Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here is my "paraphrase" or "interpretation:"

    Please remember to do your homework when it comes to ethical and
    societal design considerations, if any. Authors SHOULD ALWAYS
    be prepared to answer any questions related to such design
    considerations.

I think the problem is the lack of a section or "checklist" that one should be considering - ALWAYS. The RFC templates should be a section with a baseline description:

    The author(s) of this document does not believe there are "pervasive
    monitoring" related attacks [RFCXXXX] in this specification.

Having this in the templates is a form of a "checklist" not only the authors can not avoid, but also reviewers. At the end of the day, we don't want any possible considerations to "fall through" the proverbial "cracks." Reviewers, participants, implementers need to be able to put the authors to the task to do their homework.

Ideally, "ethical IETF engineers" don't need these type of reminders, but it helps to have a "checklist."

My "Opinion"


On 1/3/2014 8:19 PM, Stephen Farrell wrote:



On 01/04/2014 01:10 AM, Bjoern Hoehrmann wrote:
* Stephen Farrell wrote:
On 01/04/2014 12:45 AM, l.wood@xxxxxxxxxxxx wrote:
"Please include a full explanation of how pervasive monitoring is
mitigated in this protocol. If this protocol is not fully
cryptographically secure to defeat  pervasive monitoring, explain why
not."

What are you quoting? That text is *not* part of the
draft, nor do I recall it being sent to the list by
anyone.

Surely inventing quotes is not fair game here?

The quote marks indicate that the text is a paraphrase; Lloyd Wood re-
states the meaning, or a possible interpretation, of the text, likely
to illustrate a problem with the text. This is a common discourse tech-
nique and should be entirely obvious; nothing unfair about it.

If it does not reflect the intended meaning of the text, then there are
various ways to make that very explicit in the text, for instance, it
could literally say that "full explanation of how pervasive monitoring
is mitigated" is not expected or required. Then it should be obvious
that the above is not a permissable paraphrase.

The text (I hate to bring it up, seems almost unfashionable;-),
says:

    Those developing IETF specifications need to be able to describe how
    they have considered pervasive monitoring, and, if the attack is
    relevant to the work to be published, be able to justify related
    design decisions.  This does not mean a new "pervasive monitoring
    considerations" section is needed in IETF documentation.  It means
    that, if asked, there needs to be a good answer to the question "is
    pervasive monitoring relevant to this work and if so how has it been
    addressed?"

Lloyd's "paraphrase" is entirely unlike the actual text. His
quote marks, are, like his argument, entirely bogus. (And not
even funny, which is often a redeeming quality of Lloyd's
posts:-) Given that there seems to be a trend to ignore the
actual text, and that that I've already commented on that, I
think yes, his supposed quote is out of order. Perhaps you
don't, and that's fine, but I do.

S.






--
HLS






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]