LLoyd's questions were answered IMO.
they weren't.
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Stephen Farrell
[stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Sent: 06 April 2014 23:11
To: Dick Franks
Cc: IETF Discussion
Subject: Re: Security for various IETF services
On 04/06/2014 08:27 PM, Dick Franks wrote:
On 5 April 2014 14:40, <l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk> wrote:
"I didn't see anything that stood out. Are you referring to his why
question? Really? It seems others answered why."
they did not.
Other noises off-stage are rrelevant
The author(s) of the proposal MUST provide the threat model for each
service and a reasoned argument why the proposed action mitigates the
identified threat or threats.
Engineering best practice demands no less.
I disagree. Asking for a threat model seems odd, since the
proposed IESG statement isn't specific to a particular service
and absent that you can't sensibly construct a threat model I
think.
Transparent decision process demands no less.
I have no idea what's apparently opaque.
Ignoring Lloyd Wood's question is not an option.
LLoyd's questions were answered IMO.
S..
Dick Franks