On 1/1/2014 7:11 PM, Ted Lemon wrote:
We used to routinely handwave about security. We've gotten better about that. RFC3552 is why.
No it's not.
It's useful, but had nothing at all to do with the strategic change.
That came much earlier and was the result of policy changes in IESG
requirements on specs.
The real lesson from that was the remarkably vague and obstructionist
process that took place for years, until we started getting concrete.
The RFC is the result of that realization. In other words, it's not
that it enabled less handwaving but that the realization we needed to
stop handwaving that enabled it.
Note that the current draft lacks any specificity and, therefore, leaves
us with a similar vagueness as we used to have about security
considerations.
To repeat from earlier: the draft's goal and the draft are worthy for
pursuit, but we are currently clueless about how to apply it.
Clueless.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net