ietf
[Top] [All Lists]

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-07-30 10:09:03
On Mon, Jul 28, 2014 at 11:04:50PM +0100, ianG wrote:

Having re-read the responses I think the term that comes closest is
"all-or-nothing".  But even that doesn't seem to capture all of it,
because "all" isn't what they achieve, they are quite conscious of
ignoring certain threats such as tracking or DOS.

Perhaps "high bar" security or "fixed bar" security?  The flaw with much
work in the past is that the bar was set high, and those who failed to
leap it where knocked back.  So they walked around.

I like "all or nothing", "all" here is sensibly read as "everything
implemented", not "everything possible".  Thus simply a binary choice.

However, in trying to work this into the text I am finding that it
becomes more verbose, and spends too much time on inessential
details.  Perhaps this is just failure to craft the right text on
my part, but I am having a hard time actually improving the text
overall, even though "all or nothing" is perhaps better than "strong".

There is a tension here between a quick informal description of existing
practice, that should be clear to most, with a clear focus on the new
model, and a more accurate/detailed description of past practice, that
might detract from the focus of the document.

Is anyone willing to take the time to carefully update the Introduction
to find the sweet spot between the current cursory nod to the past on
one extreme, and potentially an overly elaborute detour on the other?

I tried a couple of times, but have not yet succeeded.  Writers
block and shortage of cycles perhaps...

I think that if we change nothing, though the document could likely
be improved, that the improvements are inessential.  Perhaps we
can leave well enough alone?

-- 
        Viktor.