"Jari" == Jari Arkko <jari(_dot_)arkko(_at_)ericsson(_dot_)com> writes:
Jari> Sam, FWIW my view is pretty much what Dave and Scott noted. I
Jari> don't think the change weakens the draft's message: We'll take
Jari> the issue seriously.
I disagree for the following reasons.
When we remove text saying that WGs need to be able to justify their
decisions, we're saying that we do not have consensus on that statement.
If we do not have agreement that WGs should be able to justify their
choices with regard to perpass mitigation, then I think that we are not
actually going to do what is necessary to approach the issue.
Here are concrete examples of what I expect to be able to do:
* I should be able to ask NVO3 to explain why they chose an architecture
that either does or does not support encryption of data plane traffic
while reviewing that architecture.
* If we were doing DDS/NAPTR work today I should be able to ask whether
confidentiality is a requirement and if so why DNS is an appropriate
substrate.
* If the working group I chair (kitten) were to actually work on an
administration protocol to manifest our information model for
Kerberos, I should be able to ask about privacy implications of that
protocol and whether Kerberos is an appropriate substrate.
To me, by removing text that WGs need to be able to justify these sorts
of decisions we're saying that we don't have consensus that such
questions would need to be justified during a review.
If you think those are reasonable, then I'd strongly prefer to spend the
time to figure out what we actually mean. Come up with text that makes
it sure that such questions are reasonable while ruling out the things
people are worried about.
If we do not think that WGs should be required to justify these
positions, then I strongly object to a claim that we have chosen to
mitigate perpass attacks because I believe that claim is meaningless
without actually being able to get WGs to justify these decisions while
doing architectural review.