Stephen,
Stephen
I am responding to Stewart's suggestion with a suggestion of the likely added
text to the Guide he suggests a "simple update" to. Which would go beyond the
'think about monitoring' to 'explicitly write up how monitoring is handled' on
the way to full security protocol emphasis. Which is what doomed work in DTNRG
and made it irrelevant to its problem space, by the way.
I quoted stewart's email is full below before responding to it. That is the
usual thing to do. I hope this helps with reading comprehension.
Before you check, "simple update" is not in your draft either.
I don't think pushing policy through rapidly here is fair game either.
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: Stephen Farrell [stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Sent: 04 January 2014 00:53
To: Wood L Dr (Electronic Eng); stbryant(_at_)cisco(_dot_)com;
melinda(_dot_)shore(_at_)gmail(_dot_)com
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive
Monitoring is an Attack) to Best Current Practice
Lloyd,
On 01/04/2014 12:45 AM, l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk wrote:
"Please include a full explanation of how pervasive monitoring is
mitigated in this protocol. If this protocol is not fully
cryptographically secure to defeat pervasive monitoring, explain why
not."
What are you quoting? That text is *not* part of the
draft, nor do I recall it being sent to the list by
anyone.
Surely inventing quotes is not fair game here?
S.
Yeah, that gives complete design control to the security AD.
Which problem is being addressed, exactly?
Lloyd Wood http://about.me/lloydwood
________________________________________ From: ietf
[ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Stewart Bryant (stbryant)
[stbryant(_at_)cisco(_dot_)com] Sent: 03 January 2014 20:36 To: Melinda Shore
Cc: ietf(_at_)ietf(_dot_)org Subject: Re: Last Call:
<draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an
Attack) to Best Current Practice
I have been wondering whether a simple update to "A Guide to Writing
A Security Considerations Section" is all that is needed to address
the problem in hand?
Stewart
Sent from my iPad
On 3 Jan 2014, at 19:00, "Melinda Shore"
<melinda(_dot_)shore(_at_)gmail(_dot_)com>
wrote:
On 1/3/14 8:33 AM, Eric Rosen wrote: One has to look at the
likely impact of the draft, not merely at the intentions of the
authors.
I don't know if I'd use "likely" here but I definitely think the
IETF should be somewhat more thoughtful about "possible."
I've been trying to figure out if there's a way forward that
doesn't involve bulldozing the dissenters. Personally, I'd be fine
with publishing it as informational or experimental, or if the
document provided a lot more clarity about the basis for review
(along the lines of 3552).
Melinda