On 05/04/15 15:37, Juliusz Chroboczek wrote:
>> a plan of the form "produce base spec RCC and only then start to think
>> about security" will get pushback from me.
> 
> Why?
> 
> (If the answer is "read BCP 61", I'll do that, but not right now.)

Partly that and partly the horrible experience with years of delay
with RPL. I inherited a DISCUSS on the base RPL spec in March 2011
from the previous security AD. I can't remember how much that delayed
the base RPL spec, maybe a year or so until we worked out a plan that
was going to not result in security being ignored. And their security
analysis RFC (7416) was only published in Jan 2015. And there was
loads and loads of gnashing of teeth in between for everyone involved.
And I also think the final result would have been better had the
security work been done up front whilst they had more energy and
motivation.

S.

> 
> -- Juliusz
> 
> _______________________________________________
> homenet mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/homenet
> 
> 

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to