Hiya, On 14/10/15 20:57, heasley wrote: > Wed, Oct 14, 2015 at 09:44:01AM -0700, Stephen Farrell: >> And introducing new protocols without improving that >> goes against very long held IETF consensus that protocols >> need to have some actually usable strong security mechanism >> defined. It seems the wg here get that but are choosing to >> do nothing about it - I mean in their day-jobs, not that >> writing RFC text is "doing something." The responses to the >> secdir review seem to make it clear that the claim that >> IPsec can be used is mythical, so this discuss to ask that >> the security considerations properly document the utter >> absence of any modern way to secure this protocol and not >> pretend that there are ways that can be used to secure this >> in the real world. > > I'd be happy to see the addition of TLS support in a future document. I > also do not want TLS use to be required and I would like to see this > draft move forward without TLS.
My non-blocking comment asks about the why of that, which I really do not get, it's not like it's hard or new. But the DISCUSS from me is about truth in advertising - if the WG are presenting this as something that cannot in practice be secured (which is how I read the secdir thread) then that should be what the document says. (See my suggested text.) S. > _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow