On Sat, Dec 14, 2013 at 7:23 AM, Jari Arkko
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:
In my opinion, that is PRECISELY what needs to happen. WGs should "show
their work" that they have conscientiously considered the matter of
pervasive monitoring. A more generalized form of the above text in the
document would be very helpful.
Yes - this is what I had in mind as well. Some text about this would be
useful in my opinion, too.
And Stephen comes up with a suggestion:
Working groups and other sources of IETF specifications
need to be able to describe how they have considered
pervasive monitoring, and if the attack is relevant to
their work, to be able to justify related design
decisions.
This does not mean that a new "pervasive monitoring
considerations" is required in Internet-drafts or
other documentation - it simply means that, if asked,
there needs to be a good answer to the question "is
pervasive monitoring relevant to this work and if so
how has it been addressed?"
This would work for me.
Jari
In that first paragraph, I would prefer to say "privacy" rather than
"pervasive monitoring". Vulnerability to pervasive monitoring is just
one way in which privacy problems show themselves. It shouldn't be the
only angle from which the problems are viewed.
Scott