ietf
[Top] [All Lists]

Re: what is a threat analysis?

2005-08-16 08:26:19
Ned Freed wrote:
>> Brian E Carpenter wrote:
>> > Michael, you've had some quite concrete responses which I hope
>> > have clarified things, but I really want to say that making
>> > Internet protocols secure isn't a hoop jumping exercise; it's
>> > more like a survival requirement, and has been for ten years
>> > at least.
>
>
>> Where did I say that?
>
>
> Of course you didn't, and the implication that you did say that was
> nothing but
> a strawman, a tactic I'm sad to say often seems to crop up in
> discussions on
> the IETF list.

Excuse *me* but Mike's note that I was responding to said (in part):

> So, if this is going to be yet another hoop that the IESG and IAB
> sends working groups through like problem statements, requirements
> documents and the like, I think it ought to be incumbent on
> those people demanding such things to actually both agree and
> document what it is that they are demanding.

He explicitly raised the question of hoop jumping, which for me at
least carries a strong implication of pointlessness. That's what
I was responding to.

It carries no such connotation for me. www.dictionary.com says the phrase means
"To undergo a rigorous trial or examination." Encarta says it means "to go to
extreme lengths to gain favor with somebody or to carry out somebody's wishes
(informal)". Nothing "pointless" in either definition as far as i can see.

But let's assume that's what Mike meant. So what? It doesn't change the thrust
of his argument in any way, which was and is that there are a variety of ways a
threat analysis can written in this space and we're not sure which one of these
is needed.

More recently he said:

> Do you seriously think you could write a "threat analysis"
> given the definition in 2828?

which reads
   "$ threat analysis
        (I) An analysis of the probability of occurrences and consequences
        of damaging actions to a system."

As a glossary definition, that seems admirably clear.

I disagree and think as definitions go it is pretty poor, but let's assume for
the moment it is clear. Again, so what? It's still just a definition, not a
guide for how to write these things. Are you seriously going to claim that this
is all you need to know to write a threat analysis? You say below that getting
these things right is difficult. And in another part of this thread we have
people asserting that some amount of training is needed to write the things.

For a complex case,
I'd expect to ask some experts for help in determining the type of
threats to be considered in particular. And I would study 3552 carefully,
warts and all. But the bottom line is that this is hard work to get
right - compare the Security Considerations of RFC 3056 with RFC 3964
for example.

All the more reason for those in charge to be quite specific about what it is
they're after, which still hasn't happened. All we get is more fixation on the
words Mike happened to use in one message rather than responding to his issue
with the lack of clarity in what's being asked for.

You really need to start looking at the points people are trying to make rather
than focusing on the words people happen to choose make them. Not everything is
an attack on some dearly-held IETF principle or other, you know.

                                Ned

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



<Prev in Thread] Current Thread [Next in Thread>