Re: [Smart] Future of SMART

["Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>]

This email is now to reflect on CLESS. I will formalise minutes but need to take a few days off so bare with me.

As announced I proposed to have an open call to discuss the future of CLESS I-D and I prepared slides to support and facilitate this call, see attached (I will look to where to place them in repositories)

The highlights are as below
- 16 people registered and joined and another 9 couldn't make the call but expressed their interest.
- All the proposals were agreed in particular to detach section 5 - Endpoint Model in order to deliver a uniform Attack Surface definition across all endpoints and section 6 - Threat Landscape in order to come over the limits of the MITRE ATT&CK model as 2 separate I-Ds to support CLESS
- We found already one author for the first one as Mark MacFadden and one author for the second one as Simon Edwards and then offline some people asked to join one or the other work
- We discussed several actions (new sections, communication, new production data work, how to incorporate David McGrew's great set of examples on Human Rights attacks, or start an economic section, etc.)
- We believe it will give probably a significant framework for more researchers to join with their specific knowledge on specific 'cells' in the matrix (specific threat landscape
- We heard the shocking news on SMART and discussed for some time that we will seek guidance for how to continue this work in IETF or possibly outside and a few alternatives were expressed
- We (and I) have a number of followup actions as I need to continue specific consultations that are scheduled

So bottom line
- We had a good first call in a good atmosphere with a good group of people
- We are committed to continue
- We have a detailed plan
- We will have at minimum a side meeting in Montreal
- We will discuss our long term future at Montreal and look at ALL alternatives

Again THANK YOU ALL for your support, work and commitment

Hope this helps

Best Regards

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday 8 June 2019 09:31, Arnaud.Taddei.IETF <Arnaud.Taddei.IETF@protonmail.com> wrote:

> Dear Kirsty and Kathleen, no need to say how shocked I was when I realised the news. This is just not only un-understandable, but simply say, this is outrageous. I would like here to recognise your extreme persistency, professionalism, guidance, neutrality, consensus oriented people and field knowledgeable people with now 2 IRTF leaders who obviously did and are doing all what they can to make us fail.
>
> I would like to know exactly WHO took this decision, which people behind, an exact rationale and clarity on WHY this is a diktat from a group of people and WHY the community has no say and what are the procedures here as unfortunately I don't know the process.
>
> Looking at another forming group in parallel to ours in IETF which is about Security which is suffering the same problem, I strongly backup Diego here and would go much more clear text as it is very clear that the templars of the encryption at IETF are being challenged by the security community on their land and do NOT accept that encryption != security. In other words if they do NOT write themselves the 10 commandments of IETF by themselves, we are just 'tourists' as I can hear from abject plenaries in Bangkok and elsewhere. I can understand too that there is a significant level of obscure dark matter at play behind the scenes.
>
> 25 years ago my boss's boss was Brian Carpenter, my office room neighbour was Tim Berners Lee at CERN, I had the chance to work on IMAP, POP3, SMTP, etc. with Bill Yeager, Mark Crispin, John Myers, Chris Newman, Pete Resnick, Ned Freed and many other fine people doing great engineering work for the community and by community I do not mean 'JUST' the cizitens! All the constituencies of the community including enterprises, governments and others. (BTW if anyone listens, I am very frustrated to not have the time to work on JMAP!)
>
> It is very clear now that if at this level a group of individuals who seem to have an absolute diktat and unbalanced power in the IETF leadership is incapable to accept the debate, then this organization will spiral down as I could hear it is already the case from 2 sessions at the HOT RFC session at Prague. I will reserve myself the possibility to make a specific intervention at the next plenary in Montreal.
>
> This is certainly another serious episode at the worse possible moment for the Internet with geopolitics at play that will lead to a balkanisation on the internet where actually a key nerve in this gordian knot being security.
>
> This is a massive regression for the IETF I am afraid and I will monitor this situation carefully.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Friday 7 June 2019 19:52, Diego R. Lopez <diego.r.lopez@telefonica.com> wrote:
>
>> Hi Kirsty,
>>
>> Sorry to hear that SMART was not able to break the cybersecurity “glass ceiling” that has been part of the IETF idiosyncrasy for so long time. Looking at the attendance in Prague and the opinions I heard from many people there I had some hope this time would be… Count on me for any further steps.
>>
>> Be goode,
>>
>> --
>>
>> "Esta vez no fallaremos, Doctor Infierno"
>>
>> Dr Diego R. Lopez
>>
>> Telefonica I+D
>>
>> https://www.linkedin.com/in/dr2lopez/
>>
>> e-mail: diego.r.lopez@telefonica.com
>>
>> Tel:         +34 913 129 041
>>
>> Mobile:  +34 682 051 091
>>
>> ----------------------------------
>>
>> On 06/06/2019, 08:24, "Smart on behalf of Kirsty P" <smart-bounces@irtf.org on behalf of Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org> wrote:
>>
>> I'm sorry to say that SMART is not holding a formal meeting at IETF 105 in Montreal; the charter we
>>
>> proposed was not viewed as defining a programme of research activity suitable for the IRTF. Despite
>>
>> the attendance and interest at SMART's previous meeting at IETF 104 in Prague*, acknowledgement that
>>
>> the IETF’s current security threat model is outdated and under-researched, and contributions of
>>
>> new academic research on SMART topics, it has not been possible to secure a formal meeting at IETF
>>
>> 105 as a proposed IRTF RG.
>>
>> We plan to arrange a side-meeting in Montreal to review the drafts currently in development and
>>
>> discuss the way forward.  Work on the CLESS draft and research projects from CARIS2 will continue
>>
>> and the shape they take may guide the decision for a way forward.
>>
>> We will continue to welcome the knowledge and experience of cyber security experts on this list and
>>
>> encourage these experts to attend IETF and IRTF meetings because their expertise is not commonplace
>>
>> there.  This means both assisting with developing drafts towards the goals of SMART and outcomes
>>
>> from CARIS2, but also integrating into working and research groups to assist with security
>>
>> improvements in developing work. For those who are already regular participants in the IRTF, we hope
>>
>> that you will welcome newcomers who are experts in their own field and learn from what they
>>
>> contribute. We encourage experts to post individual drafts on the topic of detecting and mitigating
>>
>> cyber attack threats, and where these drafts have no natural home in the IETF (and struggle to find
>>
>> one), to cross-post to SMART. SMART and its base will still aim to bring the cyber defence viewpoint
>>
>> and expertise into IETF groups more consistently.
>>
>> Finally, a minor success. When I (Kirsty) first attended an IETF meeting, one concerning security
>>
>> aspect that stood out for me was the IETF view of the Internet threat model, which bizarrely doesn't
>>
>> major on the vast scale and variety of cyber attacks we see today. Now there are two drafts
>>
>> discussing this threat model and its need to be updated: draft-arkko-arch-internet-threat-model and
>>
>> draft-farrell-etm. Both drafts start a needed analysis of Internet security, which will need to be
>>
>> supported by robust research. Although the IRTF will not presently support the creation of a RG to
>>
>> stimulate research in this area, the SMART non-working group mailing list can still be a place to
>>
>> bring and share evidence on protocol-enabled attacks.
>>
>> Thank you to everyone who continues to support improving cyber defence on the Internet. We hope that
>>
>> SMART has started enough conversations that, in future, every person who designs a part of the
>>
>> Internet will have a solid knowledge of attack defence. Ultimately, however SMART work happens and
>>
>> whoever leads the effort, the need to improve security and reduce all types of attacks (and not
>>
>> create new ones!) should be the most important priority for the people who design the Internet.
>>
>> Kirsty & Kathleen
>>
>> *We were the 10th most attended session of the week, with 150 people at the meeting and roughly half
>>
>> of the room willing to work on these topics.
>>
>> This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
>>
>> ---------------------------------------------------------------
>>
>> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
>>
>> The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
>>
>> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição