Gee, you don't need a threat analysis when you're going to protect against EVERYTHING! That's SECURITY! Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Dick Franks [rwfranks@xxxxxxx] Sent: 09 April 2014 01:02 To: t.p. Cc: IETF-Discussion Subject: Re: Security for various IETF services On 8 April 2014 09:32, t.p. <daedulus@xxxxxxxxxxxxx<mailto:daedulus@xxxxxxxxxxxxx>> wrote: The path that I have seen several Security ADs steer Working Groups down is to start with a threat analysis before deciding what counter measures are appropriate. Several contributors have been saying exactly that for almost a week. These suggestions have been answered by dismissive emails and a relentless bombardment of magic pixie dust.