ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-01 21:29:50
from [Dave Crocker] [Permanent Link] 
On 1/1/2014 7:11 PM, Ted Lemon wrote:

We used to routinely handwave about security.   We've gotten better about that. 
  RFC3552 is why.



No it's not.
It's useful, but had nothing at all to do with the strategic change. That came much earlier and was the result of policy changes in IESG requirements on specs.
The real lesson from that was the remarkably vague and obstructionist process that took place for years, until we started getting concrete.
The RFC is the result of that realization. In other words, it's not that it enabled less handwaving but that the realization we needed to stop handwaving that enabled it.
Note that the current draft lacks any specificity and, therefore, leaves us with a similar vagueness as we used to have about security considerations.
To repeat from earlier: the draft's goal and the draft are worthy for pursuit, but we are currently clueless about how to apply it. 

Clueless.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Ted Lemon
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Melinda Shore
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Ted Lemon
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Brian E Carpenter
Indexes:  [Date] [Thread] [Top] [All Lists]