On 11/06/14 15:54, Joe Touch wrote: > > > On 6/7/2014 6:20 AM, Stephen Farrell wrote: >> Yes, source addresses leak information that affects privacy. But >> we do not have a practical way to mitigate that. So therefore >> BCP188 does not call for doing stupid stuff, nor for new laws of >> physics (unlike -04 of the draft we're discussing;-) > > Again, BCP188 does not *call* for doing anything. There are no SHOULD- > or MUST- level requirements in that doc. Let's please not wave it in the > air as if there are.
I don't buy that argument at all and didn't wave anything anywhere. BCP188 very clearly says: Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible. and Those developing IETF specifications need to be able to describe how they have considered PM, and, if the attack is relevant to the work to be published, be able to justify related design decisions. This does not mean a new "pervasive monitoring considerations" section is needed in IETF documentation. It means that, if asked, there needs to be a good answer to the question "Is pervasive monitoring relevant to this work and if so, how has it been considered?" Reverting to RFC2119-keyword-lawyering is not IMO credible here. S. > > Joe > > _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
