Re: [saag] draft-mm-wg-effect-encrypt-03

[<nalini.elkins@insidethestack.com>]

Stephen & Al,
My comments inline. Thanks,
Nalini ElkinsInside Products, Inc.www.insidethestack.com(831) 659-8360

      From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
 To: Stephen Farrell <stephen.farrell@cs.tcd.ie>; "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>; "saag@ietf.org" <saag@ietf.org> 
 Sent: Sunday, October 16, 2016 10:19 AM
 Subject: RE: [saag] draft-mm-wg-effect-encrypt-03
   
>Hi Stephen, thanks for sharing an example that needs fix.
>I re-worded a paragraph that repeated statements
>from an earlier section. I believe Nalini was describing
>current capabilities, and implying a gap if there is 
>no replacement to aid network management in the future.
>This is the fundamental tension, as I understand it.
Definitely.    Sorry if the wording is awkward.   I was trying to not imply any solutions as that is not in the spirit of this draft.
I hope that the many issues (including a few of the ones that I suggested) in network management and diagnostics that have been pointed out by this draft will spark the conversation about how we might go about resolving them.   Maybe this is new tools, strategies or protocols.

>>Stephen wrote:
>> What is the goal of this text? Is it to a) describe current
>> or historic practice or b) describe the changes that are
>> needed when we properly protect things or c) argue that MITM
>> behaviour is somehow necessary or correct?
>>
>> I think if the goal were (a) or (b) we would not use the language
>> above ("valuable asset"), so I'm left wondering if this text is
>> really aimed at (c).

>I agree to substitute another phrase for "valuable asset"
>since it's distracting; "current capability" or other, WFM.
>I didn't write "is a required capability", that would be 
>more consistent with goal c).

>Clearly, changes in current management practices will be needed,
>and that process could be more efficient with constructive input
>from all involved. Understanding the many gaps is the first step,
>and IMO, what this memo is about.  No arguing for solutions,
>MITM or otherwise.

>I hope this helps,
>Al


> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Sunday, October 16, 2016 10:58 AM
> To: MORTON, ALFRED C (AL); nalini.elkins@insidethestack.com;
> saag@ietf.org
> Subject: Re: [saag] draft-mm-wg-effect-encrypt-03
> 
> 
> Hi Al,
> 
> I've a general question about this text but will just use the
> one example below. There are other examples in the text you
> just sent to the list...
> 
> On 16/10/16 15:36, MORTON, ALFRED C (AL) wrote:
> > For an enterprise to avoid costly application down time and deliver
> > expected levels of performance, protection, and availability, some
> > form of traffic analysis sometimes including examination of packet
> > payloads can be a valuable asset.
> 
> What is the goal of this text? Is it to a) describe current
> or historic practice or b) describe the changes that are
> needed when we properly protect things or c) argue that MITM
> behaviour is somehow necessary or correct?
> 
> I think if the goal were (a) or (b) we would not use the language
> above ("valuable asset"), so I'm left wondering if this text is
> really aimed at (c).
> 
> My understanding is that this draft aims at a mixture of (a) and
> (b), and I would have a problem with anything that seems to me
> like it has goal (c).
> 
> To be clear: if asked to sponsor a document as AD I will not
> start a last call for anything with chunks of text that I think
> has goal (c). Goals (a) and (b) are of course useful so I'd be
> happy to progress such a document. I hope you and Kathleen take
> that into account when doing edits to the draft so that we can
> all save ourselves some cycles and angst:-)
> 
> Thanks,
> S.
> 
> PS: I realise that this is your initial edit of Nalini's text so
> it could be that additional edits are all that's needed here.
>