On Mon, Jan 06, 2025 at 12:45:08AM -0500, John C Klensin wrote: > > Up to a point, yes. But we at least then don't need to try to > overcome years of history and knowledge about what words mean > everywhere else. This is why I tend to be rather suspicious with proposals to rename terms, whether it is "Historic" or "MITM". I will note that in most cases, the details of what is meant is really important for an actor to decide what to do, whether we use a single term, such as "Historic", or "IETFStatusCatogry[1234]". And this is assuming that the actor is going to pay attention to the label that we slap on an RFC. Similarly, for MITM, unless the goal is to avoid the gendered term "Man", I really don't think it's worth it to try to change MITM to "Active On-path Attacker". For people who are security specialists, the details of whether the attacker is impersonating one side of the connection, or replaying a previously sent packet, or impersonating side of the attacker is probably not enough; they will need to look at the details of the attack. For people who are not security specialists, they should either (a) upgrade to the latest version of the software, or (b) use canned security libraries which provide confidentiality and integrity protection. The bottom line is we need to ask the question of whether the benefits are larger than the costs of making terminology changes, and in my opinion for both of these cases, the answer is "no". Cheers, - Ted
