Here is my "paraphrase" or "interpretation:"
Please remember to do your homework when it comes to ethical and
societal design considerations, if any. Authors SHOULD ALWAYS
be prepared to answer any questions related to such design
considerations.
I think the problem is the lack of a section or "checklist" that one
should be considering - ALWAYS. The RFC templates should be a section
with a baseline description:
The author(s) of this document does not believe there are "pervasive
monitoring" related attacks [RFCXXXX] in this specification.
Having this in the templates is a form of a "checklist" not only the
authors can not avoid, but also reviewers. At the end of the day, we
don't want any possible considerations to "fall through" the
proverbial "cracks." Reviewers, participants, implementers need to be
able to put the authors to the task to do their homework.
Ideally, "ethical IETF engineers" don't need these type of reminders,
but it helps to have a "checklist."
My "Opinion"
On 1/3/2014 8:19 PM, Stephen Farrell wrote:
On 01/04/2014 01:10 AM, Bjoern Hoehrmann wrote:
* Stephen Farrell wrote:
On 01/04/2014 12:45 AM, l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk wrote:
"Please include a full explanation of how pervasive monitoring is
mitigated in this protocol. If this protocol is not fully
cryptographically secure to defeat pervasive monitoring, explain why
not."
What are you quoting? That text is *not* part of the
draft, nor do I recall it being sent to the list by
anyone.
Surely inventing quotes is not fair game here?
The quote marks indicate that the text is a paraphrase; Lloyd Wood re-
states the meaning, or a possible interpretation, of the text, likely
to illustrate a problem with the text. This is a common discourse tech-
nique and should be entirely obvious; nothing unfair about it.
If it does not reflect the intended meaning of the text, then there are
various ways to make that very explicit in the text, for instance, it
could literally say that "full explanation of how pervasive monitoring
is mitigated" is not expected or required. Then it should be obvious
that the above is not a permissable paraphrase.
The text (I hate to bring it up, seems almost unfashionable;-),
says:
Those developing IETF specifications need to be able to describe how
they have considered pervasive monitoring, and, if the attack is
relevant to the work to be published, be able to justify related
design decisions. This does not mean a new "pervasive monitoring
considerations" section is needed in IETF documentation. It means
that, if asked, there needs to be a good answer to the question "is
pervasive monitoring relevant to this work and if so how has it been
addressed?"
Lloyd's "paraphrase" is entirely unlike the actual text. His
quote marks, are, like his argument, entirely bogus. (And not
even funny, which is often a redeeming quality of Lloyd's
posts:-) Given that there seems to be a trend to ignore the
actual text, and that that I've already commented on that, I
think yes, his supposed quote is out of order. Perhaps you
don't, and that's fine, but I do.
S.
--
HLS