On 9/10/14 8:08 AM, Stephen Kent wrote: > As I noted earlier, there is no threat model for the CT mechanism. > > And there is no mapping of CT to the threat model. > > We usually do not standardize security mechanisms when these two > critical elements are missing.
Steve, I think this is a bit of an overstatement of the role of thread models in the process. The IETF has recently fallen into a few process habits that aren't supported by any formal changes. Some are good, some are awful. The development of threat models and discussion of a given mechanism within the framework of a threat is a good process habit and one we'd encourage, but is not necessarily required. As an aside, I'd be grateful if tone could be ratched back a notch. It's not just that we're working cooperatively to produce a document and a combative tone makes it more difficult to reach agreement, but that there's been concerned expressed within the IESG that harshness and/or combativeness can drive away new participants and people who'd otherwise be willing to do work. You're raising good points and they need to be addressed, but it would be better if they were expressed in a way unlikely to put their recipients into a defensive posture. Thanks, Melinda _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
