On Sat, Dec 14, 2013 at 7:23 AM, Jari Arkko <jari.arkko@xxxxxxxxx> wrote: >> In my opinion, that is PRECISELY what needs to happen. WGs should "show >> their work" that they have conscientiously considered the matter of >> pervasive monitoring. A more generalized form of the above text in the >> document would be very helpful. > > Yes - this is what I had in mind as well. Some text about this would be useful in my opinion, too. > > And Stephen comes up with a suggestion: > >> Working groups and other sources of IETF specifications >> need to be able to describe how they have considered >> pervasive monitoring, and if the attack is relevant to >> their work, to be able to justify related design >> decisions. >> >> This does not mean that a new "pervasive monitoring >> considerations" is required in Internet-drafts or >> other documentation - it simply means that, if asked, >> there needs to be a good answer to the question "is >> pervasive monitoring relevant to this work and if so >> how has it been addressed?" > > > This would work for me. > > Jari In that first paragraph, I would prefer to say "privacy" rather than "pervasive monitoring". Vulnerability to pervasive monitoring is just one way in which privacy problems show themselves. It shouldn't be the only angle from which the problems are viewed. Scott