IETF Logo Mail Archive

[Smart] Future of SMART

Kirsty P <Kirsty.p@ncsc.gov.uk> Thu, 06 June 2019 06:24 UTC

Return-Path: <Kirsty.p@ncsc.gov.uk>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D034120182 for <smart@ietfa.amsl.com>; Wed, 5 Jun 2019 23:24:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbIAEqfrQhMB for <smart@ietfa.amsl.com>; Wed, 5 Jun 2019 23:24:10 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110108.outbound.protection.outlook.com [40.107.11.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C6F812015A for <smart@irtf.org>; Wed, 5 Jun 2019 23:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/WcpEH/HRiziSkk4D3bK4V4SpaXMvyIR0ksVe5zW+GU=; b=BCnGXc+yXHSRfpX4e1eJL35K2P41iMumP1Q5s65S7f7UBLfb9hPyasQ0P9KYsc0aPtyiFPEbU4NzT8vK1Fl919XgGg+vcpofCMWfS53rR5K4MdcVGujJEdkf/leXBb2RQh0RelJzd9OqiHtJo6vyXwMgJDCgC+w+ZRaIYRcivjI=
Received: from LO2P123MB1727.GBRP123.PROD.OUTLOOK.COM (20.176.156.14) by LO2P123MB1728.GBRP123.PROD.OUTLOOK.COM (20.176.154.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Thu, 6 Jun 2019 06:24:06 +0000
Received: from LO2P123MB1727.GBRP123.PROD.OUTLOOK.COM ([fe80::745c:3ae7:33ae:8ccf]) by LO2P123MB1727.GBRP123.PROD.OUTLOOK.COM ([fe80::745c:3ae7:33ae:8ccf%7]) with mapi id 15.20.1965.011; Thu, 6 Jun 2019 06:24:06 +0000
From: Kirsty P <Kirsty.p@ncsc.gov.uk>
To: "smart@irtf.org" <smart@irtf.org>
Thread-Topic: Future of SMART
Thread-Index: AQHVG9wC9vmEs7pjO0OLvUS74G5zkA==
Date: Thu, 06 Jun 2019 06:24:06 +0000
Message-ID: <LO2P123MB1727FB15DA8EEA46AF433D73D7160@LO2P123MB1727.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk;
x-originating-ip: [51.140.78.31]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 21749eeb-487a-420d-1853-08d6ea4793bd
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:LO2P123MB1728;
x-ms-traffictypediagnostic: LO2P123MB1728:
x-microsoft-antispam-prvs: <LO2P123MB1728DC17F0F3C50014C038E6D7170@LO2P123MB1728.GBRP123.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00603B7EEF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(346002)(366004)(39840400004)(396003)(189003)(199004)(5660300002)(86362001)(316002)(72206003)(7696005)(256004)(71190400001)(14454004)(14444005)(478600001)(2351001)(66066001)(6116002)(3846002)(52536014)(486006)(2501003)(2906002)(6436002)(74482002)(73956011)(476003)(53936002)(66946007)(6916009)(7116003)(71200400001)(8936002)(75922002)(66574012)(25786009)(3480700005)(54896002)(55016002)(186003)(5640700003)(26005)(55236004)(6506007)(33656002)(99286004)(66556008)(9686003)(76116006)(102836004)(68736007)(66476007)(7736002)(64756008)(74316002)(66446008)(81166006)(8676002)(81156014)(1730700003); DIR:OUT; SFP:1102; SCL:1; SRVR:LO2P123MB1728; H:LO2P123MB1727.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /S5EjkZPzDlO3Bb6G6aVG/uDktEfcrJMkKiHbUb1z4bcS/74ARcaTsmZcGrlQ9nKh24Ha3Vf7nhoGknSrv3yskdVyec0bAOjQ1UX3EnB5v9ZshPam5SocsVC+QeftDWkcL/MeD9Lqa+X+AFl8nK0XIj+JujgNb88RPq8yeA64/sz4xXugUlXjK6sKvrPzQkiZJAcJAKQa2yfgHb4jwzPFpItdnepI36VMm5G30ahnJhxb6BPe/9cC7TfhIJfuhq1KMKj1NKK3FdiMJb8lidtNCMqFqgu1LVyRsX23HOhkRTnLUeANvuKupjLHPbGnhflX+DO41W7AM2EqobRLRSNe/hPcAqD9blJyET7T/y8R25aGeu2f7kZzSSQ0p2rv+bq7RRoYxzKde1U60zOr7FeY4u9hXnW/c9UgZCGEbdp3Ns=
Content-Type: multipart/alternative; boundary="_000_LO2P123MB1727FB15DA8EEA46AF433D73D7160LO2P123MB1727GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 21749eeb-487a-420d-1853-08d6ea4793bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jun 2019 06:24:06.0955 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kirsty62596@ncsc.gov.uk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P123MB1728
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/BjRXl0W9q4Ve5r3YLDqLzkgndfI>
Subject: [Smart] Future of SMART
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 06:24:12 -0000

I'm sorry to say that SMART is not holding a formal meeting at IETF 105 in Montreal; the charter we
proposed was not viewed as defining a programme of research activity suitable for the IRTF. Despite
the attendance and interest at SMART's previous meeting at IETF 104 in Prague*, acknowledgement that
the IETF’s current security threat model is outdated and under-researched, and contributions of
new academic research on SMART topics, it has not been possible to secure a formal meeting at IETF
105 as a proposed IRTF RG.

We plan to arrange a side-meeting in Montreal to review the drafts currently in development and
discuss the way forward.  Work on the CLESS draft and research projects from CARIS2 will continue
and the shape they take may guide the decision for a way forward.

We will continue to welcome the knowledge and experience of cyber security experts on this list and
encourage these experts to attend IETF and IRTF meetings because their expertise is not commonplace
there.  This means both assisting with developing drafts towards the goals of SMART and outcomes
from CARIS2, but also integrating into working and research groups to assist with security
improvements in developing work. For those who are already regular participants in the IRTF, we hope
that you will welcome newcomers who are experts in their own field and learn from what they
contribute. We encourage experts to post individual drafts on the topic of detecting and mitigating
cyber attack threats, and where these drafts have no natural home in the IETF (and struggle to find
one), to cross-post to SMART. SMART and its base will still aim to bring the cyber defence viewpoint
and expertise into IETF groups more consistently.

Finally, a minor success. When I (Kirsty) first attended an IETF meeting, one concerning security
aspect that stood out for me was the IETF view of the Internet threat model, which bizarrely doesn't
major on the vast scale and variety of cyber attacks we see today. Now there are two drafts
discussing this threat model and its need to be updated: draft-arkko-arch-internet-threat-model and
draft-farrell-etm. Both drafts start a needed analysis of Internet security, which will need to be
supported by robust research. Although the IRTF will not presently support the creation of a RG to
stimulate research in this area, the SMART non-working group mailing list can still be a place to
bring and share evidence on protocol-enabled attacks.

Thank you to everyone who continues to support improving cyber defence on the Internet. We hope that
SMART has started enough conversations that, in future, every person who designs a part of the
Internet will have a solid knowledge of attack defence. Ultimately, however SMART work happens and
whoever leads the effort, the need to improve security and reduce all types of attacks (and not
create new ones!) should be the most important priority for the people who design the Internet.

Kirsty & Kathleen


*We were the 10th most attended session of the week, with 150 people at the meeting and roughly half
of the room willing to work on these topics.
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk

v2.23.0 | Report a Bug | By Email