Tim,
This paragraph seems ridiculous to me.
Then you've not the history to have seen reasonable protocols be held up- or
worse mangled- to satisfy unreasonable decisions by ADs based on their
interpretation of their authority. We have been down this road before. And
again, I'm not concerned about the current ADs, mind you. We've a good lot.
The perpass-attack draft says that pervasive monitoring has the
characteristics of an attack, and that the protocols we design SHOULD include
appropriate mitigation measures.
Well it doesn't say that (at least in -03) and let's not suppose it did.
There are very few (any?) absolutes in any of the protocols we build, just a
wealth of often-conflicting design criteria, which force us to trade off and
make judgment calls. draft-perpass-attack says that mitigation of pervasive
surveillance should be seen as one of the design criteria, and it’s not OK to
ignore it.
In fact I've argued all if this myself. It presumes we understand the threat
well enough. One concern at the moment is that a group will take an action in
response that actually ENABLES more pervasive surveillance. That may be
unavoidable as there will be trade offs.
A reasonable take is that a specification could be held up if there are
plausible arguments that this criterion has not been given appropriate
consideration, and I see nothing wrong with that.
Sure. But now you've actually rung in another problem with the draft. Most
participants in the IETF don't know how to address the threat and those who
think they do probably won't agree on either it's nature or the remediation.
We're simply not there yet.
The IETF should take this threat seriously and do what we can when we know what
to do.
Eliot