I wanted to draw your attention on this last call:
The IESG has received a request from an individual submitter to consider
the following document:
- 'Pervasive Monitoring is an Attack'
<draft-farrell-perpass-attack-02.txt> as Best Current Practice
http://datatracker.ietf.org/doc/draft-farrell-perpass-attack/
It is a short read and important, so please comment. The last call ends in four
weeks and covers holiday time, but we'll deal with this document on the January
9th telechat in the IESG, so in practice there should be enough time to comment.
I would like to see this document as a high-level policy we have on dealing
with this particular type of vulnerabilities in the Internet. A little bit like
RFC 3365 "Danvers Doctrine" was on weak vs. strong security. Please remember
that the details and tradeoffs for specific solutions are for our WGs to
consider and not spelled out here. The draft does say "where possible" - I do
not want to give the impression that our technology can either fully prevent
all vulnerabilities or do it in all situations. There are obviously aspects
that do not relate to communications security (like access to content by your
peer) and there are many practical considerations that may not make it possible
to provide additional privacy protection even when we are talking about the
communications part. But I do believe we need to consider these vulnerabilities
and do our best.
Jari