i had planned to drop the thread, but mirja beat me up for being obscure. so my apologies for trying again. first, i am an amateur here. i do some opsec, have taught, but am not an expert. which is why i passed it to a friend with deeper expertise. embargo periods seem to vary. but my amateur observation is that the mode seems to be 90 days. as long as it is not ridiculous, i would prefer not to have a dog in this fight. but the issue my friend raised which concerns me more is adding more a restrictive "Limitations" section than already covered by law and custom. i am a researcher. i have dabbled in opsec research, and conducted attacks on the live global internet for that purpose, e.g. see [0]. real researchers act responsibly. attackers do not. do not deter and further complicate the lives of the researchers who are trying to help you deter the attackers. the ietf is not a special snowflake, just a noisy one. randy [0] - https://archive.psg.com/181101.imc-communities.pdf
