Re: what is a threat analysis?

[Brian E Carpenter <brc at zurich.ibm.com>]

Ned Freed wrote:
> > Brian E Carpenter wrote:
> > > Michael, you've had some quite concrete responses which I hope
> > > have clarified things, but I really want to say that making
> > > Internet protocols secure isn't a hoop jumping exercise; it's
> > > more like a survival requirement, and has been for ten years
> > > at least.
>
>
> > Where did I say that?
>
>
> Of course you didn't, and the implication that you did say that was 
> nothing but
> a strawman, a tactic I'm sad to say often seems to crop up in 
> discussions on
> the IETF list.

Excuse *me* but Mike's note that I was responding to said (in part):

> So, if this is going to be yet another hoop that the IESG and IAB
> sends working groups through like problem statements, requirements
> documents and the like, I think it ought to be incumbent on
> those people demanding such things to actually both agree and
> document what it is that they are demanding.

He explicitly raised the question of hoop jumping, which for me at
least carries a strong implication of pointlessness. That's what
I was responding to.

More recently he said:

> Do you seriously think you could write a "threat analysis"
> given the definition in 2828?

which reads
  "$ threat analysis
       (I) An analysis of the probability of occurrences and consequences
       of damaging actions to a system."

As a glossary definition, that seems admirably clear. For a complex case,
I'd expect to ask some experts for help in determining the type of
threats to be considered in particular. And I would study 3552 carefully,
warts and all. But the bottom line is that this is hard work to get
right - compare the Security Considerations of RFC 3056 with RFC 3964
for example.

    Brian


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf