Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 3, 2014 at 11:34 AM, Eric Rosen <erosen@xxxxxxxxx> wrote:
> Let's face it, the draft is nothing but a political manifesto, and the IETF
> has no business even considering it.

If so, what politics? If you look closely at the draft and not so much
at what people are assuming about it, it is straightforward: pervasive
monitoring, for whatever cause, is indistinguishable from an attack;
the ease of such attacks is increasing; the IETF is behind the curve;
so we're going to do more to make it possible to resist such attacks.

Is there something in that that you disagree with?

> It is also clear from this discussion
> that there is no consensus, even rough consensus, in favor.

The problem with consensus is that people thought this draft either
should recommend specific actions, or was recommending specific
actions. Either would be wrong - the specific actions need to be
considered in specific contexts. I hope that has been made clear by
discussion.

> Note the tone taken by proponents of the draft.  It has been suggested that
> critics are at best wasting everyone's time, and at worst unethical.

There's a great deal of noise and confusion. Ignore statements that
you know are just wrong unless they come from those behind the draft,
as opposed to those claiming to represent their views (like me) or
those just commenting on it.

> When
> it is pointed out that one cannot determine from the draft what the actual
> impact on IETF process is, the proponents yell "there's no time to consider
> the details, Rome is burning, we can't afford the time to listen to people
> who disagree with us".  The claim that we have to act immediately, even
> though we don't know what we need to do, is particularly ridiculous.  This
> is all typical political discourse: ratchet up the volume of the sound
> bites, claim the support of a "silent majority", and yell that the
> dissenters are bad people who shouldn't be listened to.  This should not be
> considered to be an acceptable mode of discourse in the IETF.

I didn't see any of that from people who are actually responsible for the draft.

> Well, here's a particularly egregious example of poor reasoning:  "since it
> is already possible for the Security ADs to abuse their power, giving them
> more tools and more excuses for doing so will have no effect."  An obvious
> non-sequitur, but a good sound bite.

Yes, that was too casual.

Personally, I don't think making a general statement about pervasive
monitoring is going to give ADs any more power than they have now.
Think about when Jeff Schiller was AD and how he used the power of the
security audit (aside: I thought it was a good thing), and think about
how the flow is now. No powers have been taken away and yet somehow we
have a balance, and our protocols are better for the security
considerations. In terms of drafts you might produce, this is another
(major) facet to be considered, it's not granting a new power.

Scott




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]