Hiya,

Just on one topic...

On 05/04/15 14:56, Juliusz Chroboczek wrote:
> I'd like the charter to clearly state that security considerations are
> outside the scope of the base spec. 

FWIW, and wearing my security AD hat, I can guarantee that would
generate pushback.

We have BCPs that say we don't do that, e.g. BCP61 and others. And
the effort to get RPL to consider this properly added quite a bit
of delay for that WG partly because they wanted to take the
approach of doing security later which isn't really a good plan
IMO. And of course results tend to be mediocre as well when
folks take the "graft on security later" approach. You may
have an argument that that approach has already been taken,
but how we handle that is IMO one of the differences between
the ISE stream and IETF stream, esp. standards track.

Security in environments like this is tricky though I agree,
esp when one considers the impacts of the various security
mechanisms at the various layers. But that just does not mean
that it's ok to ignore those issues.

S.

PS: The above does not mean that I think it's a problem if a
WG want to produce a base spec and some other RFC that has the
security analysis and defines useful security mechanisms. IMO
so long as those are done at the same time, and so long as the
security mechanisms have the the 2119 keywords associated that
are justified by the security analysis, then that's just fine.

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to