ietf
[Top] [All Lists]

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-01 22:32:04
On 02/01/2014 16:27, Dave Crocker wrote:
On 1/1/2014 7:11 PM, Ted Lemon wrote:
We used to routinely handwave about security.   We've gotten better
about that.   RFC3552 is why.


No it's not.

It's useful, but had nothing at all to do with the strategic change.
That came much earlier and was the result of policy changes in IESG
requirements on specs.

Yes. As I mentioned in Vancouver, it was RFC 2316 that stated an aspiration
and RFC 3365 that set technical requirements (whereas 3352 set writing
requirements; I should have mentioned that too). Surely the present draft
is only trying to state the aspiration - there's a lot more work to do before
the rest is ready to publish.

    Brian


The real lesson from that was the remarkably vague and obstructionist
process that took place for years, until we started getting concrete.

The RFC is the result of that realization.  In other words, it's not
that it enabled less handwaving but that the realization we needed to
stop handwaving that enabled it.

Note that the current draft lacks any specificity and, therefore, leaves
us with a similar vagueness as we used to have about security
considerations.

To repeat from earlier:  the draft's goal and the draft are worthy for
pursuit, but we are currently clueless about how to apply it.

Clueless.

d/


<Prev in Thread] Current Thread [Next in Thread>