RE: draft-dukhovni-opportunistic-security-04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Blanket dismissal of substantive concerns is not the usual approach to
work in the IETF."

It's been the norm ever since perpass and RFC 7258. Because... security!

Security work gets a free pass.

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf <ietf-bounces@xxxxxxxx> on behalf of Dave Crocker <dhc@xxxxxxxxxxxx>
Sent: Wednesday, 27 August 2014 2:12:19 PM
To: IETF Discussion
Subject: draft-dukhovni-opportunistic-security-04

Folks,

A new version of the draft was issued today.

And the Sponsoring AD promptly decided that there is IETF consensus on
the draft, scheduling it for the next IESG telechat.  The Sponsoring AD
has deemed all changes since the -02 version is minor.

This is spite of the fact that /nearly every word/ of the newest draft
is new.

Yes, really:


https://www.ietf.org/rfcdiff?url1=draft-dukhovni-opportunistic-security-03&difftype=--hwdiff&submit=Go!&url2=draft-dukhovni-opportunistic-security-04

I did another detailed review of the draft:

     http://www.ietf.org/mail-archive/web/saag/current/msg05531.html

including:

> Summary:
>
>    The paper defines and explains flexible approach to the use of
> encryption on the Internet.  It assigns the term 'opportunistic
> security' to this term.
>
>    The latest draft has extensive changes from the previous version.
>
>    Although many of the changes are quite helpful, the document still
> suffers from confusing or unexplained terminology and some unfortunately
> initial organization.
>
>    A number of points from previous reviews have not been addressed.
>
>    The paper continues to freely make strong assertions, without
> providing any substantiation or even, in some cases, explanation.  At a
> minimum, every term that is used, every assertion that is made and
> anything else that derives from Internet experience should be documented.
>
>    Concerns with the term "opportunistic security" persist.  It is both
> vague and overblown, given the specific technical point it is meant to
> address.  That concern is about encryption and the term should make that
> clear.
>
>    The paper still needs extensive revision before it should be
> considered for publication.


Blanket dismissal of substantive concerns is not the usual approach to
work in the IETF.

d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]