ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Editorial thoughts on draft-farrell-perpass-attack-02

2013-12-16 10:11:32
from [Dearlove, Christopher (UK)] [Permanent Link] 
ISO 27000 (Information technology - Security techniques - Information security 
management systems - Overview and vocabulary)
defines both terms, and differently:

2.4
attack
attempt to destroy, expose, alter, disable, steal or gain unauthorized access 
to or make unauthorized use of
an asset (2.3)

2.45
threat
potential cause of an unwanted incident, which may result in harm to a system 
or organization

-- 
Christopher Dearlove
Senior Principal Engineer, Communications Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 |  Fax: +44 1245 242124
chris(_dot_)dearlove(_at_)baesystems(_dot_)com | http://www.baesystems.com

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, 
Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687


-----Original Message-----
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Dave Crocker
Sent: 15 December 2013 18:18
To: Jari Arkko; Scott Brim
Cc: Ted Hardie; Bjoern Hoehrmann; IETF discussion list
Subject: Re: Editorial thoughts on draft-farrell-perpass-attack-02

----------------------! WARNING ! ---------------------- This message 
originates from outside our organisation, either from an external partner or 
from the internet.
Consider carefully whether you should click on any links, open any attachments 
or reply.
Follow the 'Report Suspicious Emails' link on IT matters for instructions on 
reporting suspicious email messages.
--------------------------------------------------------

On 12/15/2013 10:07 AM, Jari Arkko wrote:

FWIW when I have talked about this issue, I've usually talked about the fact 
that Internet has a vulnerability for pervasive monitoring and that we need 
to address that vulnerability just like we do with other vulnerabilities. (To 
our ability, just like with the other vulnerabilities.) "Threat" would work 
well for me, too.


+1

Within the IETF, I'm used to hearing security folk talk in terms of 'threats', 
so the word 'attack' was a bit of a surprise.

It's worth using language that is already common in the IETF, and is as 
boringly neutral as we can get away with.  (In most of the world, the word 
'threat' wouldn't be considered neutral, of course, but within technical 
security discussions, it seems to be.)

As others keep noting, within the IETF, our job is to focus on the technical 
issues of this topic.  That means we should avoid anything that excites 
opportunities for those other issues.  They're relevant, of course, but not in 
the IETF.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Stephen Farrell
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Sam Hartman
Previous by Thread:  Re: Editorial thoughts on draft-farrell-perpass-attack-02, Dave Crocker
Next by Thread:  Re: Editorial thoughts on draft-farrell-perpass-attack-02, Stephen Kent
Indexes:  [Date] [Thread] [Top] [All Lists]