>>>>> "Gray," == Gray, Eric <Eric.Gray@xxxxxxxxxxx> writes:
Gray,> Sam, There can be some drawbacks to mandating that
Gray,> implementations must include the "XYZ security" protocol.
Gray,> For example, there may be some niche deployment
Gray,> opportunities with a trust model that does not need any
Gray,> form of security and implementations may be tailored for
Gray,> those deployments by simply omitting the "mandated"
Gray,> security mechanism. In this situation, the "XYZ security"
Gray,> protocol will come to be directly associated with a certain
Gray,> cost that users may not be willing to pay in every case and
Gray,> - so - it will be omitted in at least some cases.
I understand this argument, and it is much more general than security.
However it is not how the IETF works.
The goal of an IETF spec is that you can take any two implementations
and use them together. They may not support all features but they
will work together. Security is not a feature, it is a requirement.
--Sam
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf