> > Date: 2005-06-23 12:45 > > From: Ned Freed <ned.freed@xxxxxxxxxxx> > > Which in turn works because there are always security considerations - the > > closest thing to valid empty security considerations section we have is one > > that says "this entire document is about security". A section that simply says > > "there are no security considerations here" is invalid on its face and > > indicates insufficient review has been done. > Possible counterexamples: > RFC 2234: > Security is truly believed to be irrelevant to this document. I remember this one. The validity of this statement was in fact questioned and discussed. > RFC 3935: > Considering security is one of the core principles of sound network > engineering for the Internet. Apart from that, it's not relevant to > this memo. First, saying that "security is a core principle" is hardly equivalent to saying "there are no security considerations". In fact it is pretty much the opposite. Second, I actually think this is a case where some discussion of how security relates to the mission of the IETF would actually have been appropriate. Had I been on the IESG at the time I would have voted DISCUSS on this one, but because the section is IMO incomplete, not because it says there are no security considerations. In any case, you've found one document where there arguably were no security considerations. Fine, so I should have said "almost always" instead of "always". It's still a red flag when a document says there's aren't any security considerations because such documents are rare. But documents not having IANA considerations are very common, so the same princples don't apply. Ned _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf