On 05/04/15 15:37, Juliusz Chroboczek wrote: >> a plan of the form "produce base spec RCC and only then start to think >> about security" will get pushback from me. > > Why? > > (If the answer is "read BCP 61", I'll do that, but not right now.)
Partly that and partly the horrible experience with years of delay with RPL. I inherited a DISCUSS on the base RPL spec in March 2011 from the previous security AD. I can't remember how much that delayed the base RPL spec, maybe a year or so until we worked out a plan that was going to not result in security being ignored. And their security analysis RFC (7416) was only published in Jan 2015. And there was loads and loads of gnashing of teeth in between for everyone involved. And I also think the final result would have been better had the security work been done up front whilst they had more energy and motivation. S. > > -- Juliusz > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet > > _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
