From nobody Thu Jul 30 11:35:46 2015 Return-Path: X-Original-To: ghost@ietfa.amsl.com Delivered-To: ghost@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DE31B2E3A for ; Thu, 30 Jul 2015 11:35:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9EQnQ_-mpSR for ; Thu, 30 Jul 2015 11:35:43 -0700 (PDT) Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) by ietfa.amsl.com (Postfix) with ESMTP id 91DAC1B2A17 for ; Thu, 30 Jul 2015 11:35:43 -0700 (PDT) X-TM-IMSS-Message-ID: Received: from MSHT-GH1-UEA01.corp.nsa.gov (msht-gh1-uea01.corp.nsa.gov [10.215.227.18]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id cd06d2fd0001acaf ; Thu, 30 Jul 2015 14:41:20 -0400 Received: from MSMR-GH1-UEA01.corp.nsa.gov (10.215.225.4) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.347.0; Thu, 30 Jul 2015 14:35:40 -0400 Received: from MSMR-GH1-UEA02.corp.nsa.gov ([10.215.227.180]) by MSMR-GH1-UEA01.corp.nsa.gov ([10.215.225.4]) with mapi id 14.02.0347.000; Thu, 30 Jul 2015 14:35:39 -0400 From: "Boyle, Vincent M" To: "'ghost@ietf.org'" Thread-Topic: This could be really useful Thread-Index: AdDK9hRGqMVWtfCqRCCIB8Wb64Evig== Date: Thu, 30 Jul 2015 18:35:38 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.224.46] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [Ghost] This could be really useful X-BeenThere: ghost@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Mailing list for GatHering and reOrganizing STandards information \(GHOST\) team" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2015 18:35:45 -0000 Hi Everybody, I saw the announcement and subscribed. I like the idea of an organized repo= sitory for practical information on standards. While the focus of the Googl= e doc is on developers, I'd like to offer another perspective, that of the = user. I participate in an effort to select standards for a large, enterpris= e network (the US DoD). The goal is to promote interoperability across the = network by enforcing the use of selected standards by all major programs th= at use that network. Specifically, I'm a member of the Information Assuranc= e (i.e. security) working group of the effort. Three times a year we meet t= o review portions of the standards registry and vote on retaining those sta= ndards or replacing them with newer ones.=20 The information that is being proposed for inclusion in the ghost repositor= y is exactly the information that we research and discuss prior to voting. = We want to choose standards that offer state of the art security, but they = need to be implementable (and actually implemented in products). In that ve= in, I was happy to see that there would be information on which standards s= eem to be on the upswing. If we can document actual implementation in some= way that is fair and accurate (not easily gamed by people with proprietary= interests), that would be great! I'll chime in later; just wanted to put in a nudge to the user community to= support this. Mike Boyle From nobody Fri Jul 31 21:10:35 2015 Return-Path: X-Original-To: ghost@ietfa.amsl.com Delivered-To: ghost@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA75A1B2A63 for ; Fri, 31 Jul 2015 21:10:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.321 X-Spam-Level: * X-Spam-Status: No, score=1.321 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55ACCesbm0p3 for ; Fri, 31 Jul 2015 21:10:33 -0700 (PDT) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFC9C1B2A62 for ; Fri, 31 Jul 2015 21:10:32 -0700 (PDT) Received: by wibxm9 with SMTP id xm9so56452414wib.0 for ; Fri, 31 Jul 2015 21:10:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=a6r9Zf0YCalkZ7QL3kP2n6aayPf0sEb88iCfXlTy6RQ=; b=v9CpP1Xh9RwkVHuux3rwsEQXzzYrceEnX+tkWZeAp3PF/Pbzw1qTHEpV4J+f25r4w0 DeyFsmFWXPkPrucMaHZrkUi18nNGpkE8l45dEjUX2lD8Kh4r0ysH1UFU68A59N+3JW8n EQVEjNlyzKiLa5wMinmh1gdboiozoNm6WOVLE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=a6r9Zf0YCalkZ7QL3kP2n6aayPf0sEb88iCfXlTy6RQ=; b=XBs83GPg1ONgUuSRvD3plg+PXOLh86EvjhC50++m1mX08lv3lb02DS8ccbvJ9mbZoL 4llCb0snIluBX296F4QNaJdGiw6L+nraBQBSNNNwZMcn+aH68uogPjzTDcoN+3pq49pa fzugGqXmtwIk9v4YIMjZgxE2SCLGa4P0UWFyslDuG1mYU1f7skJrplWDV5C2n64Uf6Dm A7urSIXPzaWDuh086CBenxRJ+7UdGZOjxIwYDgXONFkCBRdbAFCSFdmM3JwKfziKRRos FuMB4gU3NWKGAU1LL+bILR0Ttk4yvhNCQ4s9/kpGw4SWwkeL3hRpMnQ6kT61bqRUYBRq tZMQ== X-Gm-Message-State: ALoCoQnAB/D42OHjgyi9gaPQ9x6iRFFBxhoGC4mxVGfNrLXmM6/uVznE5IRXM5IvCoe2Vj6HSW2w X-Received: by 10.180.8.68 with SMTP id p4mr13324853wia.27.1438402231297; Fri, 31 Jul 2015 21:10:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.174.67 with HTTP; Fri, 31 Jul 2015 21:10:11 -0700 (PDT) In-Reply-To: References: From: Tom Ritter Date: Fri, 31 Jul 2015 23:10:11 -0500 Message-ID: To: "Boyle, Vincent M" Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: "ghost@ietf.org" Subject: [Ghost] This could be really useful X-BeenThere: ghost@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Mailing list for GatHering and reOrganizing STandards information \(GHOST\) team" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Aug 2015 04:10:33 -0000 On Jul 30, 2015 1:35 PM, "Boyle, Vincent M" wrote: > If we can document actual implementation in some way that is fair and > accurate (not easily gamed by people with proprietary interests), that > would be great! Test suites would go a long way towards documenting implementation status, and promoting interoperable bug-free implementations. I dream of a day where we have a full, open source test suite for (say) TLS that operates at the TCP layer. It attempts to talk various flavors of correct and incorrect TLS with a client or server, and makes sure the other responds when it should and doesn't when it shouldn't. We can hope vendors will use it... but the next step is actually to push it towards the organizations doing the purchasing. "Let me run this test suite against your product. Turns out it has a bug with CBC Padding, chokes on extensions it doesn't understand, and is intolerant if you try to negotiate a higher, unknown protocol version. Go fix those bugs, show me the patch, and I'll buy." -tom