I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.
Let's not continue the trend to having a WG design team prior to having a WG.
perpass is not a WG, and draft-farrell-perpass-attack is not an adopted WG item.
I mean, it's incomplete, and it's circumventing what process we have.
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Michael Richardson
[mcr(_at_)sandelman(_dot_)ca]
Sent: 02 January 2014 05:02
To: IETF Discussion
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive
Monitoring is an Attack) to Best Current Practice
Melinda Shore <melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
>>> I'm sorry, but when we get to the point where we need to point to an
>>> RFC to stop progress on a document that has obvious vulnerabilities,
>>> our brains have fallen out.
>>
>> This is counterfactual. We used to routinely handwave about security.
> We still routinely handwave about security. It's an afterthought in
> entirely too many cases. Drafts are adopted by working groups while
> still having security considerations sections that consist in their
> entirety of "TBD." 3552's impacts have been, I think, on how documents
> are reviewed more than on how documents are developed.
I don't disagree that we still handwave.
I want to address the second part of the above statement.
I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.
Let's not continue the trend to having a WG design team prior to having a WG.
One of the *KEY* things that a too well baked draft coming in to a WG messes
up is fixing the security issues; from ambiguous and arbitrarily different
encodings, to assumptions about what "Use IPsec" might mean.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [