It is a shame that this opportunity was not taken to highlight the need for authentication. Having a totally secure channel with perfect encryption is of little value if the other end of the channel is a hostile power. RFC3365, which you cite, gets in right (of course!). It lists three requirements and top of the list - Authentication service. It may of course be that the author was only putting the requirements in alphabetic order but whatever the reason, the emphasis is appropriate. Tom Petch ----- Original Message ----- From: "IETF Chair" <chair@xxxxxxxx> To: <ietf@xxxxxxxx>; <ietf-announce@xxxxxxxx> Sent: Sunday, September 08, 2013 10:53 PM Here are some thoughts on reports related to wide-spread monitoring and potential impacts on Internet standards, from me and Stephen Farrell: http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ Comments appreciated, as always. Jari & Stephen