Ben, The document at least should describe what the residual vulnerability is if the client does not take appropriate/recommended action.
-----Original Message----- From: Trans [mailto:[email protected]] On Behalf Of Ben Laurie Sent: Wednesday, February 18, 2015 11:25 AM To: Karen Seo Cc: [email protected] Subject: Re: [Trans] updated attack analysis On 17 February 2015 at 19:04, Karen Seo <[email protected]> wrote: > Folks, > > Sorry if my message implied that I thought the text was in its final > form. I agree that there is not yet consensus on the text/topic and > that further work is needed. However, if the working group agrees that > the threat analysis should be added to 6962, then I believe it would > be more expedient if the text were incorporated into 6962-bis sooner rather > than later. > Anyone who reviews 6962-bis will then likely review this text, > increasing the number of eyes on it. And having the threat analysis > in the draft will hopefully facilitate its use in ensuring that the > document is consistent/correct/complete. Perhaps we could incorporate > the next revision of the text with any remaining unresolved comments > placed in the issue tracker? What do folks think? I would happily use it as a starting point for text in 6962-bis, but I would feel compelled to remove text that attempts to force issues which the WG has already decided to defer to later documents (such as the definition of a gossip protocol), or has decided it does not have jurisdiction over (such as client behaviour). _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
