Gee, you don't need a threat analysis when you're going to protect against
EVERYTHING!
That's SECURITY!
Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Dick Franks
[rwfranks(_at_)acm(_dot_)org]
Sent: 09 April 2014 01:02
To: t.p.
Cc: IETF-Discussion
Subject: Re: Security for various IETF services
On 8 April 2014 09:32, t.p.
<daedulus(_at_)btconnect(_dot_)com<mailto:daedulus(_at_)btconnect(_dot_)com>>
wrote:
The path that I have seen several Security ADs steer Working Groups down
is to start with a threat analysis before deciding what counter measures
are appropriate.
Several contributors have been saying exactly that for almost a week.
These suggestions have been answered by dismissive emails and a relentless
bombardment of magic pixie dust.