [Smart] Future of SMART
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2019 07:31:31 -0000

Dear Kirsty and Kathleen, no need to say how shocked I was when I realised the news. This is just not only un-understandable, but simply say, this is outrageous. I would like here to recognise your extreme persistency, professionalism, guidance, neutrality, consensus oriented people and field knowledgeable people with now 2 IRTF leaders who obviously did and are doing all what they can to make us fail.

I would like to know exactly WHO took this decision, which people behind, an exact rationale and clarity on WHY this is a diktat from a group of people and WHY the community has no say and what are the procedures here as unfortunately I don't know the process.

Looking at another forming group in parallel to ours in IETF which is about Security which is suffering the same problem, I strongly backup Diego here and would go much more clear text as it is very clear that the templars of the encryption at IETF are being challenged by the security community on their land and do NOT accept that encryption != security. In other words if they do NOT write themselves the 10 commandments of IETF by themselves, we are just 'tourists' as I can hear from abject plenaries in Bangkok and elsewhere. I can understand too that there is a significant level of obscure dark matter at play behind the scenes.

25 years ago my boss's boss was Brian Carpenter, my office room neighbour was Tim Berners Lee at CERN, I had the chance to work on IMAP, POP3, SMTP, etc. with Bill Yeager, Mark Crispin, John Myers, Chris Newman, Pete Resnick, Ned Freed and many other fine people doing great engineering work for the community and by community I do not mean 'JUST' the cizitens! All the constituencies of the community including enterprises, governments and others. (BTW if anyone listens, I am very frustrated to not have the time to work on JMAP!)

It is very clear now that if at this level a group of individuals who seem to have an absolute diktat and unbalanced power in the IETF leadership is incapable to accept the debate, then this organization will spiral down as I could hear it is already the case from 2 sessions at the HOT RFC session at Prague. I will reserve myself the possibility to make a specific intervention at the next plenary in Montreal.

This is certainly another serious episode at the worse possible moment for the Internet with geopolitics at play that will lead to a balkanisation on the internet where actually a key nerve in this gordian knot being security.

This is a massive regression for the IETF I am afraid and I will monitor this situation carefully.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday 7 June 2019 19:52, Diego R. Lopez <diego.r.lopez@telefonica.com> wrote:

> Hi Kirsty,
>
> Sorry to hear that SMART was not able to break the cybersecurity “glass ceiling” that has been part of the IETF idiosyncrasy for so long time. Looking at the attendance in Prague and the opinions I heard from many people there I had some hope this time would be… Count on me for any further steps.
>
> Be goode,
>
> --
>
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
>
> Telefonica I+D
>
> https://www.linkedin.com/in/dr2lopez/
>
> e-mail: diego.r.lopez@telefonica.com
>
> Tel:         +34 913 129 041
>
> Mobile:  +34 682 051 091
>
> ----------------------------------
>
> On 06/06/2019, 08:24, "Smart on behalf of Kirsty P" <smart-bounces@irtf.org on behalf of Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org> wrote:
>
> I'm sorry to say that SMART is not holding a formal meeting at IETF 105 in Montreal; the charter we
>
> proposed was not viewed as defining a programme of research activity suitable for the IRTF. Despite
>
> the attendance and interest at SMART's previous meeting at IETF 104 in Prague*, acknowledgement that
>
> the IETF’s current security threat model is outdated and under-researched, and contributions of
>
> new academic research on SMART topics, it has not been possible to secure a formal meeting at IETF
>
> 105 as a proposed IRTF RG.
>
> We plan to arrange a side-meeting in Montreal to review the drafts currently in development and
>
> discuss the way forward.  Work on the CLESS draft and research projects from CARIS2 will continue
>
> and the shape they take may guide the decision for a way forward.
>
> We will continue to welcome the knowledge and experience of cyber security experts on this list and
>
> encourage these experts to attend IETF and IRTF meetings because their expertise is not commonplace
>
> there.  This means both assisting with developing drafts towards the goals of SMART and outcomes
>
> from CARIS2, but also integrating into working and research groups to assist with security
>
> improvements in developing work. For those who are already regular participants in the IRTF, we hope
>
> that you will welcome newcomers who are experts in their own field and learn from what they
>
> contribute. We encourage experts to post individual drafts on the topic of detecting and mitigating
>
> cyber attack threats, and where these drafts have no natural home in the IETF (and struggle to find
>
> one), to cross-post to SMART. SMART and its base will still aim to bring the cyber defence viewpoint
>
> and expertise into IETF groups more consistently.
>
> Finally, a minor success. When I (Kirsty) first attended an IETF meeting, one concerning security
>
> aspect that stood out for me was the IETF view of the Internet threat model, which bizarrely doesn't
>
> major on the vast scale and variety of cyber attacks we see today. Now there are two drafts
>
> discussing this threat model and its need to be updated: draft-arkko-arch-internet-threat-model and
>
> draft-farrell-etm. Both drafts start a needed analysis of Internet security, which will need to be
>
> supported by robust research. Although the IRTF will not presently support the creation of a RG to
>
> stimulate research in this area, the SMART non-working group mailing list can still be a place to
>
> bring and share evidence on protocol-enabled attacks.
>
> Thank you to everyone who continues to support improving cyber defence on the Internet. We hope that
>
> SMART has started enough conversations that, in future, every person who designs a part of the
>
> Internet will have a solid knowledge of attack defence. Ultimately, however SMART work happens and
>
> whoever leads the effort, the need to improve security and reduce all types of attacks (and not
>
> create new ones!) should be the most important priority for the people who design the Internet.
>
> Kirsty & Kathleen
>
> *We were the 10th most attended session of the week, with 150 people at the meeting and roughly half
>
> of the room willing to work on these topics.
>
> This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
>
> ---------------------------------------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
>
> The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email