> Date: 2005-08-10 15:41 > From: Michael Thomas <thomasm@xxxxxxxxx> > Having a "threat analysis" was brought up at the plenary by Steve > Bellovin as being a Good Thing(tm). [...] > So, if this is going to be yet another hoop that the IESG and IAB > sends working groups through like problem statements, requirements > documents and the like, I think it ought to be incumbent on > those people demanding such things to actually both agree and > document what it is that they are demanding. See FYI 36 (a.k.a. RFC 2828) for the definition of threat analysis. RFC 3552, "Guidelines for Writing RFC Text on Security Considerations", may also be helpful (although it does not use the exact term "threat analysis"). All RFCs must contain a Security Considerations section (RFC 2223, section 9). _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf