Re: [saag] RFC3552bis...
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 30 October 2016 21:45 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 154041294B3 for <saag@ietfa.amsl.com>; Sun, 30 Oct 2016 14:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.798
X-Spam-Level:
X-Spam-Status: No, score=-5.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLG3MvXU7yb7 for <saag@ietfa.amsl.com>; Sun, 30 Oct 2016 14:44:59 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BE071293FF for <saag@ietf.org>; Sun, 30 Oct 2016 14:44:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B2E7ABE2E for <saag@ietf.org>; Sun, 30 Oct 2016 21:44:57 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdx_q4XleiGA for <saag@ietf.org>; Sun, 30 Oct 2016 21:44:56 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CC5F6BE2C for <saag@ietf.org>; Sun, 30 Oct 2016 21:44:55 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1477863896; bh=HlYsf8WiFN+5+uY8TIfEvC82pPck8KWfnD3+FQa8GS0=; h=Subject:To:References:From:Date:In-Reply-To:From; b=w9z6OQV04ZqH1I3yR34aA0Jzx+J1kSnmUy1CeKsbbWimQgYZOEYkjsaWA3z642c8q /e4ixw2KKJ/oZFBUuVYkFkXJUPARRNcYxVfhMYqZfaR8D7Q9XnXohRKyHQrZ5F0SD1 8a0086ROcKeSxvhuWn2DfrxXcLM6k80TCbuFdu1U=
To: "saag@ietf.org" <saag@ietf.org>
References: <5774E4E3.2030605@cs.tcd.ie>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <6db56d3a-2ef6-44f8-ed81-a2d49cf4cfc5@cs.tcd.ie>
Date: Sun, 30 Oct 2016 21:44:56 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <5774E4E3.2030605@cs.tcd.ie>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060706060303000201050907"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_rG9d7suvTSzjEjFNDAlc5DJ4ng>
Subject: Re: [saag] RFC3552bis...
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Oct 2016 21:45:01 -0000
Folks, Another call for comments/suggestions on this. The editors have produced a -00 [1] for you to beat up on, so I'd be very happy to see us all doing more of that. Cheers, S. [1] https://github.com/IETF-SAAG/RFC3552bis On 30/06/16 10:22, Stephen Farrell wrote: > > Hiya, > > RFC3552/BCP72 [1] is about to become a teenager:-) For those > of you that don't know it by heart, that's the one that tells > folks what to put into their security considerations sections > and it dates back to July 2003. > > Following on from discussion at saag in B-A, partly driven by > the work Fernando and others have done on identifiers, but also > other chats going back to the STRINT workshop, Kathleen and I > have discussed what to do about all that and having re-read the > text we reckon that now would be a good time to start work on > an RFC3552bis document to replace the current one. > > In outline, we think the main tasks there we'd like to see happen > would be to a) update numerous things that are out of date, b) add > text about things that weren't so important in 2003, such as privacy, > perhaps borrowing bits from RFC6973 [2] that make sense as BCP-like > statements, and c) to make it as understandable and easy to grasp > as possible and ideally a good bit shorter. > > Having figured out what we'd like, and being lazy ADs, we needed > some other folks to do the actual work so we asked Yoav Nir and > Magnus Westerlund (both cc'd) and we're delighted to say that > they've agreed to be editors for this effort. (Thanks again to > you both.) > > The overall plan then is roughly to:- > > - Kick off discussion now on the saag list (this mail) > - Get folks' feedback on changes they'd like (if that gets > too voluminous we'll start a new list) > - Have a short slot at the saag session in Berlin where the > editors can review the plan and get more feedback/comments > - The editors will send some mail about tooling (e.g. if > they want to use github, they'll say that etc.) > - The editors will produce a -00 and we'll iterate on that > until done > - A more substantive discussion of remaining open issues > in November at IETF97 if needed, (which we suspect will > be needed:-) > - Hopefully we end up ready for IETF LC around the end of > the year or early in 2017. > - We have what'll quite probably be a fun IETF LC:-) > - Mid-2017: BCP72 will become the new RFC. > > So please do re-read [1,2] and send your comments on what you > think needs changing to this list and/or the editors and/or to > Kathleen or I as appropriate. > > Cheers, > S&K. > > [1] https://tools.ietf.org/html/bcp72 > [2] https://tools.ietf.org/html/rfc6973 > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- Re: [saag] [Privsec-program] RFC3552bis... Christian Huitema
- Re: [saag] [Privsec-program] RFC3552bis... Stephen Kent
- Re: [saag] RFC3552bis... Alissa Cooper
- Re: [saag] [Privsec-program] RFC3552bis... Randy Bush
- Re: [saag] [Privsec-program] RFC3552bis... Eliot Lear
- Re: [saag] [Privsec-program] RFC3552bis... Benjamin Kaduk
- Re: [saag] [Privsec-program] RFC3552bis... Watson Ladd
- Re: [saag] [Privsec-program] RFC3552bis... Christian Huitema
- Re: [saag] [Privsec-program] RFC3552bis... Fernando Gont
- Re: [saag] [Privsec-program] RFC3552bis... Stephen Farrell
- Re: [saag] [Privsec-program] RFC3552bis... Stephen Farrell
- Re: [saag] RFC3552bis... Fernando Gont
- [saag] RFC3552bis... Stephen Farrell
- Re: [saag] [Privsec-program] RFC3552bis... Fernando Gont
- Re: [saag] [Privsec-program] RFC3552bis... Programa STIC
- Re: [saag] [Privsec-program] RFC3552bis... Stephen Kent
- Re: [saag] RFC3552bis... Stephen Farrell