ietf
[Top] [All Lists]

Re: Security for various IETF services

2014-04-06 17:12:18


On 04/06/2014 08:27 PM, Dick Franks wrote:
On 5 April 2014 14:40, <l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk> wrote:

"I didn't see anything that stood out. Are you referring to his why
question?  Really?  It seems others answered why."

they did not.

Other noises off-stage are rrelevant

The author(s) of the proposal MUST provide the threat model for each
service and a reasoned argument why the proposed action mitigates the
identified threat or threats.

Engineering best practice demands no less.

I disagree. Asking for a threat model seems odd, since the
proposed IESG statement isn't specific to a particular service
and absent that you can't sensibly construct a threat model I
think.

Transparent decision process demands no less.

I have no idea what's apparently opaque.

Ignoring Lloyd Wood's question is not an option.

LLoyd's questions were answered IMO.

S..





Dick Franks