Hiya, Just on one topic...
On 05/04/15 14:56, Juliusz Chroboczek wrote: > I'd like the charter to clearly state that security considerations are > outside the scope of the base spec. FWIW, and wearing my security AD hat, I can guarantee that would generate pushback. We have BCPs that say we don't do that, e.g. BCP61 and others. And the effort to get RPL to consider this properly added quite a bit of delay for that WG partly because they wanted to take the approach of doing security later which isn't really a good plan IMO. And of course results tend to be mediocre as well when folks take the "graft on security later" approach. You may have an argument that that approach has already been taken, but how we handle that is IMO one of the differences between the ISE stream and IETF stream, esp. standards track. Security in environments like this is tricky though I agree, esp when one considers the impacts of the various security mechanisms at the various layers. But that just does not mean that it's ok to ignore those issues. S. PS: The above does not mean that I think it's a problem if a WG want to produce a base spec and some other RFC that has the security analysis and defines useful security mechanisms. IMO so long as those are done at the same time, and so long as the security mechanisms have the the 2119 keywords associated that are justified by the security analysis, then that's just fine. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
