I have recently started looking at this NG. I saw some postings on "Security" and some
thoughts expressed on the subject. May be this is not the right forum for it, but I
will say on the subject; and may be we can move it to another dedicated active IETF
place for security discussion if one exists.
I have quickly combed the IETF site for Security work. It seems distributed in various
places, not interrelated in an obviously coherent way. For instance I found the
following.
o- A security Area, and an IPsec Policy WG within it.
o- A Policy Framework WG within the Ops and Mngmt area; and some work on QoS
Policy within it.
There are perhaps historical reasons for this, but no obvious rationale.
It would seem to make sense if there were a Security Policy working group; and IPSec
Policy would extend that work as a particular instance. It is just as the Policy
Framework is extended (particularized) by the IPSec Policy or QoS Policy. This would
determine a bigger scope for Security work at IP layer but not tie it, at the outset,
to a particular protocol like IPSec at that layer.
Thanks and Regards
Rahim
Note: My thoughts are personal to myself, and do not represent my employer.
