I agree, The Security and Risk Analysis is major looks at how to redesign
systems that are secure, how to measure risk, and how ensure that proper levels
of privacy are maintained for individual users. Remember that security is a
process, not a
product. not all security and privacy are resolved technically, without
forgeting that User is Weak node of chain.
HSTS , TLS ,HTTPS FTPS or NSS / GnuTLS / OpenSSL . can break the IETF
web site old tools. but provide levels of privacy and security .
The delivery and maintenance team is responsible for on-going updating and
monitoring, including security measures for access control and information
confidentiality. when there are mechanisms in place to establish
privacy and trust .
Serrhini Mohammed
Sun, 6 Apr 2014 23:30:11 +0000 от Christian Huitema
<huitema(_at_)microsoft(_dot_)com>:
I agree with those who've said a threat analysis is needed before
deciding access is limited to TLS or other secure alternative.
But we have that threat analysis, and the recommended mitigation is precisely
"encrypt everything." The "pervasive monitoring" threat is analyzed by a
number of perpass drafts, and Stephen has merely followed the conclusions of
that analysis. There is no need to repeat that analysis for each and every
tool that the IETF produces, and there is indeed a need for the IETF as a
whole to "lead by example."
-- Christian Huitema
С уважением,
mohammed serrhini
serrhini(_at_)mail(_dot_)ru