>>>>> "Keith" == Keith Moore <moore@xxxxxxxxxx> writes:
>> Also from the draft: "At least for the strong security
>> requirement of BCP 61 [RFC3365], the Security Area, with the
>> support of the IESG, has insisted that all specifications
>> include at least one mandatory-to-implement strong security
>> mechanism to guarantee universal interoperability."
>>
>> I do not think this is a factual statement, at least when it
>> comes to HTTP, which is where my interest lies.
Keith> note that it is not necessary to have at least one
Keith> mandatory-to-implement strong security mechanism to
Keith> guarantee interoperability. consider, for example, a
Keith> client-server protocol for which conforming servers are
Keith> required to implement _two_ strong security methods and for
Keith> which clients are required to implement _at least one_ of
Keith> those two methods. this would ensure interoperability even
Keith> though there were no single mandatory-to-implement for
Keith> clients.
The IESG has in fact noted that and brought it up as an option in some
cases.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf