Keith Moore wrote: >>Also from the draft: >>"At least for the strong security requirement of BCP 61 [RFC3365], the >>Security Area, with the support of the IESG, has insisted that all >>specifications include at least one mandatory-to-implement strong >>security mechanism to guarantee universal interoperability." >> >>I do not think this is a factual statement, at least when it comes to >>HTTP, which is where my interest lies. > > note that it is not necessary to have at least one > mandatory-to-implement strong security mechanism to guarantee What, do you mean, strong security? Given that CAs of PKI can be compromised as easily as ISPs of the Internet, PKI is merely weakly secure as weakly as the plain Internet. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf