On 29/07/16 12:23, Eran Messeri wrote:
It seems to me that:
- James is hinting the redaction mechanism as specified does not redact
"enough" (this problem is exacerbated by the lack of a proper threat
model - i.e. the attacks it should defend against and attackers'
capabilities) .
- Ryan is saying that it's hard to evaluate the technical suitability of
the specified redaction mechanism since discussions around policy and
redaction of other fields did not take place.
- There's otherwise no endorsement of this mechanism from any party with
an interest in redaction.
All of this suggests that name redaction, as currently specified, is a
compromise that pleases no-one and there's not enough feedback to
significantly improve it.
Did I get this right?
Yes. Good summary.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
