Re: [Smart] Draft Charter For SMART Proposed RG

Suresh Ramasubramanian <> Fri, 28 September 2018 23:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62970130DFC for <>; Fri, 28 Sep 2018 16:55:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S0pHGb1JYOMm for <>; Fri, 28 Sep 2018 16:55:46 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EEDCB130DBE for <>; Fri, 28 Sep 2018 16:55:45 -0700 (PDT)
Received: by with SMTP id b129-v6so5482033pga.13 for <>; Fri, 28 Sep 2018 16:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j7OrSOx8jkIjK3p6VkJeZDpC3VqEdWKu4P9bMe1SY2w=; b=stlqzFN5oz4xAz6lUtxkqUrbVy55ngGN9OYx9NHfhEPbcNOKEA2/3HfY0QSJkW+vMR FlUX14EmEOE0t2RxA7xRfq/S+UYc0ZUl7QI8kOtgDw1XDTWuMao8SKIGXFTvuB4f6lSr X7AwNqBkXbZrjKia8PD8vv+VT4mSQ1sq0sa2eoqWCaencmPI8OLxBnQxbSnue8Si9cf/ WX3TU8iMXFEtzAZK85osgHYJADp18ZDFgLRJ3508qLOrnHQT8BojZyOj73CC0Q8/8Uo+ tybnzoMRG/GiWuqcrW61wScudDwaKtjl3H66XW7yEihk7PKqkkoM7QV2MQB0gLZHyNjr JsKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j7OrSOx8jkIjK3p6VkJeZDpC3VqEdWKu4P9bMe1SY2w=; b=qlOEJu1ZTH34I8wfnPzfrfUbzggW0+1oNiE8yQKBzDPxAYHeyipSSHsnC+b4VM7JFx e14BHQe6VX1MSY8Gxd8beUcsd62tk6cjwcGXfYrdfjSVuodSIlZEUHWt2ZDpHTq2ktQj O8WiG+wa0Ldb8tZLV1XmUnQamXJksdvoDf60ssribDzVwmSavFDV3di/0Brlw27smPQj MNiuNrMSs3zPpj8QPCcfY+2xFV3zAwRjczspsc6UBMFHM71FC7Q+VLxxBA7dPYCkTSNN R32eJ428efW8eXRGs7oPOQHOj5N+Wv2bEXx0gHbRryat0xdd97sd6aU56+z8QauQe2xW 61Zw==
X-Gm-Message-State: ABuFfohpoYYkapjm6aDW/sQiD0+GXAN6buS745SfLEg11YeIYgYxTsP+ y6vf/Q1IOAYTYmVdGCTMZmbwoKAL
X-Google-Smtp-Source: ACcGV63ytNBh/IUbXJ+Ge0KCxDYp54aGwk07YZR666cpDeoUp7iRmhmUmdqfOJkCzcYBaaqnXl/AFQ==
X-Received: by 2002:a17:902:a618:: with SMTP id u24-v6mr818401plq.77.1538178944675; Fri, 28 Sep 2018 16:55:44 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id y85-v6sm11170801pfa.170.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Sep 2018 16:55:42 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Suresh Ramasubramanian <>
X-Mailer: iPhone Mail (16B5059d)
In-Reply-To: <>
Date: Sat, 29 Sep 2018 05:25:40 +0530
Cc: Stephen Farrell <>, "" <>, Kathleen Moriarty <>, "David McGrew (mcgrew)" <>, "" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <MMXP123MB0847E55749751AA12D26DBFAD7150@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM> <> <> <> <> <> <> <>
To: Bret Jordan <>
Archived-At: <>
Subject: Re: [Smart] Draft Charter For SMART Proposed RG
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Sep 2018 23:55:48 -0000

May I suggest that this nomenclature discussion be tabled and we go on to examine previous work in this area first so that no wheels are reinvented?  

Or first start with a useful summary of such work and existing approaches?

We already have products in the market from cisco and others that deal with this at a network level examining alternatives to DPI - either look at traffic metadata to fingerprint badness or decrypt and re encrypt data on the fly are two common approaches.

Malware and any other kind of online crime investigation and forensics gets that much harder with bad guys having just as much as or better access to strong encryption and the data anonymization that GDPR provides.

What else?


> On 29-Sep-2018, at 4:29 AM, Bret Jordan <> wrote:
> I respectfully disagree that cyber security is a widely-abused marketing term.  I do agree with you that the “Cloud”, “Hybrid-Cloud” etc are just fancy marketing terms..  If we need to sharpen our pencils to provide some definitions, then lets not argue about it, lets just do it. From my stance, Data Security, Information Security and Cyber Security are very different