On 12/15/2013 10:07 AM, Jari Arkko wrote:
FWIW when I have talked about this issue, I've usually talked about the fact that Internet has a vulnerability for pervasive monitoring and that we need to address that vulnerability just like we do with other vulnerabilities. (To our ability, just like with the other vulnerabilities.) "Threat" would work well for me, too.
+1
Within the IETF, I'm used to hearing security folk talk in terms of
'threats', so the word 'attack' was a bit of a surprise.
It's worth using language that is already common in the IETF, and is as
boringly neutral as we can get away with. (In most of the world, the
word 'threat' wouldn't be considered neutral, of course, but within
technical security discussions, it seems to be.)
As others keep noting, within the IETF, our job is to focus on the
technical issues of this topic. That means we should avoid anything
that excites opportunities for those other issues. They're relevant, of
course, but not in the IETF.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net