IETF Logo Mail Archive

Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt

Bret Jordan <jordan.ietf@gmail.com> Sun, 14 July 2019 16:31 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0AA1200C5 for <smart@ietfa.amsl.com>; Sun, 14 Jul 2019 09:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OltneCZtR0hw for <smart@ietfa.amsl.com>; Sun, 14 Jul 2019 09:30:59 -0700 (PDT)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E70C120273 for <smart@irtf.org>; Sun, 14 Jul 2019 09:30:59 -0700 (PDT)
Received: by mail-pg1-x530.google.com with SMTP id u17so6583653pgi.6 for <smart@irtf.org>; Sun, 14 Jul 2019 09:30:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=A6KaB+0FeELJ+g8S4mzLNBIXqTuFBYrE0A/xi0O1cxQ=; b=pXv5zImpmFU+TOCiBy28NdsDKih7CqeZcsHFMD/6cEGHx6zyj299ttX4Y2qclHMfe4 2x2uR5pftjJSxSZP04cVoAlOUsectRCtNPQWjx9yhTgRDIOJHFjjiCnw1pX+lpkkbMdP 7cjzUQUz7rgiV47c4sCwAIHDfbIBiZyqGBZiHVYjsNRYbI0PVIVomGYT9DVDftpWbPG0 8h5M/BW/IKoqBs0sqXTgbjbm1mxABDUnzTtFUOVjfjtjqmwbvRuRCASka69V4KnqSp4w YJcmRHPpRi56sg6NMFrllIdScfO8TAqLQ8JrT9SeT7rWPJpsJXRuW7z9yfo4Mke0Dpdm lnCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=A6KaB+0FeELJ+g8S4mzLNBIXqTuFBYrE0A/xi0O1cxQ=; b=OX13CMjW5KVhePyVLwrEzG264Y30Bs431tWfhJFcwoKWUCbX5lKyztA2isb4dIIzXA KxNWsWuA32/x4GzINSJ3+dCF5L94tLC4hKKIdrZNtp+F5j3BGz+cPx44L1Mp+60GoghK lv3MgNn1ZzLX+9D2BbDrqg6AkOms/1sEMnaQqYAaml8P+Dk6+XE5mCrO3iWTuEX/YXYZ oJzJCVAoGwkLA4aK9lEoFp8rf5z4jg6HHG8xkj7Uh+RoyhmQKMuNTqrs81KO3wpBwa51 hdetonoNRl599Bodp4bWXL4VM+l+nGbboFDWGoVapu4ftE8xEIzubDg11Ve8K0X9moPT zrtw==
X-Gm-Message-State: APjAAAUeCsPxqtRxDa8dZPVlqFE9ma6qIslncJJOrmRBVvGxQNpW0RlR FtGDIhO3WIOJTKu6muMJKq4=
X-Google-Smtp-Source: APXvYqzdkSd04SuumSvxqe7VCzG6AOSv0yqNmau17lcxYLMe02kbVYEdiBOtH7GbJJn9TqOOB6ouuw==
X-Received: by 2002:a17:90a:1b4c:: with SMTP id q70mr23692397pjq.69.1563121858616; Sun, 14 Jul 2019 09:30:58 -0700 (PDT)
Received: from ?IPv6:2605:a601:a990:4d00:98b:bcc4:5aa6:8504? ([2605:a601:a990:4d00:98b:bcc4:5aa6:8504]) by smtp.gmail.com with ESMTPSA id j12sm4305511pff.4.2019.07.14.09.30.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jul 2019 09:30:57 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-40EF9A22-193A-445E-987E-23C7497B9B72"
Mime-Version: 1.0 (1.0)
From: Bret Jordan <jordan.ietf@gmail.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <9683DFBC-1816-4C0A-8D8A-4CE36318C72C@cisco.com>
Date: Sun, 14 Jul 2019 10:30:56 -0600
Cc: Melinda Shore <melinda.shore@nomountain.net>, secdispatch@ietf.org, smart@irtf.org
Content-Transfer-Encoding: 7bit
Message-Id: <64343552-264A-4777-B561-54AFF8C9C710@gmail.com>
References: <0A8948DB-F97C-4F68-9173-7E627FB5019C@lastpresslabel.com> <4B10655B-8753-4B10-ACC9-16D7F78AD9F9@gmail.com> <CAMm+Lwh3KW6ZBbMktwmLcKyY8=_ysLYJF_7MsAuiOat6baQ=Kg@mail.gmail.com> <B551EF79-7E6E-4C4E-ADCA-6538F7972222@gmail.com> <CAMm+Lwg+2RFiXK43nJv7pD3OgM8y=ziVYxBkXD3F2kJyz37SxQ@mail.gmail.com> <50E59504-CA00-4792-AA72-FC08051E2486@gmail.com> <CAHbuEH5WUv-a4nKt5YAZosO-vE773Jh3xn1+-hA=4J7RBERc3g@mail.gmail.com> <45cc67f6-3dd4-9788-29e5-4cc82471e6ee@nomountain.net> <9683DFBC-1816-4C0A-8D8A-4CE36318C72C@cisco.com>
To: Eliot Lear <lear@cisco.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/z_-SyNN3yJqwYId5mnemTvuETSk>
Subject: Re: [Smart] [Secdispatch] New Version Notification for draft-lazanski-smart-users-internet-00.txt
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2019 16:31:02 -0000

I personally think the biggest value at this stage is awareness and discussion.  So I would love to see this continue as a regular update item for sec dispatch.  I would also love to see regular and multiple side meetings.  I would also love to see SMART get officially chartered. 

I fully understand and get that we in the IETF generally focus on on-the-wire protocols.  However, I think we can design better and more secure solutions once we more completely understand the entire security pie.  Understanding operational security requirements and regulatory compliance requirements is critical for the success of the solutions we create here in the IETF.


Bret 

Sent from my Commodore 128D

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

> On Jul 14, 2019, at 4:56 AM, Eliot Lear <lear@cisco.com> wrote:
> 
> Hi Melinda,
> 
>> We
>> typically deal with wireline protocols and their support
>> structures, and I'm hoping that as the discussions progress
>> people can be clear about what they'd like to see from the
>> IETF.
> 
> I think you’re primarily referring to leaky user databases here.  I agree with you that we cannot fix organizations’ bad internal code with a wireline protocol.  However, to exploit the vulnerability, the attack had to come from somewhere.  We already have one mechanism to address profiling with IoT that manufacturers can use to keep their systems from being exploited as BoTs.  The next question is whether we should be promoting or improving other mechanisms to provide people at home and elsewhere more visibility in terms of what their general purpose computing devices are doing.  I’m thinking of PCP in particular.  And while there may be more we can do, there may also be some limitations relating not only to privacy but also economics of web services.
> 
> What I like about Dominique’s draft is that it gets us thinking in those directions (or at least it did me).
> 
>> 
>> I do think that some of this may be appropriate for opsec,
>> as well, or at least should be called to their attention.
> 
> Or an RG or a side meeting.  It would be fun to continue the discussion.
> 
> Eliot
> 
>> 
>> Melinda
>> 
>> --
>> Melinda Shore
>> melinda.shore@nomountain.net
>> 
>> Software longa, hardware brevis
>> 
>> 
>> 
> 
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch

v2.23.0 | Report a Bug | By Email