ietf
[Top] [All Lists]

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-02 06:57:28

Melinda,

On 01/02/2014 04:34 AM, Melinda Shore wrote:
On 1/1/14 7:06 PM, Dave Crocker wrote:
I fear that we are indulging in a cause/effect error.  The probably
reason we aren't pursuing needed specifics is that we don't know how to.

That may be the case, and that this draft is a Something Must
Be Done document. That is fine, and we all more-or-less seem
to be in agreement that something must be done.  I think,
however, that a Something Must Be Done document probably does
not belong on the standards track.  A This is What We'll Do
document does.  Concern about unforeseen consequences from
publishing a vague document seems appropriate to me.

The draft is not vague. Its high-level, which is quite
different. If there are parts that are vague please point
those out and we can try to fix them.

Waiting until we have a set of (not one!) this-is-what-we'll-do
documents would be a bad outcome for at least the reasons I
outlined in response to Dave just now.

Calling this a "Something Must Be Done" document seems
needlessly dismissive. Can you say how that's intended to
help?

I think we have a proof by demonstration that we have not
sufficiently considered this attack. The proposed BCP is
a first, high-level step in remedying that situation. And
if we can get WGs to properly consider the attack to be a
real current practice, then the draft will become a fine
BCP in all senses of the term.

S.



Melinda




<Prev in Thread] Current Thread [Next in Thread>