Dave,
On 06.09.2013 18:58, Dave Crocker wrote:
On 9/6/2013 8:34 AM, Stephane Bortzmeyer wrote:
On Fri, Sep 06, 2013 at 08:20:17AM -0700,
Dave Crocker <dhc@xxxxxxxxxxxx> wrote
a message of 21 lines which said:
We currently do not have a concise catalog the basic 'privacy'
threats and their typical mitigations, appropriate for concern with
IETF protocols.
What about RFC 6973?
It certainly provides useful background. As such, it's an excellent
starting point for the topic.
However it is not concise nor does it offer threat templates nor design
templates.
The document actually contains a list of common threats that we found
applicable in the Internet protocol standardization context.
The design template is essentially the questions listed in the
guidelines section.
Unfortunately, like in security the story is not that easy that you can
give simple recommendation. As a protocol designer, you unfortunately
have to think a bit.
It also doesn't define privacy...
It does define privacy but not in a single sentence.
Ciao
Hannes
d/