On Fri, Sep 6, 2013 at 12:16 PM, SM <sm@xxxxxxxxxxxx> wrote:
In a Last Call comment a few months ago it was mentioned that a specification takes the stance that security is an optional feature. I once watched a Security Area Director spend thirty minutes trying to explain to a working group that security feature should be implemented. If I recall correctly the working group was unconvinced.
Would the community raise it as an issue during a Last Call if a proposed protocol did not have strong security features? It's up to the reader to determine the answer to that.
It is tragic if the community does understand strong encryption is essential in many cases (with the caveat that it is not a panacea for all security breaches) As for raising issues at the last-call. Why not ? The last-call is no different than any other mailing list discussion or going to the mic in a physical meeting. (Other than the urgency of having the last chance to comment ?)
-- Vinayak