> The group I had in mind was HTTPBIS. > > Here is a snipit from a message from Mark Nottingham who is chair of the > HTTPBIS working group today: > >> The wild card in all of this is draft-farrell-perpass-attack. If that document gains IETF consensus, we'll need to demonstrate that we've at least considered pervasive monitoring as a threat, and can explain why we have taken the approach we have. > > In my opinion, that is PRECISELY what needs to happen. WGs should "show > their work" that they have conscientiously considered the matter of > pervasive monitoring. A more generalized form of the above text in the > document would be very helpful. Yes - this is what I had in mind as well. Some text about this would be useful in my opinion, too. And Stephen comes up with a suggestion: > Working groups and other sources of IETF specifications > need to be able to describe how they have considered > pervasive monitoring, and if the attack is relevant to > their work, to be able to justify related design > decisions. > > This does not mean that a new "pervasive monitoring > considerations" is required in Internet-drafts or > other documentation - it simply means that, if asked, > there needs to be a good answer to the question "is > pervasive monitoring relevant to this work and if so > how has it been addressed?" This would work for me. Jari