On Mon, Jan 06, 2025 at 01:02:22PM -0500, Michael Richardson wrote: > > Theodore Ts'o <tytso@xxxxxxx> wrote: > > Similarly, for MITM, unless the goal is to avoid the gendered term > > "Man", I really don't think it's worth it to try to change MITM to > > "Active On-path Attacker". For people who are security specialists, > > the details of whether the attacker is impersonating one side of the > > connection, or replaying a previously sent packet, or impersonating > > side of the attacker is probably not enough; they will need to look at > > the details of the attack. For people who are not security > > specialists, they should either (a) upgrade to the latest version of > > the software, or (b) use canned security libraries which provide > > confidentiality and integrity protection. > > For those who wonder about this comment that seems to be a non-sequitor, please see: > https://mailarchive.ietf.org/arch/msg/saag/GSi83LeAbPSkcFcUsqJgmqECI8E/ Sorry, when I was going through my e-mail, I rolled my eyes and deleted the thread from SAAG as being (IMHO) an amazingly pointless waste of time, so I didn't bother replying. When I saw another proposal where people were spending a lot of time arguing about a global search and replace of one set of terms for another on the IETF list, I didn't realize that the two threads were on different threads, and so I replied to the second thread mentioning the MITM debate on the saag list. As I concluded from the other thread: > The bottom line is we need to ask the question of whether the benefits > are larger than the costs of making terminology changes, and in my > opinion for both of these cases, the answer is "no". Cheers, - Ted
