IETF Logo Mail Archive

Re: [perpass] draft-farrell-perpass-attack architecture issue

Jari Arkko <jari.arkko@piuha.net> Sun, 19 January 2014 13:04 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF061ADF26; Sun, 19 Jan 2014 05:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T53WdogRp6qs; Sun, 19 Jan 2014 05:03:59 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 73E2B1AD7C1; Sun, 19 Jan 2014 05:03:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id C73232CC5F; Sun, 19 Jan 2014 15:03:43 +0200 (EET)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywbBqCZpZdIN; Sun, 19 Jan 2014 15:03:43 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 3441D2CC48; Sun, 19 Jan 2014 15:03:43 +0200 (EET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <CAPv4CP-1G3ff9SovQ5-puSbDhcznmLY2LDquNv+BCN9Xpk9trw@mail.gmail.com>
Date: Sun, 19 Jan 2014 15:03:43 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <00DB0CC4-5E6A-483C-8E18-B24526CAED71@piuha.net>
References: <52D43E69.6090001@cs.tcd.ie> <C19E19BF-B9A2-4EEB-8E77-DF0CAD548277@cisco.com> <CAPv4CP-1G3ff9SovQ5-puSbDhcznmLY2LDquNv+BCN9Xpk9trw@mail.gmail.com>
To: Scott Brim <scott.brim@gmail.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, "Fred Baker (fred)" <fred@cisco.com>, IETF-Discussion <ietf@ietf.org>
Subject: Re: [perpass] draft-farrell-perpass-attack architecture issue
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jan 2014 13:04:02 -0000

> The main problem is that: privacy issues are deeper than that, the
> question could be misunderstood without a larger context, and there's
> already a set of documents discussing most of that larger context (RFC
> 6973, the perpass problem statement draft, etc.).
> 
> The Document Shepherd Write-Up currently doesn't reference security
> guidelines directly. Instead of asking a few specific questions in the
> shepherd's writeup as you suggest, consider adding the privacy/perpass
> docs to BCP 72 (which already includes RFC 3552) as they are approved,
> and then optionally add a question to the shepherd's writeup that
> refers to it, in order to emphasize the increased attention to the
> issue.

FWIW, I do not feel strongly about this topic but my personal opinion is that if we do something with the shepherd write-up, it should be on the general level outlined by Scott above. (But I think the documents themselves are more important than the write-ups. A few years down the road, I'm sure the reader like to know what the thinking on security was on such and such RFC. On any aspect of security, PM or otherwise. When there's something to say, of course, which isn't always.)

Jari

v2.23.0 | Report a Bug | By Email