On 1/31/11 6:51 PM, Cullen Jennings wrote: > So first, we already have a BCP that says more or less all protocols must implement a secure version but deployment is optional. This is a good BCP, and it comes from the right area to say that - security. It's probably impacts design work in working groups more than any other BCP. It has IETF consensus. The IESG holds protocols to this. But this isn't only about IETF process. You just asked about why the IETF is special and why 3GPP shouldn't be treated on equal footing. Well, then what about ITU, ISO, W3C, and Joe's Standards Body? > Now - I am at loss to see why forcing people to use one port will make it more likely to have secure protocols. This seems crazy. Please do enlighten me. The vast majority of the requests I see have 0 security built in until I ask the question. A few come back with a plan. Take away that lever and I don't even get to ask the question. > And on the topic, I'm still looking forward to an explanation of how the current CoAP design stomping all over the TLS code points would be an acceptable design. I missed a step there? CoAP? _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf