----- Original Message ----- From: "Barry Leiba" <barryleiba@xxxxxxxxxxxx> To: "t.p." <daedulus@xxxxxxxxxxxxx> Cc: "IETF discussion list" <ietf@xxxxxxxx> Sent: Monday, October 14, 2013 4:31 PM > > I find the security considerations in this registration rather weak. > > What might have sufficed in 2005 seems to me inadequate for 2013. I > > would expect a clearer statement of what are or are not considered > > threats or attacks and what mitigations there then are for them. > > Tom, do you have specific suggestions for the authors in this regard. Looking at an unrelated media/type RFC, it starts with The main security considerations for the .... payload format defined within this memo are confidentiality, integrity, and source authenticity. which is the sort of beginning I expect a Security Considerations to have in 2013, then going on to say which are relevant here and how they might be mitigated - CMS, IPsec, TLS; or not as the case may be. I see this type as one for database data and so requiring more careful consideration than, eg, text/plain, as used for messages like this one. Tom Petch > > Barry >