Joel,
Thanks for the quick reply.
...
Which RFC mandated this? My guess is NONE.
the recommendation comes from nist 800-131A and 800-57 I'd link to them if the
nist website were up but it isn't.
OK, then, as I suspected, this is not the result of any RFC.
I'm not particularly enamoured of the idea the the IETF is the sole or
even principle arbiter of industry consensus, so lets assume that it
isn't. Whether you want to pay the cpu consumption tax or not, there's
enough industry consensus on the subject that you don't have a choice.
I agree that the IETF is not an arbiter of industry consensus. The
question being debated on this
list is whether it ought to become more of an arbiter of what users and
service providers do,
by mandating use of security mechanisms, vs. just offering specs for
interoperable mechanisms.
BTW, who got to form the industry consensus this time? How many folks,
and in what venue?
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
