Re: [Uta] How can we help app developers and operators FIND the UTA go-to security guides?

Watson Ladd <watsonbladd@gmail.com> Mon, 24 February 2014 16:20 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 454A21A0193 for <uta@ietfa.amsl.com>; Mon, 24 Feb 2014 08:20:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Es4vDvKKJe0X for <uta@ietfa.amsl.com>; Mon, 24 Feb 2014 08:20:31 -0800 (PST)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id D52F51A017D for <uta@ietf.org>; Mon, 24 Feb 2014 08:20:30 -0800 (PST)
Received: by mail-yh0-f45.google.com with SMTP id i57so5412199yha.4 for <uta@ietf.org>; Mon, 24 Feb 2014 08:20:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iQiu3B7hcRCU+x5M0SpqIxwO3qf4VQ4a+vtzFaeA4qY=; b=FhC+CizEYaGctZxdXUO4voJCMLRRQYwjkbee4H8Qpt08yUT0+UjMForym19QOYfh23 pk7HFzUkLkVVpZmW6EADMEHGouJgk+jD7/ToXTMmjrDiUeHlIZVVDN02JlSjOTdf2Ocd Rx2rbnQwBMKiStuE35y1lHHtiYyzwJqCIZDbHTLvw/w1sb+oiTYjce3yIEv5AgKmaWUd tCSxUpq3s89nBRX3bhdmg20ZHshT1eX+jEFwV0wuhiHnR/fmy4BjCY5MU1EUTC0m63iD xCcZtOF8P2Oio60dZ46sOB0NHbAI1wYGFsWLRfo4mz7ejO93bLeQ1YeAS9OFmwwYg2bm nKfw==
MIME-Version: 1.0
X-Received: by 10.236.88.179 with SMTP id a39mr30777658yhf.83.1393258830026; Mon, 24 Feb 2014 08:20:30 -0800 (PST)
Received: by 10.170.92.85 with HTTP; Mon, 24 Feb 2014 08:20:29 -0800 (PST)
In-Reply-To: <CF30CE8E.649CD%york@isoc.org>
References: <53076722.4020209@cisco.com> <CF30CE8E.649CD%york@isoc.org>
Date: Mon, 24 Feb 2014 08:20:29 -0800
Message-ID: <CACsn0cmCSVZ2=OApkUcDO024DhAGxNoJax8+t_fYWvzr1T2yxg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dan York <york@isoc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/JTsXpOv-HBDlcGyMg_sX3sQdN7M
Cc: "uta@ietf.org" <uta@ietf.org>, Alexey Melnikov <alexey.melnikov@isode.com>, "Orit Levin (LCA)" <oritl@microsoft.com>, Matt Miller <mamille2@cisco.com>
Subject: Re: [Uta] How can we help app developers and operators FIND the UTA go-to security guides?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 16:20:37 -0000

On Mon, Feb 24, 2014 at 8:01 AM, Dan York <york@isoc.org> wrote:
> Orit, Matt and Alexey,
>
>
> On 2/21/14 9:48 AM, "Matt Miller" <mamille2@cisco.com> wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA512
>>
>>On 2/21/14, 3:27 AM, Alexey Melnikov wrote:
>>>
>>> On 21 Feb 2014, at 00:37, "Orit Levin (LCA)" <oritl@microsoft.com
>>> <mailto:oritl@microsoft.com>> wrote:
>>>
>>>> Dan,
>>>>
>>>> I do think that it would be helpful to include UTA in "Deploy360"
>>>> to help spread the word and bring additional knowledgeable
>>>> parties to the table.
>>>>
>>>
>>> Sounds like a good idea to me.
>>>
>>
>>+100
>
> Thanks for the positive feedback... I'll make this happen in the next day
> or so in order to get some advance publicity out there so that we can
> maybe have more people joining the lists and/or tuning in to the UTA
> session remotely.
>
> I'd note again that while we can certainly help get the word out through
> the Deploy360 portal and social media properties, I think this is a
> broader issue that we as a group do need to think about as we get further
> down the path toward publication.  Once we get these go-to security guides
> published as RFCs, how can we help people find them?  (In other words, I
> think it will take more than just one website promoting them.)  Obviously,
> the focus now needs to be on creating the documents and getting the
> documents ready for publishing.

You mean other than having them live as RFCs? I think at some level
those who care will know, and those who don't care, even if they do
know, won't do it. People respond to incentives: advertising can't
change those incentives, and so it's hard to change behavior that way.
But make PCI compliance require one of them, and watch people jump.

Sincerely,
Watson Ladd

>
> See you in London,
> Dan
>
> --
> Dan York
> Senior Content Strategist, Internet Society
> york@isoc.org <mailto:york@isoc.org>   +1-802-735-1624
> Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org>
> Skype: danyork   http://twitter.com/danyork
>
> http://www.internetsociety.org/deploy360/
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin