On Mon, Jan 13, 2014 at 2:28 PM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: > In particular, architectural decisions, including which existing > technology is re-used, significantly impact the vulnerability of > a protocol to pervasive monitoring. For example, if a protocol > uses DNS to store information, then a passive attacker can observe > the queries made to the DNS. Those developing IETF specifications > therefore need to consider mitigating pervasive monitoring when > making these architectural decisions and be prepared to justify > their decisions. Getting adequate, early review of architectural > decisions including whether appropriate mitigation of pervasive > monitoring can be made is important. Revisiting these architectural > decisions late in the process is very costly. Not bad. FYI what got me started on privacy was when ILNP said "Mobility? No problem, just keep your location updated in DNS". This all looks good to me except for grammar in the first sentence: "including which existing technology is re-used". Do you mean "including decisions on which existing technology to re-use"? "including decisions where existing technology is re-used"? Thanks ... Scott