Re: Agenda, security, and monitoring

On 2/2/2014 4:44 PM, Pete Resnick wrote:
> I suspect Ted might be right and this is simply an integration problem.
> I'm not sure whether Dave agrees or disagrees with me on this, but I
> think we've got the tools in our toolbox already:

I don't know either.  Depending upon the specific service goals, it 
probably is more than 'integration', which is why I harp on 'usability'.
But some service goals well might make for simplified usability demands.

Some other recent postings are also noting that these sorts of issues 
depend heavily on the specific protections that are sought.  Absent very 
specific statements about the nature of PM threats a given technique is 
intended to protect against (and is explicitly /not/ intended to protect 
against), along with some indication of community support for such 
protections and exposures, we are just doing a random walk through 
solution space.  Random walks produce random results.
If end users are a factor in a solution, then the real-world of 
mass-market user constraints is a factor.  There is an extensive body of 
knowledge about such users and any proposal needs to pay attention to 
that body.  A place to start is by excluding all IETF participants from 
examples.  Another place to start is by distinguishing reasonable 
behavioral expectations for configuration-time actions, versus 
creation-time, versus posting-time.  They are massively different 
operating contexts.
So:  Define the exact anti-PM service to be sought, define the actors 
needed to implement, and then get community agreement that it's an 
important goal to work towards.  Then we can discuss whether it's 
integration or usability or...
d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net