Re: [savi] Status of draft-ietf-savi-threat-scope

Jari Arkko <jari.arkko@piuha.net> Mon, 30 May 2011 15:55 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACFBE06A2 for <savi@ietfa.amsl.com>; Mon, 30 May 2011 08:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.539
X-Spam-Level:
X-Spam-Status: No, score=-102.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3obdopksLFEj for <savi@ietfa.amsl.com>; Mon, 30 May 2011 08:55:19 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by ietfa.amsl.com (Postfix) with ESMTP id C55D2E0795 for <savi@ietf.org>; Mon, 30 May 2011 08:55:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 1C8162CC49; Mon, 30 May 2011 18:55:17 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZE6ZbBTpv7n; Mon, 30 May 2011 18:55:16 +0300 (EEST)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 5BD282CC2F; Mon, 30 May 2011 18:55:16 +0300 (EEST)
Message-ID: <4DE3BDE4.2040909@piuha.net>
Date: Mon, 30 May 2011 18:55:16 +0300
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.24 (X11/20101027)
MIME-Version: 1.0
To: "Joel M. Halpern" <jmh@joelhalpern.com>
References: <20110526184749.21820.68101.idtracker@ietfa.amsl.com> <4DE34147.8070103@piuha.net> <4DE3A604.8080807@joelhalpern.com>
In-Reply-To: <4DE3A604.8080807@joelhalpern.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-savi-threat-scope@tools.ietf.org, SAVI Mailing List <savi@ietf.org>
Subject: Re: [savi] Status of draft-ietf-savi-threat-scope
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2011 15:55:20 -0000

Joel,

> As I have said, i am happy to make most of the changes.
> However, there are two changes requested by Ralph that change the 
> scope in a way that I do not feel I (or you) can call for.
> I have been awaiting the Chair's review on these two substantive issues:
>
> 1) The issue of analysis of the effect of SAVI, and what threats 
> remain after SAVI was requested by Stephen.  I pointed out that this 
> is not in scope for the document, and he said that he wanted it 
> anyway.  I punted to you and the chairs.  I believe it would take WG 
> agreement, AD agreement on scope change, and chair direction, before I 
> can make that change.

My opinion is that this document should NOT do that analysis or attempt 
to find out precisely what residual threats are after some set of SAVI 
tools have been implemented in a network. I think we touched upon it in 
the call, but I  can talk to Stephen about it.

> I am not sure whether Ralph's request for "more details" is arelaly a 
> discuss, or a suggestion to ask him for and consider more text.  I am 
> certainly willing to talk with him about it.  But I would need to 
> temper any such evaluation with the fact that folks asked us to CUT 
> substantial portions of text in the last review.

OK. Its certainly bit of a borderline as a discuss. He wants more 
precise description and in some cases more text. From my read many of 
the points that he makes seemed reasonable. If I was the author I would 
go through his specific requests and see which ones made sense (while 
remembering the feedback you've gotten from other folks).

You do not have to implement verbatim everything that the IESG reviewers 
ask for. Please fight back if the requests do not make sense. I thought 
I was asking for that, actually.

Jari