Stephen, Stephen I am responding to Stewart's suggestion with a suggestion of the likely added text to the Guide he suggests a "simple update" to. Which would go beyond the 'think about monitoring' to 'explicitly write up how monitoring is handled' on the way to full security protocol emphasis. Which is what doomed work in DTNRG and made it irrelevant to its problem space, by the way. I quoted stewart's email is full below before responding to it. That is the usual thing to do. I hope this helps with reading comprehension. Before you check, "simple update" is not in your draft either. I don't think pushing policy through rapidly here is fair game either. Lloyd Wood http://about.me/lloydwood ________________________________________ From: Stephen Farrell [stephen.farrell@xxxxxxxxx] Sent: 04 January 2014 00:53 To: Wood L Dr (Electronic Eng); stbryant@xxxxxxxxx; melinda.shore@xxxxxxxxx Cc: ietf@xxxxxxxx Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice Lloyd, On 01/04/2014 12:45 AM, l.wood@xxxxxxxxxxxx wrote: > "Please include a full explanation of how pervasive monitoring is > mitigated in this protocol. If this protocol is not fully > cryptographically secure to defeat pervasive monitoring, explain why > not." What are you quoting? That text is *not* part of the draft, nor do I recall it being sent to the list by anyone. Surely inventing quotes is not fair game here? S. > > Yeah, that gives complete design control to the security AD. > > Which problem is being addressed, exactly? > > Lloyd Wood http://about.me/lloydwood > ________________________________________ From: ietf > [ietf-bounces@xxxxxxxx] On Behalf Of Stewart Bryant (stbryant) > [stbryant@xxxxxxxxx] Sent: 03 January 2014 20:36 To: Melinda Shore > Cc: ietf@xxxxxxxx Subject: Re: Last Call: > <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an > Attack) to Best Current Practice > > I have been wondering whether a simple update to "A Guide to Writing > A Security Considerations Section" is all that is needed to address > the problem in hand? > > Stewart > > Sent from my iPad > >> On 3 Jan 2014, at 19:00, "Melinda Shore" <melinda.shore@xxxxxxxxx> >> wrote: >> >>> On 1/3/14 8:33 AM, Eric Rosen wrote: One has to look at the >>> likely impact of the draft, not merely at the intentions of the >>> authors. >> >> I don't know if I'd use "likely" here but I definitely think the >> IETF should be somewhat more thoughtful about "possible." >> >> I've been trying to figure out if there's a way forward that >> doesn't involve bulldozing the dissenters. Personally, I'd be fine >> with publishing it as informational or experimental, or if the >> document provided a lot more clarity about the basis for review >> (along the lines of 3552). >> >> Melinda >> > >