--On Sunday, April 21, 2019 16:35 +0000 "Salz, Rich"
<rsalz@xxxxxxxxxx> wrote:
>> If one were trying to disrupt the IETF, mount a DoS
> attack, or impose large costs on the community, the need
> to work that far in advance would be a significant
> deterrent given that other, faster and easier mechanisms
> are readily available.
>
> There are national-scale attackers which probably find it
> cheap to get people doing this.
I wasn't commenting on "cheap". I contend that either the
scenario Alissa explained or my "just attack the IETF's
decision-making mailing list" one would be cheap. The question
is whether an attack on the recall procedure would be
sufficiently more attractive way to attack the IETF (by someone
motivated to that - state actor or otherwise) to justify the
needed eight months or a year of advanced planning rather than
getting more or less instant gratification. My guess is no,
but there may be circumstances and scenarios I haven't thought
about and, as you say, YMMD.
> It's not a threat model I worry about but YMMV.
Yep.
john
