The On Sep 30, 2008, at Sep 30, 20082:52 PM, <Pasi.Eronen at nokia.com> wrote:
Thomas, If I remember the history correctly, the IDRM and PERM BOFs were about DRM for copyright enforcement, or managing rights for entertainment content that is usually publicly available (to anyone who pays). As you point out, this is an area where several other organizations have also been active (not very successfully, some folks might say), and I don't think IETF work in this area would have much chances either. However, this BOF proposal is about managing rights for *confidential*information (inside an enterprise, or between cooperating enterprises); some folks are using the term "data-centric security" to mean somethingsimilar.This topic has received perhaps less attention (although e.g. MicrosoftOffice has related features), and there are some differences. Forexample, entertainment DRM often considers the user to be the adversary,but inside an enterprise, most users aren't actively trying to leak confidential information to competitors. Also, entertainment DRM is usually "break once, run anywhere", so if it works only 50% of time, it's useless -- but preventing 50% of information leaks could be worthwhile. Even this kind of "rights management" is a somewhat controversialtopic (especially if used outside enterprise scenarios), and personally,I have some doubts whether we at IETF have the right set of people (e.g., vendors, potential users, etc.) for this work (and it's not clear what "this work" even is). However, I think the topic is sufficiently different from entertainment DRM that it might succeed somewhere (even if it turns out IETF wasn't the right place). Unlike Paul (who replied to you already), I might even consider going to the bar BOF, if it happens and they have good beer :-) However, I want to clarify that the IETF is *not* proposing anything here -- a bar BOF is just individuals chatting over drinks. Best regards, Pasi-----Original Message----- From: ext Thomas Hardjono [mailto:thardjono at yahoo.com] Sent: 30 September, 2008 21:28 To: saag at ietf.org; secdir at mit.edu; Eronen Pasi (Nokia-NRC/Helsinki) Cc: Mark Baugher; thardjono at yahoo.com Subject: Re: [saag] Pasi's AD notes for September 2008 Pasi, Tim, Apologies for asking, but I was wondering about the proposed Content Rights Management (ie. DRM) BOF. More specifically, I was wondering if the IETF is now open to discussing such a "DRM standard". Back in 2001, Mark Baugher and myself went through two (2) BOFs proposing the creation of an IETF open standards for a DRM protocol. If my memory serves me right the presiding ADs was Steve Bellovin and Russ Housley. The specific protocol was called PERM, and the slides can be found here: http://hardjono.net/idrm/ At that time the outcry against this effort was deafening. I was arguing that it was better for the IETF to own such a protocol and made it it "open" (ie. not proprietary and no need to sign consortium legal paperwork). Since that time there has been a plethora of DRM related products and standards (eg. Apple, MSFT RM, OMA-download, CableLabs, 5C, etc, etc). In a sense, the IETF missed the boat on this one. Not that I'm unsupportive, but I was wondering what is motivating the IETF to propose such a BOF again at this time :) Thanks. Regards. /thomas/ --- On Tue, 9/30/08, Pasi.Eronen at nokia.com <Pasi.Eronen at nokia.com> wrote:From: Pasi.Eronen at nokia.com <Pasi.Eronen at nokia.com> Subject: [saag] Pasi's AD notes for September 2008 To: saag at ietf.org, secdir at mit.edu Date: Tuesday, September 30, 2008, 3:21 AM Hi all, Here's again a short status update about what things are going on from my point-of-view. If you notice anything that doesn't look right, let me know -- miscommunication and mix-ups do happen. Best regards, Pasi MISC NOTES - There have been two security-related BoF requests for IETF73: OAuth (in the applications area), and Content Rights Management (in the security area). For the latter, Tim and I have recommended having a bar BoF first. - SecDir mailing list is in the process of being moved from mit.edu to ietf.org servers. - I've spent some time this month on tools development and IESG process improvements -- nothing is ready yet, but hopefully soon.. WORKING GROUPS DKIM - draft-ietf-dkim-ssp: in Publication Requested, waiting for me to read it. - Waiting for WG to send list of RFC errata IDs the WG agrees on. EMU - draft-ietf-emu-gpsk: in AD Evaluation -- waiting for revised ID that reflects the new WG consensus on MAC length/key size issue before going to IETF last call (since 2008-08-25) - A liaison statement reply was sent to ITU-T SG 17 regarding X.1034, "Guidelines on EAP-based authentication and key management in a data communication network". - IESG appointed Joe Salowey as the designated expert for IANA allocation of EAP Type Codes - (not WG item) draft-arkko-eap-aka-kdf ís now in IETF Last Call IPSECME - Lots of emails that I need to read (but haven't done so yet) - (not wearing AD hat) I sent my "things that need to be looked at" list about IKEv2bis to the mailing list; I need to check that they got entered in the issue tracker, too. ISMS - It seems the discussion has largely converged; I'm waiting for revised IDs to read and review. KEYPROV - I sent more comments regarding PSKC; I need to read the replies and participate in discussion. - I need to review and comment DSKPP, too. SASL - I replied to Frank Ellermann's appeal about WG chairs' handling of draft-ietf-sasl-crammd5. - Waiting for charter update text from the chairs (>6 months) SYSLOG - draft-ietf-syslog-transport-tls: a revised version addressing Chris Newman's DISCUSS should be posted in a couple of days. - draft-ietf-syslog-sign: there has been a bunch of replies to my AD evaluation comments that I need to read and process, but I haven't done so yet. TLS - (not WG item) draft-rescorla-tls-suiteb is now in IETF Last Call. - (not WG item) draft-hajjeh-tls-identity-protection: IESG reviewed this independent submission to the RFC Editor, and recommended not publishing it. OTHER DOCUMENTS - draft-ietf-capwap-*: I've been working with Pat and others, and I think we're done (except that agreed text needs to be edited in, and some editorial nits fixed). - draft-ietf-avt-rtcpssm: no news; waiting for Joerg to explore "feedback debug" messages. - draft-santesson-digestbind: I read this and sent comments to Stefan. - PKCS #1/RFC 3447 update: waiting for James Randall to post an update including the various errata. - draft-mattsson-srtp-store-and-forward: I've promised to read this and send comments, but haven't done so yet. - draft-ietf-mpls-mpls-and-gmpls-security-framework: I've promised to read this once there's a new version. - "Security roadmap for routing protocols": I've promised to read and comment this once Gregory sends something. DISCUSSES (active -- something happened within last month) - draft-ietf-capwap-protocol-binding-ieee80211: text agreed, waiting for authors to submit a revised ID [since 2008-09-26] - draft-ietf-lemonade-msgevent: waiting for authors to submit a revised ID [since 2008-09-08] - draft-ietf-mip6-whyauthdataoption: waiting for authors to submit a revised ID [since 2008-09-08] - draft-ietf-mipshop-mstp-solution: the authors have replied to my comments; I need to read the replies [since 2008-09-26] - draft-ietf-nfsv4-rpcsec-gss-v2: waiting for authors to reply to my comments [since 2008-09-25] - draft-ietf-sieve-refuse-reject: waiting for authors to reply to my comments [since 2008-09-11] - draft-ietf-sipping-race-examples: waiting for document shepherd or Jon to comment the "Updates" issue [since 2008-09-26] - draft-ietf-v6ops-addcon: the changes in version -10 were sent to 6MAN WG for review; I'll clear once this has happened [expected to happen on 2008-10-01] - draft-mraihi-inch-thraud: version -07 addressed almost all of my comments; waiting for authors to send RFC Editor Note text fixing the IANA issue, too [since 2008-09-02] DISCUSSES (stalled -- I haven't heard anything from the authors or document shepherd for over one month) - draft-cain-post-inch-phishingextns: waiting for authors to reply to my comments or submit a revised ID [since 2008-08-28] - draft-cam-winget-eap-fast-provisioning: waiting for authors to reply to my comments or submit a revised ID [since 2008-08-28] - draft-hautakorpi-sipping-uri-list-handling-refused: text agreed, waiting for authors to submit a revised ID [since 2008-07-03] - draft-ietf-enum-experiences: talked briefly with Jon Peterson in Dublin -- waiting to hear more from the authors and/or Jon [since 2008-07-31] - draft-ietf-pce-pcep: new version -15 addressed some comments from other ADs; some discussions about my comments has occured; waiting for proposed text or revised ID [since 2008-06-16] - draft-ietf-pwe3-pw-atm-mib: waiting for authors to reply to my comments or submit a revised ID [since 2008-07-02] - draft-zhou-emu-fast-gtc: changes probably agreed, waiting for authors to submit a revised ID to see exact text [since 2008-08-28] DISCUSSES (presumed dead -- I haven't heard anything from the authors or document shepherd for over three months) - draft-ietf-bfd-base: waiting for authors to reply to my comments or submit a revised ID [since 2008-06-05] - draft-ietf-bfd-multihop: waiting for authors to reply to my comments or submit a revised ID [since 2008-06-05] - draft-ietf-bfd-v4v6-1hop: waiting for authors to reply to my comments or submit a revised ID [since 2008-06-05] - draft-ietf-shim6-proto: waiting for Erik to propose something to solve IPsec interaction issue [since 2008-06-18] - draft-ietf-simple-imdn: waiting for authors to reply to my comments or submit a revised ID [since 2008-05-14] - draft-ietf-sipping-sbc-funcs: new version (-06) addressed all comments except one; text agreed for the remaining one, waiting for RFC editor note or revised ID [since 2008-06-17] - draft-ietf-tsvwg-emergency-rsvp: this document has large number of discusses/abstains; waiting for Magnus to figure out next steps [since 2008-06-03] --end-- _______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag_______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag
_______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.