Hi Carsten, Ludwig, I think removing the discussed is not an option as the whole discussion was about "something needs to be said" but not being clear about what this is.
On 2021-07-10, Carsten Bormann <[email protected]> wrote: > Maybe we can combine these two into one sentence that covers a common > requirement? The result would be text that makes a profile document its security requirements and a new profile that combines existing profiles to document how the combination meets these requirements. >From Francesca's previous proposal and your previous proposals this could be: NEW^n+1: There may be use cases where different transport and security protocols are allowed for the different interactions, and, if that is not explicitly covered by an existing profile, it corresponds to combining profiles into a new one. For example, a new profile could specify that a previously-defined MQTT-TLS profile is used between the client and the RS in combination with a previously-defined CoAP-DTLS profile for interactions between the client and the AS. The new profile that combines existing profiles MUST specify how the existing profiles' security properties are achieved. Any profile therefore MUST clearly specify its security requirements and MUST document if its security depends on the combination of various protocol interactions. Grüße Olaf _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
