Re: [Smart] Draft Charter For SMART Proposed RG

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 28 September 2018 22:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAFE130E07 for <smart@ietfa.amsl.com>; Fri, 28 Sep 2018 15:43:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHLcLedpuxrN for <smart@ietfa.amsl.com>; Fri, 28 Sep 2018 15:43:33 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB67E127133 for <smart@irtf.org>; Fri, 28 Sep 2018 15:43:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A7E10BE55; Fri, 28 Sep 2018 23:43:29 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KySkM3NBms0q; Fri, 28 Sep 2018 23:43:26 +0100 (IST)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 31E4FBE51; Fri, 28 Sep 2018 23:43:24 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1538174606; bh=gRDcdxWHL/Xy/PE+Nxm/Pjf6G25ne4/OqaPGpjnGsOg=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=PRjOMK+2wcZNFB0pJhk2nrQ2g4ftSSVVZP+YrS4V3WxWhvpSsZqzrpkkY6Ge//wvu Cn9nXwWzgHjuMRiBX1YKS/Nma5VRYKWxfljViQjKv10VQpn1AaAAx2ELoRdPM5d10D d1pC519H9LNH0bajkLQQK922MAqNjcZBLCGNe+/M=
To: Bret Jordan <jordan.ietf@gmail.com>, "David McGrew (mcgrew)" <mcgrew@cisco.com>
Cc: "smart@irtf.org" <smart@irtf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org" <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>
References: <MMXP123MB0847E55749751AA12D26DBFAD7150@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM> <B681C76A-CE1F-4C4B-8389-658A01D0E77E@gmail.com> <064F1F53-248C-4BBD-8C2D-59A4F71874DB@cisco.com> <CAHbuEH5hgU0dGn=bcz8zA9Vr3S01W1UpsBH_EiBcD6pzDHLthw@mail.gmail.com> <AFBF879B-7638-4B83-B986-FC12C44753E3@cisco.com> <1C0FF090-9AE0-4D99-8E4D-57893643785C@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABzTJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsLBgAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxM7BTQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAcLBZQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <b1d39c5d-4d49-303d-559d-f365d42dd8bc@cs.tcd.ie>
Date: Fri, 28 Sep 2018 23:43:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1C0FF090-9AE0-4D99-8E4D-57893643785C@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="uIbC9QBhutuXIJBf9Fvdeox6v3C9O4jzV"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/_7vxvXqe1gbNcoeAmV2vgEqeVLQ>
Subject: Re: [Smart] Draft Charter For SMART Proposed RG
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2018 22:43:38 -0000

Hiya,

On 28/09/18 23:21, Bret Jordan wrote:
> I think the use of cyber security and cyber defense are well
> understood in the market 

I'm not sure "the market" is the target readership in this case,
if what we're after is as-stated.

> and I am personally okay with their use.

I'm against the use of ill-defined and widely-abused marketing
terms for things like this where rigour is better. The IETF and
IRTF were, I think, wise to not go along with (ab)uses of the
"cloud" term despite people then claiming that'd be a good plan.
And I think the same applies here.

Anyway, I'd suggest avoiding contentious terms, (the set of
cyberblah terms are I think contentious in this context) and
trying to be precise even if that consumes more words. (Those
are cheap enough I think:-)

Cheers,
S.

> Given the target audience of a lot of these work products, the use of
> cyber* will be more wildly accepted than some of the other terms that
> will just be found to be confusing.
> 
> 
> Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8
> ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however,
> the only thing that can not be unscrambled is an egg."
> 
>> On Sep 28, 2018, at 10:26 AM, David McGrew (mcgrew)
>> <mcgrew@cisco.com> wrote:
>> 
>> Hi Kathleen,
>> 
>> Please see inline:
>> 
>> From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com
>> <mailto:kathleen.moriarty.ietf@gmail.com>> Date: Friday, September
>> 28, 2018 at 12:04 PM To: mcgrew <mcgrew@cisco.com
>> <mailto:mcgrew@cisco.com>> Cc:
>> "Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org
>> <mailto:Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>"
>> <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org
>> <mailto:Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>>, "smart@irtf.org
>> <mailto:smart@irtf.org>" <smart@irtf.org <mailto:smart@irtf.org>> 
>> Subject: Re: [Smart] Draft Charter For SMART Proposed RG
>> 
>>> Hi David,
>>> 
>>> Thank you very much for the detailed feedback.  I have limited
>>> time at the moment, but was the one who helped remove the word
>>> cyber from earlier versions of the charter in an effort to use
>>> terms that are well understood.  Do you have a suggestion that
>>> improves from attack defense, but doesn't include cyber?
>> 
>> 
>> Not off the top of my head, but I agree with the need to use well
>> defined terms, because we hope to engage multiple communities.
>> Perhaps we would be better off defining exactly what we mean.  I
>> had actually looked through RFC4949 for a reference, with no luck.
>> 
>> 
>> Thanks
>> 
>> David
>> 
>> 
>>> Sorry for the top post on very helpful feedback (more on that
>>> later from at least one of us).
>>> 
>>> Glad to see you engaged in the conversation!
>>> 
>>> Best regards, Kathleen
>>> 
>>> 
>>> On Fri, Sep 28, 2018 at 11:49 AM David McGrew (mcgrew)
>>> <mcgrew@cisco.com <mailto:mcgrew@cisco.com>> wrote:
>>>> Hi Kirsty and others,
>>>> 
>>>> Thanks for doing this; I very much like the idea of forming an
>>>> RG that addresses these issues.  An RG where protocol geeks can
>>>> talk to the threat defense community would be goodness.
>>>> 
>>>> Some detailed comments below.   Please don’t misinterpret
>>>> these comments as being negative on the idea of the RG; the
>>>> intent is to refine the charter.
>>>> 
>>>> I like Stephen’s suggestions of making it an explicit goal to
>>>> preserve privacy, and citing BCPs.
>>>> 
>>>> More inline:
>>>> 
>>>>> 
>>>>> On Sep 26, 2018, at 9:36 AM, Kirsty P
>>>>> <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org
>>>>> <mailto:Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>> wrote:
>>>>> 
>>>>>> This is the draft charter for the Proposed Research Group:
>>>>>> Stopping Malware and Researching Threats (SMART). Your
>>>>>> thoughts and suggestions are very welcome - please post to
>>>>>> the list with your comments! - and keep an eye out for a
>>>>>> list of proposed research problems soon...
>>>>>> 
>>>>>> 
>>>>>> # Stopping Malware and Researching Threats (SMART) Proposed
>>>>>> RG - Draft Charter
>>>>>> 
>>>>>> ## BACKGROUND
>>>> 
>>>> The first paragraph below probably should precede the
>>>> Background heading.   I suggest adding a background that
>>>> outlines cybersecurity issues like the cost of data breaches
>>>> and the high time-to-detection.
>>>>>> The Stopping Malware and Researching Threats Research Group
>>>>>> (or SMART RG) will investigate how cyber attack defence
>>>>>> requirements can be met in a world of encrypted data.
>>>> 
>>>> I suggest moving the “world of encrypted data” out of the
>>>> intro sentence, and relegating it to somewhere further down.
>>>> It’s important, but not the only consideration, and we
>>>> don’t want to give people the false impression that the RG is
>>>> about backdoors in crypto or other ulterior motives.  The
>>>> following sentence would be a good opener.
>>>>>> It will research the effects, both positive and negative,
>>>>>> of existing, proposed and newly published protocols and
>>>>>> Internet standards on attack defence.
>>>> 
>>>> I suggest replacing “attack defense” with
>>>> “cybersecurity” throughout, and defining cybersecurity as
>>>> including the security of the information and the computers and
>>>> communication systems.   My thinking here is that we should
>>>> emphasize that SMART is considering the security aspects beyond
>>>> just the communication security of the protocols.  It might be
>>>> worth adding something about how endpoint system security is at
>>>> least as important as protocol/communication security, as it
>>>> doesn’t matter how wise one is about cryptography if the
>>>> attacker can exfiltrate their keys.
>>>> 
>>>> On “negative effects”, what we are most concerned with are
>>>> negative externalities in an economic sense, that is,
>>>> unintended costs or harm that people who design, implement,
>>>> deploy, and operate protocols on the internet can cause to
>>>> others.    It would be good to call this out in the charter.
>>>> It is already best current practice to avoid negative
>>>> externalities in the context of DoS attacks (RFC4732, say), and
>>>> it would be healthy for the internet to have the RG consider
>>>> externalities around other types of threats.  For instance, the
>>>> interaction between IP blacklisting and Tor, as presented by
>>>> Singh et. al. at ANRW 18
>>>> (https://dl.acm.org/citation.cfm?id=3232786&dl=ACM&coll=DL
>>>> <https://dl.acm.org/citation.cfm?id=3232786&dl=ACM&coll=DL>)
>>>> deserves more discussion.
>>>>>> It will gather evidence from information security
>>>>>> practitioners on methods used to defend against attacks and
>>>>>> make this available to protocol designers. As a result,
>>>>>> designers, implementers and users of new protocols will be
>>>>>> better informed about the possible impact on attack
>>>>>> prevention and mitigation.
>>>> 
>>>> I suggest using “protocol designers, implementers, and
>>>> users” throughout, instead of focusing on protocol designers.
>>>> Also, it might be good to think even more broadly here, because
>>>> what network and server operators do (or don’t do) can have
>>>> important effects (e.g. spoofing due to the lack of ingress
>>>> filtering, and vulnerable servers used to launch attacks).
>>>>>> 
>>>>>> 
>>>>>> The IRTF is in a unique position to provide this research
>>>>>> and evidence to the IETF.
>>>> 
>>>> It’s a good idea to focus on research and evidence,
>>>> especially around malicious activity observed on the internet
>>>> or network behaviors seen in malware sandboxes, honeypots, etc.
>>>> 
>>>>>> This research group aims to describe the effect of protocol
>>>>>> changes where relevant and stimulate methodical research
>>>>>> into attack defence methods for new protocols. Protocols
>>>>>> are already rigorously assessed for their security
>>>>>> properties, but ensuring attack defence methods are also
>>>>>> rigorously assessed alongside protocol design changes would
>>>>>> provide a fuller understanding of the value for such
>>>>>> change, enabling a better engineered Internet.
>>>> 
>>>> Instead of “attack defence methods” in the above, I suggest
>>>> something like “impact on cybersecurity”.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ## AIMS This research group has these major aims: To bring
>>>>>> evidence on attacks and the methods that are or could be
>>>>>> used to defend against them to the attention of the IETF.
>>>> 
>>>> More generally, I think we would like to see research on
>>>> malicious network behavior.
>>>>>> To highlight the attack mitigation impact, both positive
>>>>>> and negative, of new protocols and updates to existing
>>>>>> protocols.
>>>> 
>>>> Instead of “new protocols” I suggest “protocol design,
>>>> deployment, and operation”.
>>>>>> To stimulate and generate research into attack defence
>>>>>> methods for new protocols, and to increase awareness in the
>>>>>> technical community of new and existing methodology for
>>>>>> detecting and mitigating attacks. To provide systematic
>>>>>> guidance to designers of new protocols as to what attack
>>>>>> defence considerations to review, and to inform
>>>>>> implementers by default about the effects of new protocols
>>>>>> on attack defence. To produce problem statements that
>>>>>> describe key issues in cyber security for the group to
>>>>>> research (initial research project ideas are listed
>>>>>> below).
>>>> 
>>>> I suggest putting the problem statements bullet right after the
>>>> first bullet, as the RG should be presenting research findings
>>>> first, then creating problem statements, then proposing
>>>> solutions.
>>>> 
>>>> I think “systematic guidance to designers of new protocols”
>>>> is an ambitious goal.  It would be nice to have the goal
>>>> written in a way that it would be easier to make progress
>>>> against.   It can be difficult for an RG to make timely
>>>> progress, so from the point of view of the process and the IRTF
>>>> chairs and the RG chairs, it would be nice to have some more
>>>> modest or intermediary goals against which headway could be
>>>> made.
>>>> 
>>>> I would like to see a goal like “To stimulate and generate
>>>> research on network protocols and practices that minimize
>>>> impact on third parties” or something like that.
>>>>>> 
>>>>>> ## OUTPUTS The research group plans to create documents
>>>>>> that may include, but are not limited to, the following: 
>>>>>> Internet drafts, some of which may be published through
>>>>>> the IRTF RFC stream. These will include outline problem
>>>>>> statements, use cases, case studies and convey research
>>>>>> results. They will be written for use by other groups to
>>>>>> inform protocol design.
>>>> 
>>>> A nit: we also want drafts whose intended audience are just the
>>>> RG members.   Also, I think it best to say “design,
>>>> deployment, and use”.
>>>>>> Policy papers, for in-depth analysis and discussion of the
>>>>>> relationship between attack defence and the Internet
>>>>>> architecture and protocols. Research papers, containing
>>>>>> quantitative evidence of actual attacks and the success of
>>>>>> defence methods against them, as well as theoretical and
>>>>>> formal analyses of the implications of proposed protocols
>>>>>> on attack defence. Defence methods will be analyzed to
>>>>>> determine if there are ways to optimize in order to better
>>>>>> scale attack detection and mitigation. Survey of current
>>>>>> and historic IETF material to discover existing
>>>>>> deliberations on attack defence. Best practice papers,
>>>>>> describing methodologies that will enable researchers to
>>>>>> conduct experiments and report results that are useful to
>>>>>> designers of protocols. These methodologies will give
>>>>>> descriptions of the effects of protocols on attack defence
>>>>>> backed by evidence from real-world attacks,
>>>>>> laboratory-based testing and theoretical analysis of
>>>>>> protocols, through the analysis lens of attacks, detection
>>>>>> methods and systematic assessment methodologies.
>>>> 
>>>> It is not clear how the papers would relate to the drafts and
>>>> the RFCs.   It is probably best to say that the RG will invite
>>>> presentations and discussions of research, policy, and survey
>>>> papers published elsewhere.   That would help to bring
>>>> researchers and their results into the RG, while still allowing
>>>> them to publish in peer-reviewed venues.
>>>> 
>>>> I suggest having a goal like “Promoting communication between
>>>> the IETF community and the cyber threat defense community,
>>>> through discussions online and in regular meetings”.
>>>> 
>>>> 
>>>>>> Within the first year, the research group aims to: Survey
>>>>>> existing attack detection methods and determine
>>>>>> the relative effectiveness of these methods against
>>>>>> different attack defence threats (e.g. phishing, DDoS,
>>>>>> spambots, C&C, endpoint malware) Publish case studies of
>>>>>> historical attacks and make recommendations where attacks
>>>>>> could have been stopped more quickly, or even prevented 
>>>>>> Publish an Informational RFC, titled: "Important Attack
>>>>>> Defence Considerations for Protocol Design and
>>>>>> Deployment".
>>>>>> 
>>>>>> ## MEMBERSHIP Membership is open to any interested parties
>>>>>> who intend to remain current with the published documents
>>>>>> and mailing list issues. Wide participation from industry,
>>>>>> academia, government and non-profits is encouraged.
>>>> 
>>>> This is really good, thanks again for taking the initiative
>>>> with this.
>>>> 
>>>> Best regards,
>>>> 
>>>> David
>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> This information is exempt under the Freedom of Information
>>>>>> Act 2000 (FOIA) and may be exempt under other UK
>>>>>> information legislation. Refer any FOIA queries to
>>>>>> ncscinfoleg@ncsc.gov.uk <mailto:ncscinfoleg@ncsc.gov.uk>--
>>>>>>  Smart mailing list Smart@irtf.org <mailto:Smart@irtf.org> 
>>>>>> https://www.irtf.org/mailman/listinfo/smart
>>>>>> <https://www.irtf.org/mailman/listinfo/smart>
>>>> -- Smart mailing list Smart@irtf.org <mailto:Smart@irtf.org> 
>>>> https://www.irtf.org/mailman/listinfo/smart
>>>> <https://www.irtf.org/mailman/listinfo/smart>
>>> 
>>> 
>>> --
>>> 
>>> Best regards, Kathleen
>> -- Smart mailing list Smart@irtf.org 
>> https://www.irtf.org/mailman/listinfo/smart
> 
> 
> 
>