Re: Security for various IETF services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/04/2014 23:11, Stephen Farrell wrote:

On 04/06/2014 08:27 PM, Dick Franks wrote:
On 5 April 2014 14:40, <l.wood@xxxxxxxxxxxx> wrote:

"I didn't see anything that stood out. Are you referring to his why
question?  Really?  It seems others answered why."

they did not.

Other noises off-stage are rrelevant
The author(s) of the proposal MUST provide the threat model for each
service and a reasoned argument why the proposed action mitigates the
identified threat or threats.

Engineering best practice demands no less.
I disagree. Asking for a threat model seems odd, since the
proposed IESG statement isn't specific to a particular service
and absent that you can't sensibly construct a threat model I
think.
The request is surely that the specification of the application
include the threat model, which seems a very reasonable
requirement.

Transparent decision process demands no less.
I have no idea what's apparently opaque.

Ignoring Lloyd Wood's question is not an option.
LLoyd's questions were answered IMO.
I regret that I am not convinced they were.

Stewart

S..




Dick Franks




--
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]