Yes. I thought that would be the NEXT step after this draft. But let's not
skip this one. The next will take a bit of time, so let's publish this one
so the world can see our position. Once the next one is done it can
incorporate this one and obsolete it.
Scott
On Jan 4, 2014 2:15 PM, "Stewart Bryant (stbryant)"
<stbryant(_at_)cisco(_dot_)com>
wrote:
Sent from my iPad
On 4 Jan 2014, at 16:01, "Stephen Farrell"
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
wrote:
On 01/03/2014 08:36 PM, Stewart Bryant (stbryant) wrote:
I have been wondering whether a simple update to "A Guide to Writing
A Security Considerations Section" is all that is needed to address
the problem in hand?
After a bit of offlist mail with Stewart, it turns out I had
misinterpreted the above.
I now believe (haven't quite confirmed, but its a fine idea
anyway so worth raising here) that what Stewart meant was
not to open up 3552 and add this text, (which'd take years) but
rather to make the RFC resulting from this draft be just another
part of BCP72 (aka RFC 3552).
Yes, that is what I meant. An RFC that says updates RFC3552 in
the top left corner, and provides advise on this security issue in
the same manner and style that RFC3552 deals with all the other
important security issues.
- Stewart
(In case folks don't know, BCPs can be made up of multiple RFCs,
e.g. BCP 10 [1] is like that.)
I think that's quite an interesting idea, and would probably only
require adding a sentence or two to relate this text to that in 3552
(which is currently all of BCP72). I'd certainly have no problem
were that the outcome.
I guess that just might help folks with concerns that as a new BCP
this might be over zealously applied.
But I'm not sure - would that in fact help anyone with such concerns?
Cheers,
S.
PS: This might make suggest a fine longer term plan to work on a
broader revision of BCP72 as we better appreciate privacy concerns
in general and pervasive monitoring.
[1] http://tools.ietf.org/html/bcp10
Stewart
Sent from my iPad
On 3 Jan 2014, at 19:00, "Melinda Shore"
<melinda(_dot_)shore(_at_)gmail(_dot_)com>
wrote:
On 1/3/14 8:33 AM, Eric Rosen wrote: One has to look at the
likely impact of the draft, not merely at the intentions of the
authors.
I don't know if I'd use "likely" here but I definitely think the
IETF should be somewhat more thoughtful about "possible."
I've been trying to figure out if there's a way forward that
doesn't involve bulldozing the dissenters. Personally, I'd be fine
with publishing it as informational or experimental, or if the
document provided a lot more clarity about the basis for review
(along the lines of 3552).
Melinda