Eran Hammer <[email protected]> writes:
> We've been kicking this can of silliness for months now because one
> person refuses to move on even in the face of otherwise unanimous
> consensus from the group.
>
> Chairs - Please take this ridiculous and never ending thread off list
> and resolve it once and for all.
Sure, I'll gladly stop the thread when the document is updated to
actually mention all threats that someone has considered and brought to
the group's attention. That *is* the point of a threats document, after
all.
In a threats document nothing should be implicit or assumed -- the
reader does not have the advantage of our group's knowledge of the space
or operational guidance. As a result, everything should be explicitly
stated.
Every threat that is brought to the attention of this gorup should be
mentioned, explicitly, even if it's only a single sentence as part of a
paragraph of "threats that fall outside the aforementioned assumptions"
or "threats that have a simple workaround".
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
