On Mon, May 27, 2013 at 7:54 PM, Randy Bush <randy@xxxxxxx> wrote: > while i appreciate joe's listening to my other comments on the draft, i > still strongly object to publication of this draft as an rfc for the > reasons made very clear in the sec cons. please read the summary > section of rfc 2804. While the RFC should not be materially misleading, I don't think there is a requirement for Informational RFCs to guarantee any particular level or security or privacy. RFC 2804 is about the security of communications content, not the security of statically stored address information. I'm not denying the applicability of some security considerations, I'm just saying that RFC 2804 doesn't seem to me to be particularly applicable. In any case, the final part of the summary section of RFC 2804 calls for the publication of specifications that might affect security. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@xxxxxxxxx > randy