"Please include a full explanation of how pervasive monitoring is mitigated in this protocol. If this protocol is not fully cryptographically secure to defeat pervasive monitoring, explain why not." Yeah, that gives complete design control to the security AD. Which problem is being addressed, exactly? Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Stewart Bryant (stbryant) [stbryant@xxxxxxxxx] Sent: 03 January 2014 20:36 To: Melinda Shore Cc: ietf@xxxxxxxx Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice I have been wondering whether a simple update to "A Guide to Writing A Security Considerations Section" is all that is needed to address the problem in hand? Stewart Sent from my iPad > On 3 Jan 2014, at 19:00, "Melinda Shore" <melinda.shore@xxxxxxxxx> wrote: > >> On 1/3/14 8:33 AM, Eric Rosen wrote: >> One has to look at the likely impact of the draft, not merely at the >> intentions of the authors. > > I don't know if I'd use "likely" here but I definitely think > the IETF should be somewhat more thoughtful about "possible." > > I've been trying to figure out if there's a way forward that > doesn't involve bulldozing the dissenters. Personally, I'd be > fine with publishing it as informational or experimental, or > if the document provided a lot more clarity about the basis for > review (along the lines of 3552). > > Melinda >