RE: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I don't think it's a problem that a draft gets adopted as a WG item that is
> incomplete in a variety of ways, including security considerations.
> 
> Let's not continue the trend to having a WG design team prior to having a WG.

perpass is not a WG, and draft-farrell-perpass-attack is not an adopted WG item.

I mean, it's incomplete, and it's circumventing what process we have.

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Michael Richardson [mcr@xxxxxxxxxxxx]
Sent: 02 January 2014 05:02
To: IETF Discussion
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

Melinda Shore <melinda.shore@xxxxxxxxx> wrote:
    >>> I'm sorry, but when we get to the point where we need to point to an
    >>> RFC to stop progress on a document that has obvious vulnerabilities,
    >>> our brains have fallen out.
    >>
    >> This is counterfactual.  We used to routinely handwave about security.

    > We still routinely handwave about security.  It's an afterthought in
    > entirely too many cases.  Drafts are adopted by working groups while
    > still having security considerations sections that consist in their
    > entirety of "TBD."  3552's impacts have been, I think, on how documents
    > are reviewed more than on how documents are developed.

I don't disagree that we still handwave.
I want to address the second part of the above statement.

I don't think it's a problem that a draft gets adopted as a WG item that is
incomplete in a variety of ways, including security considerations.

Let's not continue the trend to having a WG design team prior to having a WG.

One of the *KEY* things that a too well baked draft coming in to a WG messes
up is fixing the security issues; from ambiguous and arbitrarily different
encodings, to assumptions about what "Use IPsec" might mean.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@xxxxxxxxxxxx  http://www.sandelman.ca/        |   ruby on rails    [
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]