Re: [Smart] Draft Charter For SMART Proposed RG

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 28 September 2018 12:08 UTC

To: Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>, "smart@irtf.org" <smart@irtf.org>
References: <666e3975-9fd7-24a9-57ec-53096b9fda1a@cs.tcd.ie> <MMXP123MB0847AC90F1811721351B22D8D7EC0@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABzTJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsLBgAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxM7BTQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAcLBZQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <9e187de0-f816-5c75-8b1f-dc2edc3ea653@cs.tcd.ie>
Date: Fri, 28 Sep 2018 13:08:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <MMXP123MB0847AC90F1811721351B22D8D7EC0@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="nuQFhYDFxS5lYfVQk9Zf3vBOvRbM0mZCM"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/RLG7_tUEAtpoPF8amdfqepPoS28>
Subject: Re: [Smart] Draft Charter For SMART Proposed RG
Precedence: list

Hiya,

On 28/09/18 12:22, Kirsty P wrote:
> How does something like "will investigate how cyber attack defence
> requirements can be met without weakening the protection afforded by
> encryption" sound to you?
Sounds like a good start. Maybe referring to some relevant IETF BCPs
might be useful (e.g. BCP200, BCP188) and/or the IAB statement [1] on
confidentiality) as being foundational things from which this RG wants
to build?

I think another aspect is also worth a mention - to improve privacy,
we'll also often want to deal with identifiers differently from how
we've done that in the past, e.g. to use identifiers that are less
personally identifying or less stable or to remove them entirely
from some protocols or just not put them in new protocols. And that
creates a different tension between privacy and defence.

As examples - in the case of mail there was a discussion a few years
ago on eliding IP addresses from Received: header fields but even
though that's already done by some large mail service providers,
the idea of standardising that freaked out some anti-spam folks:-)
In the case of DHCP, we ended up developing a privacy-friendly profile
so that e.g. clients don't spew their hostname all the time (RFC7844).

So I'd also suggest adding a bit of text ack'ing that such non-crypto
privacy goals are as valid in the trade space as are desires to know
who're the possible guilty parties for some misbehaviour. And in some
cases the privacy goals may well win out over the defence goal to
know who's doing what.

Note that I'm not suggesting that everyone involved in the putative
RG has to have inhaled all the same fumes as me, but given the tensions
in this space and the history, I think it'd be good if this RG has
explicitly bought in to IETF BCPs, so that anyone who's angling to
modify those knows that that ought be done in/by the IETF and not
via RG activity.

Cheers,
S.

[1]
https://www.iab.org/documents/correspondence-reports-documents/2014-2/iab-statement-on-internet-confidentiality/

PS: I'm deliberately not suggesting specific wording because I think
it's likely better if the words used come from yourself and other folks
proposing this.

Attachment: signature.asc
Attachment: 0x5AB2FAF17B172BEA.asc

[Smart] Draft Charter For SMART Proposed RG Kirsty P
Re: [Smart] Draft Charter For SMART Proposed RG Stephen Farrell
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Kirsty P
Re: [Smart] Draft Charter For SMART Proposed RG Kirsty P
Re: [Smart] Draft Charter For SMART Proposed RG Stephen Farrell
Re: [Smart] Draft Charter For SMART Proposed RG Kathleen Moriarty
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG David McGrew (mcgrew)
Re: [Smart] Draft Charter For SMART Proposed RG Kathleen Moriarty
Re: [Smart] Draft Charter For SMART Proposed RG David McGrew (mcgrew)
Re: [Smart] Draft Charter For SMART Proposed RG Kirsty P
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Stephen Farrell
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Suresh Ramasubramanian
Re: [Smart] Draft Charter For SMART Proposed RG Stephen Farrell
Re: [Smart] Draft Charter For SMART Proposed RG Kirsty P
Re: [Smart] Draft Charter For SMART Proposed RG David McGrew (mcgrew)
Re: [Smart] Draft Charter For SMART Proposed RG David McGrew (mcgrew)
Re: [Smart] Draft Charter For SMART Proposed RG David McGrew (mcgrew)
Re: [Smart] Draft Charter For SMART Proposed RG Bret Jordan
Re: [Smart] Draft Charter For SMART Proposed RG Arnaud.Taddei.IETF

Re: [Smart] Draft Charter For SMART Proposed RG

Attachment: signature.asc

Attachment: 0x5AB2FAF17B172BEA.asc