On Aug 30, 2011, at 2:02 PM, Eric Burger wrote: > Note the language >> "MUST implement, SHOULD use" is a common compromise. > ^^^^^^^^^^^ > > This is my heartache. Why is it a compromise? Most use of SHOULD I run into > in WG's is either this precise one: > I don't want to make this a MUST use, because I will have deployments > *THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were. > Example: instant messaging systems for enterprises where tapping is a legal > requirement, not something to be avoided. > Example: instant messaging systems deployed where governments want to do > warrantless, undetectable tapping > > I would offer neither of these examples are Internet examples, and we should > get some iron underpants on and say so.
Mumble. I fundamentally don't buy the argument that things that are used on both local networks and the Internet should not be subject to Internet-strength security. And even where recording is a legal requirement, that's NOT an argument for sending traffic in cleartext or with weak encryption. That might be an argument for some kind of backdoor - e.g. a trusted proxy or key escrow or whatever, but it's not an argument for making the traffic available for those without a legal need to see it. > SHOULD should neither be a crutch for making a proprietary protocol look like > an Internet protocol nor for making two proprietary protocols look like a > single, Internet protocol. agree. Keith
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf