> [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Farrell > Dave Crocker wrote: > > The question is whether we are getting comments from the > necessary folk? > > > > The Security Area has a long history of being quite good at finding > > (legitimate) flaws. So the rest of us might well engage in > > super-human diligence and still not satisfy the folks with > an effective veto. > > > > How can we be proactive, in this regard? > > Fair question. Barry and I already did seek some review and > intend asking again when we're at the start of last call. I'd > encourage others on this list to do the same if you can get > additional review of the draft. > > Not sure what more we can do. But suggestions are welcome.
There is a general problem with being sure that threats documents are complete. I still don't think that there is a particularly good methodology for determining coverage and its not for lack of trying. Fortunately it is a little easier to get the threat model past the IESG using the algorithm submit document A, read comments, add threats described in comments to document A to create document B, submit document B. Where things get trickier is in demonstrating that we have successfully covered the threat model. What we need to do is to make it clear that we are proposing an accountability based scheme and not a permissions based one. As such 'threats' need to be considered differently. We are not attempting to develop an infallible security scheme here, in fact the starting point for the design is that there will be failures and the system needs to be robust in order to deal with them. When making steel there is a tradeoff between hardness and britleness. Spring steel is not at all hard but you can strike it with a hammer and it will not break. Cast Iron is very hard, it will not deform under many tonnes of pressure but it will crack if hit very hard. If you want to build complex machines you need both types of material for different purposes. _______________________________________________ ietf-dkim mailing list http://dkim.org
