And when you can answer those three points, you'll have a BCP.
Until then, this is informational.
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Dave Crocker
[dhc(_at_)dcrocker(_dot_)net]
Sent: 20 January 2014 00:56
To: Christian Huitema; Eliot Lear; Jari Arkko
Cc: IETF discussion list
Subject: Re: Gen-Art telechat review of draft-farrell-perpass-attack-04
On 1/19/2014 4:48 PM, Christian Huitema wrote:
It would be interesting to list the specific patterns that are most
likely to trigger the “bad because of PM” comments, and to develop
secure alternatives. From what I see, there seems to be two big
offenders, logs and configuration. So maybe we should develop a simple
way to anonymize logs, and a secure way to get configuration data…
What an excellent point. It highlights something we probably should
pursue explicitly and aggressively:
1. Working on learning how to analyze PM concerns in specifications
2. Learning how to formulate PM defenses in designs
3. Diligently documenting what we learn
That is, we need to treat this topic as something we are all still
developing an understanding of -- both the problem and its mitigation --
and therefore need to collaborate on.
Methinks these are two wikis we need...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net