[hrpc] from “Security Considerations” to “Threat Model Considerations”?
Cory Francis Myers <cfm@acm.org> Mon, 06 November 2023 11:46 UTC
Return-Path: <cfm@acm.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64385C16F40E for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 03:46:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6kVy7uPgefW for <hrpc@ietfa.amsl.com>; Mon, 6 Nov 2023 03:46:01 -0800 (PST)
Received: from priority.relay.mayfirst.org (priority.relay.mayfirst.org [162.247.75.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 979E0C15108E for <hrpc@irtf.org>; Mon, 6 Nov 2023 03:46:01 -0800 (PST)
Received: from route.relay.mayfirst.org (route.relay.mayfirst.org [216.66.23.55]) by priority.relay.mayfirst.org (Postfix) with ESMTP id 4SP8gX4DTlz9s5Q for <hrpc@irtf.org>; Mon, 6 Nov 2023 11:46:00 +0000 (UTC)
Received: from filter.mayfirst.org (mailfilter001.mayfirst.org [209.51.169.87]) by route.relay.mayfirst.org (Postfix) with ESMTP id 4SP8gX421Mz7tH9 for <hrpc@irtf.org>; Mon, 6 Nov 2023 11:46:00 +0000 (UTC)
Received: from filter.mayfirst.org (localhost [127.0.0.1]) by filter.mayfirst.org (Postfix) with ESMTP id 4SP8gX09FHz2s for <hrpc@irtf.org>; Mon, 6 Nov 2023 11:46:00 +0000 (UTC)
X-Spam-Language: en
X-Envelope-From: <cfm@acm.org>
Received: from mail.mayfirst.org (mailcf002.mayfirst.org [209.51.163.4]) by filter.mayfirst.org (Postfix) with ESMTPS id 4SP8gW5PdLz2r for <hrpc@irtf.org>; Mon, 6 Nov 2023 11:45:59 +0000 (UTC)
X-Mayfirst-Relay: priority
MIME-Version: 1.0
Date: Mon, 06 Nov 2023 12:45:58 +0100
From: Cory Francis Myers <cfm@acm.org>
To: hrpc@irtf.org
Message-ID: <50c88604c932b712b71eb5bd8034550c@acm.org>
X-Sender: cfm@acm.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/NirTn_Zl5W3TvJlWJ85Vf4_NQA0>
Subject: [hrpc] from “Security Considerations” to “Threat Model Considerations”?
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 11:46:05 -0000
The requirement for a “Security Considerations” section originates in RFC 2223 “Requirements to RFC Authors”. The RFC 7322 style guide adds sections for IANA and internationalization considerations. draft-irtf-hrpc-guidelines (how to think about human-rights considerations) is not quite like RFC 3552 (how to write “Security Considerations” sections)—because the *need* to think about as well as articulate the latter is taken for granted. What would it take to: 1. Add a “Human Rights Considerations” section? 2. Add a “Privacy Considerations” *and* a “Safety Considerations” section (per Stephanie Mikkelson‘s slide today on safety, privacy, security by design[1])? 3. Broaden “Security Considerations” into “Threat Model Considerations”?[2] I’m oversimplifying on purpose! My goal in asking this question is to understand the obstacles to establishing the parity of these criteria with security considerations. If I’m retreading old or fraught ground, as I suspect I may be, I’d welcome pointers into the archives. Sincerely, Cory Myers. [1]: https://datatracker.ietf.org/meeting/118/materials/slides-118-hrpc-unfpa-gbv-tech-guidance-00.pdf (slide 15) [2]: Although this risks framing all of these considerations as strictly meliorative of harms, rather than affirmative protections of affirmative rights.
- [hrpc] from “Security Considerations” to “Threat … Cory Francis Myers
- Re: [hrpc] from “Security Considerations” to “Thr… Eric Rescorla
- Re: [hrpc] from “Security Considerations” to “Thr… hannes.tschofenig
- Re: [hrpc] from “Security Considerations” to “Thr… farzaneh badii
- Re: [hrpc] from “Security Considerations” to “Thr… hannes.tschofenig
- Re: [hrpc] from “Security Considerations” to “Thr… 'Cory Francis Myers'
- Re: [hrpc] from “Security Considerations” to “Thr… Corinne Cath
- Re: [hrpc] from “Security Considerations” to “Thr… Cory Francis Myers