"Please include a full explanation of how pervasive monitoring is mitigated in
this protocol. If this protocol is not fully cryptographically secure to defeat
pervasive monitoring, explain why not."
Yeah, that gives complete design control to the security AD.
Which problem is being addressed, exactly?
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Stewart Bryant
(stbryant) [stbryant(_at_)cisco(_dot_)com]
Sent: 03 January 2014 20:36
To: Melinda Shore
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive
Monitoring is an Attack) to Best Current Practice
I have been wondering whether a simple update to "A Guide to Writing A Security
Considerations Section" is all that is needed to address the problem in hand?
Stewart
Sent from my iPad
On 3 Jan 2014, at 19:00, "Melinda Shore"
<melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
On 1/3/14 8:33 AM, Eric Rosen wrote:
One has to look at the likely impact of the draft, not merely at the
intentions of the authors.
I don't know if I'd use "likely" here but I definitely think
the IETF should be somewhat more thoughtful about "possible."
I've been trying to figure out if there's a way forward that
doesn't involve bulldozing the dissenters. Personally, I'd be
fine with publishing it as informational or experimental, or
if the document provided a lot more clarity about the basis for
review (along the lines of 3552).
Melinda