ietf
[Top] [All Lists]

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-01 23:02:26

Melinda Shore <melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
    >>> I'm sorry, but when we get to the point where we need to point to an
    >>> RFC to stop progress on a document that has obvious vulnerabilities,
    >>> our brains have fallen out.
    >>
    >> This is counterfactual.  We used to routinely handwave about security.

    > We still routinely handwave about security.  It's an afterthought in
    > entirely too many cases.  Drafts are adopted by working groups while
    > still having security considerations sections that consist in their
    > entirety of "TBD."  3552's impacts have been, I think, on how documents
    > are reviewed more than on how documents are developed.

I don't disagree that we still handwave.
I want to address the second part of the above statement.

I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.

Let's not continue the trend to having a WG design team prior to having a WG.

One of the *KEY* things that a too well baked draft coming in to a WG messes
up is fixing the security issues; from ambiguous and arbitrarily different
encodings, to assumptions about what "Use IPsec" might mean.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr(_at_)sandelman(_dot_)ca  http://www.sandelman.ca/        |   ruby on 
rails    [




<Prev in Thread] Current Thread [Next in Thread>