IETF Logo Mail Archive

Re: [Trans] Fw: Re: WGLC started for draft-ietf-trans-threat-analysis

Stephen Kent <s@zerho.info> Thu, 24 May 2018 16:06 UTC

Return-Path: <s@zerho.info>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132771270A0 for <trans@ietfa.amsl.com>; Thu, 24 May 2018 09:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zerho.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7uykoYTM2bTZ for <trans@ietfa.amsl.com>; Thu, 24 May 2018 09:06:22 -0700 (PDT)
Received: from mail2.protonmail.ch (mail2.protonmail.ch [185.70.40.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04520127076 for <trans@ietf.org>; Thu, 24 May 2018 09:06:22 -0700 (PDT)
Date: Thu, 24 May 2018 12:06:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zerho.info; s=protonmail; t=1527177976; bh=HQGp+phTAkSiBI3czlUNMl3l5qBAZVliFQvFQLiKShs=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=kiuYFcgTqrPRgcnMw5s17EpG3flSZSOlzu7ZhGvcSHsTW+3TYQU1E10m0UNd9Rf5f Id3TtbEk2QLEO3TUiOqoQzjkqMYCotGXm5REpkHO/d4IYlNvtvXUYjeQ5wV/DnHHN1 3iTTo+hbPXwRufZVRkZII7RCjvawxGJvBoSSO8Wo=
To: Ryan Sleevi <ryan-ietf@sleevi.com>
From: Stephen Kent <s@zerho.info>
Cc: Trans <trans@ietf.org>
Reply-To: Stephen Kent <s@zerho.info>
Message-ID: <2Ica2DYr4iF9TQ8wdE0SxrQYdbHaNBU99lylLuK9TREE27gE7ZPg7oe-Iyoi0PN211UOtD2wtIGQ7tub8C3R-BHd4uDc7pIHJ27PpOExvr4=@zerho.info>
In-Reply-To: <CAErg=HFGA_3+vDAV2gtvZBmx9fMfwQB+1UDRPCALDfubgEkyTA@mail.gmail.com>
References: <alpine.LRH.2.21.1804161658150.17034@bofh.nohats.ca> <20180507122941.300b69582fa3acdb52b625af@andrewayer.name> <alhGtNm005X-hBR82niHi9RpJoLosgZF8ah8HC4qLzFX0PPStVGSTbgJtP-zrg1u8vgfb_IiQ70ANuRua2kjRf4zwutQHVRo3pE2PCgZfHo=@zerho.info> <CAErg=HH7XM=a3fyYeSLnGA+C1iYrZT6VRPdpMfJw-JVqUirjEA@mail.gmail.com> <yqGvHLiIFLQmYLTXEs2HOxQ9pP5_634xn8j11yFHd0kTzP0CrgQpvrOuunpLVTDMJTjSohfMkruNfl_-8buytZkxqrko2I__1Vqe5dJ4mx4=@zerho.info> <CAErg=HFChT=PZJXJXXMrObE_R7C6JUtoTVWVHSJ_1qFHbYGopA@mail.gmail.com> <H6YU269er4XOfoCJXCreRcvJxuC9Q-t3qoygTBrLpkQqnQCDou75SAXhM1S0UomT1VGphqB6L5hyEln3qfoA8RTozgAwzL0HW7AWjsqndiY=@zerho.info> <z_TIgNyWjgjV4k6G4deE0fHezpEeWD0UIwdPv1xJuQ1z2wLPVcgDPfogcAMW0bThJuuvI7S9H02au_l293RUfSmfZ7pnGyRxI_DHGCNe0gA=@zerho.info> <CAErg=HFGA_3+vDAV2gtvZBmx9fMfwQB+1UDRPCALDfubgEkyTA@mail.gmail.com>
Feedback-ID: J6dPlme6glBGJLMEtGsaqJPE6vPDBSW6lOheJXLXjEWBxgn8P1CEZKbZGc4D01YOct3XeTXymnV_hlw9t4YeHg==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_c00f57003d5c4dd368b95efaef56a0d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/lW5ZhfW5nxCTnygA3x4garQZwRE>
Subject: Re: [Trans] Fw: Re: WGLC started for draft-ietf-trans-threat-analysis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 16:06:25 -0000

Ryan,

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On May 21, 2018 2:40 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote:

> Thanks for the replies, Stephen.
>
> Given the disagreements in interpretation and application of 6962-bis, it sounds like this document should not progress until we've resolved those matters in 6962-bis. Does that sound like a reasonable path forward?

Yes, but I will post a new version of the threat doc with all of the changes I promised to make in my replies to David and Andrew.

> I don't feel comfortable that this document describes the running code, and I'm hesitant to believe we'll get rough consensus because of it, so that might be a worthwhile path forward here.

Unfortunately, 6962-bis completed WGLC over 6 months ago, so it had the consensus of the WG at that time, as determined by the chairs.

> Given the issues Andrew has pointed out, which I'm largely agreeing with or contextualizing, would you feel comfortable proposing changes to 6962-bis on areas you feel it disagrees with the feedback, or is that something that you would feel more confident if Andrew and I do? If they are accepted, would you feel comfortable making these changes to the threat document?

I proposed numerous changes to 6962-bis over a several year interval. A few were adopted but many were not, e.g., the definition of the Monitor function. 6962-bis never defined mis--issuance, not does it provide a concise characterization of the broad purpose of CT. I included these things in the threat analysis (and in some docs that were not adopted by the WG). If 6962-bis were revised to address these omissions, the threat analysis doc would be revised accordingly. But, you need to get the WG chairs and the cognizant AD (EKR) to agree to make such changes to 6962-bis at this very late stage.

> As it stands, I don't feel like the threat document is reflective of intent or practice, and that leaves me a bit concerned about its general utility for future readers.

The analyses in the threat doc are based primarily on what 6962-bis says re how CT will operate. Intent is not clearly stated in several areas and, from what you and Rob have said, it may not reflect practice either. But, those issues are for the authors of 6962-bis to address, not me.

Steve

v2.23.0 | Report a Bug | By Email