"Choudhary, Abdur R (Rahim)" <arc@lucent.com> writes: > Thank you for the input. I did not mean to suggest that there ought > to be competing Security Policies at layer 3. What I did mean to > suggest is that, the Security is a fairly dynamic field at this > time. We expect that the requirements and operational environment > will change, and do so at a speed that might not be slow enough for > the current approach that IETF seems to have taken. For instance try > to see how the approach would accommodate requirements for "Security > Auditing in VoIP". 1) The IETF is not a monolithic entity. It is a group of engineers. If you wish to propose a new security protocol, nothing prevents you from doing so. If consensus is that it is good, it would even end up published as a standard. 2) Repeating: the IETF does not have an "approach". It is a group of engineers, not an organism. It does not have a single opinion. It has a set of documents it has produced. 3) Additional bureaucracy, etc., in designing security protocols is unlikely to improve security. 4) Additional "frameworks", etc., are unlikely to help. 5) Additional committees are also unlikely to help. 5) Vague comments about "the dynamic nature of the Security requirements" are unlikely to illuminate anything. They have all the content of political speeches without the entertainment value. 6) It is easiest in life to accomplish by doing something rather than proposing that someone ELSE do something. What produces successful new protocol work? Lots of hard thinking (security is frequently a hard problem) and running code, followed by rough consensus based documentation and standardization. Unfortunately, it is much easier to engage in vague discussion or proposals than to think, and far easier to propose bureaucracies than to write code. Perry