> LLoyd's questions were answered IMO. they weren't. Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Stephen Farrell [stephen.farrell@xxxxxxxxx] Sent: 06 April 2014 23:11 To: Dick Franks Cc: IETF Discussion Subject: Re: Security for various IETF services On 04/06/2014 08:27 PM, Dick Franks wrote: > On 5 April 2014 14:40, <l.wood@xxxxxxxxxxxx> wrote: > >> "I didn't see anything that stood out. Are you referring to his why >> question? Really? It seems others answered why." >> >> they did not. >> >> Other noises off-stage are rrelevant > > The author(s) of the proposal MUST provide the threat model for each > service and a reasoned argument why the proposed action mitigates the > identified threat or threats. > > Engineering best practice demands no less. I disagree. Asking for a threat model seems odd, since the proposed IESG statement isn't specific to a particular service and absent that you can't sensibly construct a threat model I think. > Transparent decision process demands no less. I have no idea what's apparently opaque. > Ignoring Lloyd Wood's question is not an option. LLoyd's questions were answered IMO. S.. > > > Dick Franks >