On 04/06/2014 08:27 PM, Dick Franks wrote:
On 5 April 2014 14:40, <l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk> wrote:
"I didn't see anything that stood out. Are you referring to his why
question? Really? It seems others answered why."
they did not.
Other noises off-stage are rrelevant
The author(s) of the proposal MUST provide the threat model for each
service and a reasoned argument why the proposed action mitigates the
identified threat or threats.
Engineering best practice demands no less.
I disagree. Asking for a threat model seems odd, since the
proposed IESG statement isn't specific to a particular service
and absent that you can't sensibly construct a threat model I
think.
Transparent decision process demands no less.
I have no idea what's apparently opaque.
Ignoring Lloyd Wood's question is not an option.
LLoyd's questions were answered IMO.
S..
Dick Franks