I have recently started looking at this NG. I saw some postings on "Security" and some thoughts expressed on the subject. May be this is not the right forum for it, but I will say on the subject; and may be we can move it to another dedicated active IETF place for security discussion if one exists. I have quickly combed the IETF site for Security work. It seems distributed in various places, not interrelated in an obviously coherent way. For instance I found the following. o- A security Area, and an IPsec Policy WG within it. o- A Policy Framework WG within the Ops and Mngmt area; and some work on QoS Policy within it. There are perhaps historical reasons for this, but no obvious rationale. It would seem to make sense if there were a Security Policy working group; and IPSec Policy would extend that work as a particular instance. It is just as the Policy Framework is extended (particularized) by the IPSec Policy or QoS Policy. This would determine a bigger scope for Security work at IP layer but not tie it, at the outset, to a particular protocol like IPSec at that layer. Thanks and Regards Rahim Note: My thoughts are personal to myself, and do not represent my employer.