Re: Security for various IETF services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 04/06/2014 08:27 PM, Dick Franks wrote:
> On 5 April 2014 14:40, <l.wood@xxxxxxxxxxxx> wrote:
> 
>> "I didn't see anything that stood out. Are you referring to his why
>> question?  Really?  It seems others answered why."
>>
>> they did not.
>>
>> Other noises off-stage are rrelevant
> 
> The author(s) of the proposal MUST provide the threat model for each
> service and a reasoned argument why the proposed action mitigates the
> identified threat or threats.
> 
> Engineering best practice demands no less.

I disagree. Asking for a threat model seems odd, since the
proposed IESG statement isn't specific to a particular service
and absent that you can't sensibly construct a threat model I
think.

> Transparent decision process demands no less.

I have no idea what's apparently opaque.

> Ignoring Lloyd Wood's question is not an option.

LLoyd's questions were answered IMO.

S..



> 
> 
> Dick Franks
> 





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]