On 11/12/2013 15:07, Scott Brim wrote:
Regarding "where possible", since every situation is different, I do
not think the IETF should try to find a balance, or say anything
universal about deployment. There is no position that will work for
everyone. The IETF should absolutely try to make privacy/security a
_possibility_, and that's why every effort should offer the
_possibility_ of mitigation. That's as far as we should go.
.
I would like to explore this a bit more if I may.
RFC3552 says we must describe
1. which attacks are out of scope (and why!)
2. which attacks are in-scope
2.1 and the protocol is susceptible to
2.2 and the protocol protects against
Now consider the attack that caused us to start this work programme
and think about RFC791. Would that pass security review against
the new hurdles?
I think that the answer to 2.1 is: This protocol is susceptible to a
metadata harvesting attack of the protocol, and moreover it
provides an essential clue in analyzing the payload. It also
provides essential clues in determining the topology of the
network to an observer and thus making other network
elements vulnerable to attack.
So would RFC791 be accepted for publication with its vulnerability
to a pervasive monitoring attack?
- Stewart