Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stewart,

I have been wondering whether a simple update to "A Guide to Writing A Security Considerations Section" is all that is needed to address the problem in hand?

Stewart
Good question.

RFC 3552 contains a threat model, and we need to update that threat model.
The I-D just released by Richard Barnes et al. seems to addressing that.
If we were to combine a new threat model, which explicitly accounts
for PM, with updated security considerations guidance, then I think we would
have what Stephen's doc alludes to at the end, i.e., guidance to RFC authors
on what we now consider to be the threat environment, and what we believe
needs to be done, vis-a-vis topics address in each security-relevant RFC.

That may argue for Stephen's doc being Informational, maybe even transient,
as the real focus is on what we will do in response to declaring PM a
serious concern.

Steve




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]