Dhruv, we're looking forward to watching you rotate.
", "time": "2023-11-07T14:33:03Z"}, {"author": "Dhruv Dhody", "text": "Ha ha
", "time": "2023-11-07T14:36:24Z"}, {"author": "Pete Resnick", "text": "Peter's dressed rather snappy today!
", "time": "2023-11-07T14:39:26Z"}, {"author": "Nick Doty", "text": "when you say \"we\" have access to the documents and \"we\" can comment, who at the IETF has those capabilities?
", "time": "2023-11-07T14:43:04Z"}, {"author": "Mirja K\u00fchlewind", "text": "I can address that on the mic
", "time": "2023-11-07T14:44:29Z"}, {"author": "Nick Doty", "text": "thanks!
", "time": "2023-11-07T14:44:50Z"}, {"author": "Nick Doty", "text": "and is the process the same for submitting comments? do the comments also have to remain secret?
", "time": "2023-11-07T14:48:47Z"}, {"author": "Alexey Melnikov", "text": "IANA designated experts (e.g. for media types) sometimes get special access to ISO documents. Very similar to what Peter talked about.
", "time": "2023-11-07T14:49:09Z"}, {"author": "John Klensin", "text": "That is essentiallu correct. The liaison (manager) can feed comments into the system, either as an individual or on behalf of the relevant body (the IETF or IAB in this case). And exposing other comments in the balloting process is essentially the same as making working documents documents available.
", "time": "2023-11-07T14:52:20Z"}, {"author": "Mirja K\u00fchlewind", "text": "thanks!
", "time": "2023-11-07T14:52:39Z"}, {"author": "Nick Doty", "text": "would we have to keep the comments we submit to an ISO working group secret as well? would those comments be something we discuss on a mailing list, or could we quote a draft of an ISO standard in order to comment on it?
", "time": "2023-11-07T14:53:39Z"}, {"author": "Andrew Campling", "text": "Anyone interest in outreach generally may find the EODIR session on Friday morning useful - 8:30-9:30, Palmovka 1-2
", "time": "2023-11-07T14:55:08Z"}, {"author": "Stephen Farrell", "text": "65 trillion what?
", "time": "2023-11-07T14:58:11Z"}, {"author": "Phillip Hallam-Baker", "text": "The only real difference between nation state actors and criminal actors is the kill chain is shorter for nation states. Both use the same tools to penetrate machines, extract data, perform DoS attacks etc. But criminal gangs also have to make money and so they have to convert the information they steal into cash, usually through BitCoin
", "time": "2023-11-07T14:58:58Z"}, {"author": "Jiankang Yao", "text": "ISO documents are not free, are not open to access. So it is not easy to give a comment.
", "time": "2023-11-07T14:59:25Z"}, {"author": "Antoine Fressancourt", "text": "please fix the securiy level of the slide deck. It is not confidential
", "time": "2023-11-07T15:03:29Z"}, {"author": "Samuel Weiler", "text": "way too many (small) words --> not very effective visual aids.
", "time": "2023-11-07T15:07:15Z"}, {"author": "Alexey Melnikov", "text": "Not enough of Microsoft representation, especially in ART area
", "time": "2023-11-07T15:22:13Z"}, {"author": "Phillip Hallam-Baker", "text": "Might not get to my question so I will enter it here: What is being done on securing data at rest. By which I mean encrypting Word and PowerPoint documents under an open infrastructure.
\nMost breaches are of data at rest and most of the data breached is in Office document formats. Password encryption isn\u2019t usable, the password gets sent in the email with the file attachment.
", "time": "2023-11-07T15:24:40Z"}, {"author": "Mallory Knodel", "text": "Sounding like we need to worry about end points more hmm
", "time": "2023-11-07T15:30:53Z"}, {"author": "Lixia Zhang", "text": "fully agree with Phillip on securing data at rest. It seems to be one challenge is the associated crypto key management needed to support this. Today's tools are for securing (transient) connections; securing data directly requires a different set of solutions in crypto management.
", "time": "2023-11-07T15:32:38Z"}, {"author": "avri doria", "text": "wonderful presentation.
", "time": "2023-11-07T15:32:58Z"}, {"author": "Hafiz Farooq", "text": "@Phillip Hallam-Baker I believe all measures for data at rest will always fall short of the requirements. It's actually the accountability and enforcement which can improve cyber security (like law and order). IP Addressing needs to be replaced with personal unique identifiers, so attacker is well known to everybody and could be dealt by law. Otherwise we will keep encrypting every bit available in the world.
", "time": "2023-11-07T15:34:09Z"}, {"author": "Adam Burns", "text": "perhaps we are all the end-points. ;/
", "time": "2023-11-07T15:34:14Z"}, {"author": "Arnaud Taddei", "text": "Would have extended on Philip, Wes, Andrew but too back I was locked out
", "time": "2023-11-07T15:34:28Z"}, {"author": "John Klensin", "text": "@Nick: First, try to move away from vocabulary like \"secret\" -- it betrays a bias and makes a cooperative relationship more difficult. ISO has two main motivations in those rules. One is, as Peter mentioned, that they draw a non-trivial portion of their support from sale of standards. The other is tied to a problem the IETF has tried to solve in an entirely different way. That is to discourage people from going off and implementing half (or less) -baked ideas, deploying those implementations widely, and then claiming the final standard has to be constrained by those implementations and/or complaining when it it is different from whatever they did. Our approach historically relied on three (and then two) maturity levels -- IIR, my very first task when I became an AD, assigned by the IETF Chair, was to explain to a large corporation that their implementing and deploying an unpublished Proposed Standard was not a great idea and consequences of changes were was their problem, not the IETF's -- and on the distinction between Internet-Drafts and RFCs. Things have changed, but I'd claim that neither has worked very well. ISO's version is to treat working documents and input on them as restricted to those actively participating in the work. ... More sometime, before they shut the chat down....
", "time": "2023-11-07T15:34:29Z"}]