IETF Logo Mail Archive

Re: [Trans] The trans threat analysis document

Stephen Kent <stephentkent@gmail.com> Fri, 03 August 2018 18:44 UTC

Return-Path: <stephentkent@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3AB213109A for <trans@ietfa.amsl.com>; Fri, 3 Aug 2018 11:44:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyfPuyo7xeYz for <trans@ietfa.amsl.com>; Fri, 3 Aug 2018 11:44:05 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92E3B13109B for <trans@ietf.org>; Fri, 3 Aug 2018 11:44:05 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id t5-v6so7246637qtn.3 for <trans@ietf.org>; Fri, 03 Aug 2018 11:44:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=QqUedAYcvpG4hM+dRVEFgRDWMwuvsw5zZDsTPSAbSfs=; b=WHE7lcpzZ7Oo/aLqym0Lpalt3HH3+qZ0foNZrmxCheJgjRxpQ58jqYHbG/Va0YpLr1 sKI0dc5KCt5YD1SlfypE0TgQoV4JtKKS8yXLHHiqxV0S54qOU3aOrXGfcb0z+JxDqFiB kOQWWfZw74N8mUC6HxLZcwWQ0TBu6DVOYEdJXBXeO3g7WtfQRZYi1JlR/U2iqafCbWdW 9/8OPXQ4ngt6jUq6R7Fmggi3EVd8zcZ6cBoI16jsW3I0NV6s1QBkBY0Crv+guRkJJT/u eEnPi1+0r1xvXrAfQxQwxoM5VE+FT7A0GXt/MM8MI63Mwe/P8tDt7E5A9LaTm7hqdtOw K7rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=QqUedAYcvpG4hM+dRVEFgRDWMwuvsw5zZDsTPSAbSfs=; b=ZI74EN3cwDchXHDBkUyyyqmNsP32ABtiXgamY0wz86zCihmhIE09NsEllD7r2MiQQf 4r6nkbIq5P3K6dlVBXdjLFHHlrSq5TePoqbVaP/jSsMqDMmILYQDLMVMpCktwOsnNiA0 +QPhqv5xegvQnFvKGd883pWRxddCW5g6VlRCigska6e/kwl06IsiQvWp5+urL8v4ym53 HpjedextSgtPPNNzFwp/hplpAxWOBvHXQYfJUKhl90joNjiaGiYdCetBMgdBHC0JX23Z nDYeDzoW9m7nfEssPoXvSWp863H+lhcFkomr+y/bJ5LMsfovId82eevSG3IwfkIdVLt2 hWjw==
X-Gm-Message-State: AOUpUlGCZPX19QiqE/jGEUK/MmhmfffvQMzJfit4M0Q3cAJOsT19khYY krHMYwXZ/4Z3HGnCSYK21GJMkDD5
X-Google-Smtp-Source: AAOMgpdQxBiTn5y4tcS+uqqJ13iFfUYxqTS5nNSca+0nrLht1j4Z44XyXeNxXqgqDMOKqTFdwCix8w==
X-Received: by 2002:a0c:b39a:: with SMTP id t26-v6mr4484830qve.206.1533321844363; Fri, 03 Aug 2018 11:44:04 -0700 (PDT)
Received: from iMac-Study.fios-router.home (pool-72-74-32-219.bstnma.fios.verizon.net. [72.74.32.219]) by smtp.gmail.com with ESMTPSA id h6-v6sm1956119qtn.51.2018.08.03.11.44.03 for <trans@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Aug 2018 11:44:03 -0700 (PDT)
From: Stephen Kent <stephentkent@gmail.com>
To: trans@ietf.org
References: <f001cfa3-e0bc-7d38-a240-4e5164e290f0@gmail.com> <53C30786-DFBA-4E6E-8C14-8224470911A0@akamai.com>
Message-ID: <03d7a8c3-a574-c944-f4f2-115abeafabca@gmail.com>
Date: Fri, 03 Aug 2018 14:44:02 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <53C30786-DFBA-4E6E-8C14-8224470911A0@akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/XgupErwNtyrrc94sBUpIvdxLLJk>
Subject: Re: [Trans] The trans threat analysis document
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2018 18:44:08 -0000

The chair's message is a mis-characterization of the history and status 
of this document.

As the cognizant AD, Eric Rescorla  discussed the document status with 
the WG chairs early this year. Paul stated that that there were a two 
paragraphs in the version -12 text (in sections 3.4 and 3.5) that were 
sticking points for David Cooper. A telecon was arranged and took place 
on April 12.  The participants were Paul, David, Eric, Richard Barnes 
(acting as secretary) and me. The outcome of that telecon  was text, 
crafted by Richard, which was agreed to by all parties.  This text was 
incorporated into the next version (-13) of the document which was 
published later in April.

I assumed that were were done, but I was wrong. After this version was 
posted, David sent a large number (~29) of additional comments to the 
list. Thus Paul's assertion that there were only two paragraph that need 
to be changed to satisfy David was incorrect.
I made changes based on all but 6 or 7 of David's comments. Most of his 
comments were straightforward and I agreed that the requested changes 
were appropriate. I  posted a message detailing the changes and the 
rationale for not making changes for the remaining few comments. A new 
version (-14) was posted on May 29. I think the changes I made represent 
a good faith effort to address David's legitimate issues, especially 
since all of the telecon participants believed that we had already done 
so in April.

Ryan Sleevi and I began an exchange based on his comments, on version 
-14. Ryan argued that some of the text did not represent the intent of 
CT, or the practice of CT implementations, based on his experience as a 
developer. I countered that the analysis is based on 6962-bis, and if 
that text was not consistent with intent and practice, from his 
perspective, then the document should change. We agreed to table our 
discussion pending relevant changes to 6962-bis.

I believe there have been no changes to 6269-bis that are relevant to 
the points Ryan and I discussed, and thus no new version of the threat 
analysis is merited.

Steve

>      Hi, all:
>      
>      Paul and I discussed the status of the threat document and
>      agree that it is not appropriate for chairs to make changes
>      to the content of working group documents in the absence of
>      working group consensus.  We've been deadlocked on the
>      threat analysis document for several years now, and while
>      we would very much like for the parties who disagree to
>      find a compromise, and for the document to be published, it
>      does not weaken the protocol document if it is not.  So, if
>      the authors and those who have issues with the current text
>      cannot find some compromise text before the working group
>      shuts down, the document will not be published as a working
>      group document.  The authors, of course, are free to
>      pursue publication through alternative processes should they
>      continue to be unable to arrive at a compromise.
>      
>      Melinda

v2.23.0 | Report a Bug | By Email