ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-13 07:04:53
from [Stephen Farrell] [Permanent Link] 

Hi Eliot,

On 12/13/2013 12:34 PM, Eliot Lear wrote:

An update.

I wrote:


Well actually there is confusion about this, which is in part why 
there is a debate.  We've already seen one working group chair 
expecting the IESG to take actions on documents based on this 
statement of principle.  And so some care is therefore required.


The group I had in mind was HTTPBIS.

Here is a snipit from a message from Mark Nottingham who is chair of
the HTTPBIS working group today:


The wild card in all of this is draft-farrell-perpass-attack. If
that document gains IETF consensus, we'll need to demonstrate that
we've at least considered pervasive monitoring as a threat, and can
explain why we have taken the approach we have.


In my opinion, that is PRECISELY what needs to happen.  WGs should
"show their work" that they have conscientiously considered the
matter of pervasive monitoring.  A more generalized form of the above
text in the document would be very helpful.


I've no problem with that, since I agree Mark's mail captures
what we do want to happen as a result of this BCP. (I also
thought his first mail did, but whatever.)

Anyway, how's this for a suggestion, say placed somewhere near
the end of section 2:

   Working groups and other sources of IETF specifications
   need to be able to describe how they have considered
   pervasive monitoring, and if the attack is relevant to
   their work, to be able to justify related design
   decisions.

   This does not mean that a new "pervasive monitoring
   considerations" is required in Internet-drafts or
   other documentation - it simply means that, if asked,
   there needs to be a good answer to the question "is
   pervasive monitoring relevant to this work and if so
   how has it been addressed?"

I don't think we want to force everyone to write up why
pervasive monitoring is or isn't relevant to their work
but getting a good answer if the question is asked should
be the expectation. That could be in meeting minutes, mail
discussions or in drafts or writeups if that's what a WG
want to do. In other cases it'll be clear that the attack
just isn't relevant at all and the question shouldn't even
be asked, e.g. for many codepoint allocations.

I'd be happy to see better suggested wording as well,
Cheers,
S.






Eliot
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Eliot Lear
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Eliot Lear
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Eliot Lear
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Eliot Lear
Indexes:  [Date] [Thread] [Top] [All Lists]