ietf
[Top] [All Lists]

Re: draft-farrell-perpass-attack architecture issue

2014-01-15 10:40:59
"Eliot" == Eliot Lear <lear(_at_)cisco(_dot_)com> writes:

    Eliot> On 1/14/14 8:33 PM, Sam Hartman wrote:

    >>>>>>> "Scott" == Scott Brim <scott(_dot_)brim(_at_)gmail(_dot_)com> 
writes:
    >> 
    >> I disagree with Eliot: I don't think the general statement is a
    >> truism especially not in a BCP.

    Eliot> To test if it's a truism, replace perpass with anything else
    Eliot> and see what design consideration should be examined late in
    Eliot> the process.



I absolutely agree that general guidance of this form would be valuable
either in some general security BCP that the other security BCPs
reference or restated in the security BCPs.  Its lack in 4107 and BCP 61
is something that causes me problems as a WG chair and cause significant
difficulty for me as an AD.

we're not working on such a BCP now, so I'm trying to add the advice I
need to this BCP in order for it to work for me as a WG chair and
document author.

It's not so much a truism that we all agree to it.  I've definitely
worked with WGs that didn't want to consider these sorts of issues when
choosing technology and didn't seem to agree that they had to.  I do
hope it's enough of a truism that we can agree to say it in a consensus
document.  The idea that we should not say something because we agree
with it confuses me greatly.