On 9/11/2013 10:14 AM, Zu Qiang wrote: > First of all, I do agree that we may need a security requirement > draft. But I don’t think this draft is ready for WG adoption. At > least my comments in this mail have not been addressed yet. I feel > that there are subtle issues that have not been considered and I plan > to expand it on in a draft which I’m working on.
I don't think that a separate security requirements draft is a good idea, for reasons I've touched upon before. That said, I also find your criteria for draft adoption overly stringent and not particularly consistent with how the IETF does business. It is typically not the case that a draft needs to be publication-ready, or even very mature, for it to be adopted by a working group. It should be in the right general ballpark and have an editor who can be relied upon to record working group consensus in the document. I think it would be fantastic if you and Dacheng got together and drew up some security requirements for inclusion in the requirements documents. Security requirements should not be considered outside the context of other protocol or operational requirements. Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
