From nobody Mon Aug 3 05:37:58 2015 Return-Path: X-Original-To: ghost@ietfa.amsl.com Delivered-To: ghost@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A5B1A90DE for ; Mon, 3 Aug 2015 05:37:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.701 X-Spam-Level: X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VlSMTYtbog8T for ; Mon, 3 Aug 2015 05:37:54 -0700 (PDT) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E5471A90D5 for ; Mon, 3 Aug 2015 05:37:54 -0700 (PDT) Received: by wicgj17 with SMTP id gj17so103441315wic.1 for ; Mon, 03 Aug 2015 05:37:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rxTEkQkX6jAmVqgLbyTZX17W7T3kIai4Af7noXVOtac=; b=SyKJw5NmMYSAvrQlfhIiW6wb/kGClGaXZ7/U5jwm9mrc2mTQurZzrd9FmleDY4KakX IZ5yPoZzd9um/L5mWRGt3wN79qxFaI+n6eRtL4XeI2X/cXQts41lpc5a2MaesS2Gx3JZ T7jv/2tInOHhz5NjySbbKK4nIH3mf5Nvpz3Y0/HukSyqWGXMPaTCS2mycJU/GEfaSybN V8al1YCi1Tlqrs1AWaTYXuMW8M6DBHryJiVrGS1fA3W8b6/aGPEN+xjKW+WOIuQhYYKC Iw7rp/n+xJI0up9sgq0CA11ddDbxV88h+AMb+WJZr6OGJABSOx0mbT3M2okFjrla+WLZ KR9g== MIME-Version: 1.0 X-Received: by 10.180.100.2 with SMTP id eu2mr31348197wib.90.1438605473054; Mon, 03 Aug 2015 05:37:53 -0700 (PDT) Received: by 10.28.0.67 with HTTP; Mon, 3 Aug 2015 05:37:52 -0700 (PDT) In-Reply-To: References: Date: Mon, 3 Aug 2015 08:37:52 -0400 Message-ID: From: Kathleen Moriarty To: Tom Ritter Content-Type: multipart/alternative; boundary=f46d044283d4318602051c6770d1 Archived-At: Cc: "Boyle, Vincent M" , "ghost@ietf.org" Subject: Re: [Ghost] This could be really useful X-BeenThere: ghost@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Mailing list for GatHering and reOrganizing STandards information \(GHOST\) team" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2015 12:37:56 -0000 --f46d044283d4318602051c6770d1 Content-Type: text/plain; charset=UTF-8 Thanks for starting the conversation. When we first started talking about this, it was not meant to be a repository, but rather a connection of links and an easier way to find options for a particular problem (authentication, etc.). As such, we thought through a proposed structure outlined in a google doc. The structure is just proposed and reviews and comments to the list would be very helpful to see if we can work towards an agreed structure. Here is the link, please do post reviews and comment either on list or in the google doc. If you comment in the Google doc describing the structure, please let the list know as not all will be notified. https://docs.google.com/document/d/1VR4eR0mZohJ1vWy3dpyHg-w56qm4KjQG06V9TyNqP70/edit# Thank you, Kathleen On Sat, Aug 1, 2015 at 12:10 AM, Tom Ritter wrote: > On Jul 30, 2015 1:35 PM, "Boyle, Vincent M" wrote: > > If we can document actual implementation in some way that is fair and > > accurate (not easily gamed by people with proprietary interests), that > > would be great! > > Test suites would go a long way towards documenting implementation > status, and promoting interoperable bug-free implementations. I dream > of a day where we have a full, open source test suite for (say) TLS > that operates at the TCP layer. It attempts to talk various flavors of > correct and incorrect TLS with a client or server, and makes sure the > other responds when it should and doesn't when it shouldn't. > > We can hope vendors will use it... but the next step is actually to > push it towards the organizations doing the purchasing. "Let me run > this test suite against your product. Turns out it has a bug with CBC > Padding, chokes on extensions it doesn't understand, and is intolerant > if you try to negotiate a higher, unknown protocol version. Go fix > those bugs, show me the patch, and I'll buy." > > -tom > > _______________________________________________ > GHOST mailing list > GHOST@ietf.org > https://www.ietf.org/mailman/listinfo/ghost > -- Best regards, Kathleen --f46d044283d4318602051c6770d1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks for starting the conversation.=C2=A0 When we first = started talking about this, it was not meant to be a repository, but rather= a connection of links and an easier way to find options for a particular p= roblem (authentication, etc.).=C2=A0 As such, we thought through a proposed= structure outlined in a google doc.

The structure is ju= st proposed and reviews and comments to the list would be very helpful to s= ee if we can work towards an agreed structure.

Her= e is the link, please do post reviews and comment either on list or in the = google doc.=C2=A0 If you comment in the Google doc describing the structure= , please let the list know as not all will be notified.

On Sat, Aug 1, 2015 at 12:10 AM, Tom Ritter <tom@ritter.= vg> wrote:
On Jul 30, 2015 1:35 PM, "Boyle, Vincent M" <vmboyle@nsa.gov> wrote:
> If we can=C2=A0 document actual implementation in some way that is fai= r and
> accurate (not easily gamed by people with proprietary interests), that=
> would be great!

Test suites would go a long way towards documenting implementation status, and promoting interoperable bug-free implementations. I dream
of a day where we have a full, open source test suite for (say) TLS
that operates at the TCP layer. It attempts to talk various flavors of
correct and incorrect TLS with a client or server, and makes sure the
other responds when it should and doesn't when it shouldn't.

We can hope vendors will use it... but the next step is actually to
push it towards the organizations doing the purchasing.=C2=A0 "Let me = run
this test suite against your product.=C2=A0 Turns out it has a bug with CBC=
Padding, chokes on extensions it doesn't understand, and is intolerant<= br> if you try to negotiate a higher, unknown protocol version.=C2=A0 Go fix those bugs, show me the patch, and I'll buy."

-tom

_______________________________________________
GHOST mailing list
GHOST@ietf.org
https://www.ietf.org/mailman/listinfo/ghost



--
=

Best regards,
Kathleen
--f46d044283d4318602051c6770d1-- From nobody Tue Aug 11 11:05:30 2015 Return-Path: X-Original-To: ghost@ietfa.amsl.com Delivered-To: ghost@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76DF41ACE67 for ; Tue, 11 Aug 2015 11:05:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vo8yvWLD_Qga for ; Tue, 11 Aug 2015 11:05:26 -0700 (PDT) Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) by ietfa.amsl.com (Postfix) with ESMTP id 423F11ACE61 for ; Tue, 11 Aug 2015 11:05:26 -0700 (PDT) X-TM-IMSS-Message-ID: <0ab6feb200041d0d@nsa.gov> Received: from MSHT-GH1-UEA02.corp.nsa.gov (msht-gh1-uea02.corp.nsa.gov [10.215.227.181]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 0ab6feb200041d0d ; Tue, 11 Aug 2015 14:10:40 -0400 Received: from MSMR-GH1-UEA04.corp.nsa.gov (10.215.228.141) by MSHT-GH1-UEA02.corp.nsa.gov (10.215.227.181) with Microsoft SMTP Server (TLS) id 14.2.347.0; Tue, 11 Aug 2015 14:05:24 -0400 Received: from MSMR-GH1-UEA02.corp.nsa.gov ([10.215.227.180]) by MSMR-GH1-UEA04.corp.nsa.gov ([10.215.228.141]) with mapi id 14.02.0347.000; Tue, 11 Aug 2015 14:05:24 -0400 From: "Boyle, Vincent M" To: "'ghost@ietf.org'" Thread-Topic: Proposed Structure for Organizing Standards Information Thread-Index: AdDUXcxXhzNIWmXZT0+Nzz8oLTVF3g== Date: Tue, 11 Aug 2015 18:05:23 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.254.27] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [Ghost] Proposed Structure for Organizing Standards Information X-BeenThere: ghost@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Mailing list for GatHering and reOrganizing STandards information \(GHOST\) team" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 18:05:29 -0000 I read the Google doc again this morning. I like the idea of a short introd= uction to each topic and then moving on to specific situations (use cases a= nd device types; maybe deployment scenarios as well, such as how big is the= set of things that have to authenticate to each other, or how will keys be= provisioned). In general, I like the idea of quickly getting to specifics = and providing pointers to appropriate standards. I'm wondering if we need to work through the Authentication example a bit. = Maybe create a part of the matrix (no attempt to be complete) and then see = how we would handle things from there. I think even concentrating on a spec= ific scenario (signed email) could be enlightening, considering the differe= nces when you're all part of an enterprise vs. a community with no central = authority. If it would help, I'd be happy to join a phone call to discuss. Otherwise,= maybe somebody more adept than me could create a small example to foster d= iscussion. Mike Boyle