At 17:07 28-02-2013, Eric Burger wrote:
I think the point is we have a clue, and we disagree. What is a
person without a clue to do?
The person can convince Alissa and Hannes to suggest text. :-)
At 17:14 28-02-2013, David Singer wrote:
I think you're being a bit brief here. It's not a security problem
with the design of the protocol; if it carries data in the clear, it
never pretended to be secure. It's a problem that it was the wrong
protocol to be used, for sure. We're concerned about intrinsic
security and privacy problems in our specifications, not the mis-use
of them (though we can warn, I guess).
Sorry about that. There is usually a security policy. This is not
part of the protocol; it's about what security measures should be taken.
ditto. There was nothing wrong with the design of the unencrypted
line; it was the wrong 'protocol' to use.
Yes. The issue is related to information classification and disclosure.
BTW, the cases can be argued both ways. Given that privacy is
complex it is easier to explain some points in terms of security.
Regards,
-sm
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
