The group I had in mind was HTTPBIS.
Here is a snipit from a message from Mark Nottingham who is chair of the
HTTPBIS working group today:
The wild card in all of this is draft-farrell-perpass-attack. If that
document gains IETF consensus, we'll need to demonstrate that we've at least
considered pervasive monitoring as a threat, and can explain why we have
taken the approach we have.
In my opinion, that is PRECISELY what needs to happen. WGs should "show
their work" that they have conscientiously considered the matter of
pervasive monitoring. A more generalized form of the above text in the
document would be very helpful.
Yes - this is what I had in mind as well. Some text about this would be useful
in my opinion, too.
And Stephen comes up with a suggestion:
Working groups and other sources of IETF specifications
need to be able to describe how they have considered
pervasive monitoring, and if the attack is relevant to
their work, to be able to justify related design
decisions.
This does not mean that a new "pervasive monitoring
considerations" is required in Internet-drafts or
other documentation - it simply means that, if asked,
there needs to be a good answer to the question "is
pervasive monitoring relevant to this work and if so
how has it been addressed?"
This would work for me.
Jari