> Given the two choices, I actually prefer > security-by-reference because it points out the similarity of > what we are doing to other protocols.
I agree. It's also a good practice to have only one authoritative source that talks about a topic, especially when that source has already been through the RFC approval process. -Scott-