In the Threat Analysis discussions I have been struck by the
difference in clarity and apparent consensus on the issues that
pertain to the core functions, versus those that pertain to the
"policy" functions.
[...]
All of this suggests that de-coupling the TA for the core
functionality, from that of the policy-related enhancements, will be
necessary if we are to stay on schedule.
I think that that may turn out to be the case, but I'd rather
see the next revision and work from there.
Having not talked with Stephen about this, I'll say that I see no
problem with making a reasonable effort at documenting policy-related
threats, knowing that it may change and not allowing it to get in the
way of the schedule... and then updating the document later, after
we've done the policy work. It could turn out that the best way to
have a thorough Threat Analysis document in the end is to obsolete
(yes, yes, "make obsolescent") the early version.
Barry
--
Barry Leiba, Pervasive Computing Technology
(leiba(_at_)watson(_dot_)ibm(_dot_)com)
http://www.research.ibm.com/people/l/leiba
http://www.research.ibm.com/spam
_______________________________________________
ietf-dkim mailing list
http://dkim.org