ietf
[Top] [All Lists]

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2014-01-02 11:28:00

Tim,


This paragraph seems ridiculous to me.

Then you've not the history to have seen reasonable protocols be held up- or 
worse mangled- to satisfy unreasonable decisions by ADs based on their 
interpretation of their authority.   We have been down this road before. And 
again, I'm not concerned about the current ADs, mind you. We've a good lot.

 The perpass-attack draft says that pervasive monitoring has the 
characteristics of an attack, and that the protocols we design SHOULD include 
appropriate mitigation measures.

Well it doesn't say that (at least in -03) and let's not suppose it did.

There are very few (any?) absolutes in any of the protocols we build, just a 
wealth of often-conflicting design criteria, which force us to trade off and 
make judgment calls.  draft-perpass-attack says that mitigation of pervasive 
surveillance should be seen as one of the design criteria, and it’s not OK to 
ignore it.

In fact I've argued all if this myself.  It presumes we understand the threat 
well enough.  One concern at the moment is that a group will take an action in 
response that actually ENABLES more pervasive surveillance.  That may be 
unavoidable as there will be trade offs.


A reasonable take is that a specification could be held up if there are 
plausible arguments that this criterion has not been given appropriate 
consideration, and I see nothing wrong with that.

Sure. But now you've actually rung in another problem with the draft. Most 
participants in the IETF don't know how to address the threat and those who 
think they do probably won't agree on either it's nature or the remediation.

We're simply not there yet.

The IETF should take this threat seriously and do what we can when we know what 
to do.

Eliot


<Prev in Thread] Current Thread [Next in Thread>