I've got the last 2 decades of experience trying to deal with security on the network. 95% is dealing with the peculiarities of the "bolt-on" after-thoughts. I would much prefer seeing security designed-in, with the flexibility to deal with the future... ________________________________________ From: ietf-bounces@xxxxxxxx [ietf-bounces@xxxxxxxx] On Behalf Of RJ Atkinson [rja.lists@xxxxxxxxx] Sent: Thursday, February 23, 2012 8:59 AM To: ietf@xxxxxxxx Subject: Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis) On 23 Feb 2012, at 11:13 , Julian Reschke wrote: > On 2012-02-22 18:01, RJ Atkinson wrote: >> Security that works well and is practical to implement >> needs to be designed-in, not bolted-on later. > > I would say: security needs to be orthogonal. There are at least 2 decades of experience that security has to be design-in, rather than bolted-on, for it to work well -- and for it to be practical to implement. I hear that you don't agree, but the IETF experience on this specific point really is quite clear. Add-on security doesn't work. Yours, Ran _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf