On 12/13/2013 6:34 AM, Eliot Lear wrote:
An update.
I wrote:
Here is a snipit from a message from Mark Nottingham who is chair of the
HTTPBIS working group today:
The wild card in all of this is draft-farrell-perpass-attack. If that document
gains IETF consensus, we'll need to demonstrate that we've at least considered
pervasive monitoring as a threat, and can explain why we have taken the
approach we have.
In my opinion, that is PRECISELY what needs to happen. WGs should "show
their work" that they have conscientiously considered the matter of
pervasive monitoring. A more generalized form of the above text in the
document would be very helpful.
Eliot, thanks for putting the thought into these words.
I've run into people expressing concerns about whether publishing
draft-farrell-perpass-attack will obstruct documents that are currently
in working groups.
My answer would be that whether working groups might be asked to "show
their work" has much more to do with our increased awareness of the
practice of pervasive monitoring than whether, and in what form, this
document in Last Call is published.
Anyone with an e-mail account, Jabber ID or microphone can ask "but what
about pervasive monitoring?" and no BCP is required.
draft-farrell-perpass-attack is only a short-hand answer to use, if
someone answers that question with another question, like "why should we
be worried about pervasive monitoring?" Reality trumps formalism.
IMO.
Spencer, speaking without a hat, or even a bandana ...