ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-12 04:32:05
from [t.p.] [Permanent Link] 
Jari

I am wondering what the role of the IAB is in this.  Statements of
policy such as this I have seen previously from the IAB, as in the
RFC2804 that has just been referenced.  Whereas the IETF produces the
engineering, such as TLS or IPsec, which is rather different in nature.
Does the IAB approve or disapprove of this?  Why isn't it involved?

And when I look at the IAB website, I am bemused.  The IAB is calling
for papers for a conference on this precise topic, to be held in three
months, by which time you want this I-D to be signed, sealed and
delivered.  So that the IAB can wave it at all participants and say
'Discussion over'?  Or what?

It seems to me that this I-D is an ideal candidate to be presented and
discussed at the conference after which, the IAB can produced a
carefully considered document.

Tom Petch

----- Original Message -----
From: "Jari Arkko" <jari(_dot_)arkko(_at_)piuha(_dot_)net>
To: <ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, December 04, 2013 4:45 AM


I wanted to draw your attention on this last call:


The IESG has received a request from an individual submitter to

consider

the following document:
- 'Pervasive Monitoring is an Attack'
 <draft-farrell-perpass-attack-02.txt> as Best Current Practice

http://datatracker.ietf.org/doc/draft-farrell-perpass-attack/



It is a short read and important, so please comment. The last call ends
in four weeks and covers holiday time, but we'll deal with this document
on the January 9th telechat in the IESG, so in practice there should be
enough time to comment.

I would like to see this document as a high-level policy we have on
dealing with this particular type of vulnerabilities in the Internet. A
little bit like RFC 3365 "Danvers Doctrine" was on weak vs. strong
security. Please remember that the details and tradeoffs for specific
solutions are for our WGs to consider and not spelled out here. The
draft does say "where possible" - I do not want to give the impression
that our technology can either fully prevent all vulnerabilities or do
it in all situations. There are obviously aspects that do not relate to
communications security (like access to content by your peer) and there
are many practical considerations that may not make it possible to
provide additional privacy protection even when we are talking about the
communications part. But I do believe we need to consider these
vulnerabilities and do our best.

Jari
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Questions to https experts, t.p.
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Stewart Bryant
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Mark Nottingham
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Jari Arkko
Indexes:  [Date] [Thread] [Top] [All Lists]