Sent from my iPad > On 8 Dec 2013, at 21:27, "Brian E Carpenter" <brian.e.carpenter@xxxxxxxxx> wrote: > >> On 09/12/2013 09:34, Stephen Farrell wrote: >> >>> On 12/08/2013 05:56 AM, l.wood@xxxxxxxxxxxx wrote: >>> Stephen, >>> >>> I've no idea what you think you mean when you say 'moving beyond >>> mandatory to implement'. My take is that encryption should never be >>> mandatory to implement. >> >> MTI security is what's called for by BCP 61. Sometimes the MTI >> security for a protocol will involve confidentiality, other >> times (e.g. routing protocols) it has tended not to. So your >> "take" is at odds with long standing IETF BCPs. > > And just to repeat an earlier discussion: > > MTI != MTIMC != MTEBD != MTD > > Mandatory to Implement > Mandatory to Implement and Make Configurable > Mandatory to Enable by Default. > Mandatory to Deploy > > These distinctions matter. The first three are requirements on > coders and vendors, that we can include in IETF standards. Remembering of course that some platforms which wish to use the Internet simply do not have the capability for other than a very tiny very basic stack. I always use the PIC and the Arduino to remind myself what the lower end of the franchise looks like. -Stewart > The last one is a requirement on operators, who will do what > they think best or what local laws force them to do. > > Brian