ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-01 23:07:49
from [l.wood] [Permanent Link] 
I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.

Let's not continue the trend to having a WG design team prior to having a WG.


perpass is not a WG, and draft-farrell-perpass-attack is not an adopted WG item.

I mean, it's incomplete, and it's circumventing what process we have.

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Michael Richardson 
[mcr(_at_)sandelman(_dot_)ca]
Sent: 02 January 2014 05:02
To: IETF Discussion
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive 
Monitoring is an Attack) to Best Current Practice

Melinda Shore <melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
    >>> I'm sorry, but when we get to the point where we need to point to an
    >>> RFC to stop progress on a document that has obvious vulnerabilities,
    >>> our brains have fallen out.
    >>
    >> This is counterfactual.  We used to routinely handwave about security.

    > We still routinely handwave about security.  It's an afterthought in
    > entirely too many cases.  Drafts are adopted by working groups while
    > still having security considerations sections that consist in their
    > entirety of "TBD."  3552's impacts have been, I think, on how documents
    > are reviewed more than on how documents are developed.

I don't disagree that we still handwave.
I want to address the second part of the above statement.

I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.

Let's not continue the trend to having a WG design team prior to having a WG.

One of the *KEY* things that a too well baked draft coming in to a WG messes
up is fixing the security issues; from ambiguous and arbitrarily different
encodings, to assumptions about what "Use IPsec" might mean.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr(_at_)sandelman(_dot_)ca  http://www.sandelman.ca/        |   ruby on 
rails    [
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Michael Richardson
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, t.p.
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Michael Richardson
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Michael Richardson
Indexes:  [Date] [Thread] [Top] [All Lists]