To:
Edward Lewis <lewis@tislabs.com>
Cc:
ietf-provreg@cafax.se
From:
William Tan <william.tan@i-dns.net>
Date:
Wed, 21 Mar 2001 23:39:58 +0800
Content-Disposition:
inline
In-Reply-To:
<v03130300b6de75d069b6@[192.94.214.127]>; from lewis@tislabs.com on Wed, Mar 21, 2001 at 10:26:54AM -0500
Mail-Followup-To:
William Tan <william.tan@i-dns.net>,Edward Lewis <lewis@tislabs.com>, ietf-provreg@cafax.se
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: Design teams
> For the security team, there is one item that seems to need addressing. We > need to identify the threats that the RRP will have to be defended against. > Traffic inspection, modification, etc. are documented means of attack. > What I have in mind are identification of ways that the RRP may be abused > (requesting unauthorized actions, leakage of contact data to spammers, > etc.). I do think that we need a better understanding of the 'privacy' > issue before declaring it of scope of the protocol. By identifying the > threats we can determine which "security" services are needed. > It would be appropriate to define 'privacy' in this context to be an issue of guarding the communication channel from eavesdropping. Let us rest the discussions on country laws and UK's mandatory traffic inspection, though I agree that it is a valid point. wil.