>> while i appreciate joe's listening to my other comments on the draft, i
>> still strongly object to publication of this draft as an rfc for the
>> reasons made very clear in the sec cons. please read the summary
>> section of rfc 2804.
>
> While the RFC should not be materially misleading, I don't think there
> is a requirement for Informational RFCs to guarantee any particular
> level or security or privacy.
that the draft now tries to slide by as info does not change that it
specified protocol elements and how they are to be used. and the draft
makes very clear that this is juristiction specific and a serious
privacy problem.
> RFC 2804 is about
i am very well aware what 2804 contains
> RFC 2804 doesn't seem to me to be particularly applicable.
i disagree. i believe the first two bullets in section one are very
applicable to joe's draft.
- The IETF, an international standards body, believes itself to be
the wrong forum for designing protocol or equipment features that
address needs arising from the laws of individual countries,
because these laws vary widely across the areas that IETF standards
are deployed in. Bodies whose scope of authority correspond to a
single regime of jurisdiction are more appropriate for this task.
- The IETF sets standards for communications that pass across
networks that may be owned, operated and maintained by people from
numerous jurisdictions with numerous requirements for privacy. In
light of these potentially divergent requirements, the IETF
believes that the operation of the Internet and the needs of its
users are best served by making sure the security properties of
connections across the Internet are as well known as possible. At
the present stage of our ignorance this means making them as free
from security loopholes as possible.
randy