Re: Eliot's draft-farrell-perpass-attack thread

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(Top posting to save everyone time)

For whatever it is worth, I find myself in complete agreement
with Dave and with his statement of the issues.  In particular,
if our desire is to make a statement of concern (superficial or
otherwise), we should do that and not wrap it in an
apparently-technical document and/or set of commitments for
which we can be held accountable for not delivering.  If we
actually do want to make commitments for action, this document
is, at best, immature.

The recent "where are the real threats" discussions about https
and the roles of DNSSEC and various types of certification,
including distinctions between data integrity and data quality
for security purposes, reinforce that view.

Personally, I favor the commitments for action but only if they
are associated with a clear understanding and presentation (both
tactical and strategic) of what we reasonably can do
technically.   I don't believe the value of expressions of
concern beyond what was already demonstrated in Vancouver is
sufficient to justify the costs of arriving at consensus on them.

best,
   john


--On Wednesday, December 11, 2013 09:15 -0800 Dave Crocker
<dhc@xxxxxxxxxxxx> wrote:

> On 12/9/2013 5:28 AM, Stephen Farrell wrote:
>> 
>>  The question essentially
>> is how to cater for network management. I think the
>> current text is fine, Eliot doesn't,
> 
 
> The IETF has been bitten by the privacy-protection bug, which
> is prompting extensive, serious activity on the topic.  That's
> excellent, of course.  However the community is responding
> with a sense of urgency about issuing policy statements that I
> believe is precipitous.
> 
> Policy statements need to represent more than a simple
> assertion of a desire or goal.  They need to consider
> implications, carefully and relatively thoroughly.  It's also
> best if the statements are written with some attention to
> likely misinterpretation.  (For example, the current draft is
> careful to explain its distinctive use of the word 'attack';
> while some readers will persist in misinterpreting the use, at
> least the document makes itself clear.)
>...

> In other words, the community needs to take on a work item to
> offer comments on the likely application of this draft to
> technical efforts in the IETF, so that we can develop some
> understanding of how the document will be useful (and how it
> might be revised to avoid difficulties...)
> 
> At that point, the document will represent a degree of
> substantive, strategic technical thinking by the community,
> rather than a more wistful and frankly superficial expression
> of concern.







[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]