Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Eliot,

On 12/13/2013 12:34 PM, Eliot Lear wrote:
> An update.
> 
> I wrote:
> 
>> Well actually there is confusion about this, which is in part why 
>> there is a debate.  We've already seen one working group chair 
>> expecting the IESG to take actions on documents based on this 
>> statement of principle.  And so some care is therefore required.
> 
> The group I had in mind was HTTPBIS.
> 
> Here is a snipit from a message from Mark Nottingham who is chair of
> the HTTPBIS working group today:
> 
>> The wild card in all of this is draft-farrell-perpass-attack. If
>> that document gains IETF consensus, we'll need to demonstrate that
>> we've at least considered pervasive monitoring as a threat, and can
>> explain why we have taken the approach we have.
> 
> In my opinion, that is PRECISELY what needs to happen.  WGs should
> "show their work" that they have conscientiously considered the
> matter of pervasive monitoring.  A more generalized form of the above
> text in the document would be very helpful.

I've no problem with that, since I agree Mark's mail captures
what we do want to happen as a result of this BCP. (I also
thought his first mail did, but whatever.)

Anyway, how's this for a suggestion, say placed somewhere near
the end of section 2:

   Working groups and other sources of IETF specifications
   need to be able to describe how they have considered
   pervasive monitoring, and if the attack is relevant to
   their work, to be able to justify related design
   decisions.

   This does not mean that a new "pervasive monitoring
   considerations" is required in Internet-drafts or
   other documentation - it simply means that, if asked,
   there needs to be a good answer to the question "is
   pervasive monitoring relevant to this work and if so
   how has it been addressed?"

I don't think we want to force everyone to write up why
pervasive monitoring is or isn't relevant to their work
but getting a good answer if the question is asked should
be the expectation. That could be in meeting minutes, mail
discussions or in drafts or writeups if that's what a WG
want to do. In other cases it'll be clear that the attack
just isn't relevant at all and the question shouldn't even
be asked, e.g. for many codepoint allocations.

I'd be happy to see better suggested wording as well,
Cheers,
S.




> 
> Eliot
> 
> 
> 
>
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]