On 02/01/2014 16:27, Dave Crocker wrote:
> On 1/1/2014 7:11 PM, Ted Lemon wrote:
>> We used to routinely handwave about security. We've gotten better
>> about that. RFC3552 is why.
>
>
> No it's not.
>
> It's useful, but had nothing at all to do with the strategic change.
> That came much earlier and was the result of policy changes in IESG
> requirements on specs.
Yes. As I mentioned in Vancouver, it was RFC 2316 that stated an aspiration
and RFC 3365 that set technical requirements (whereas 3352 set writing
requirements; I should have mentioned that too). Surely the present draft
is only trying to state the aspiration - there's a lot more work to do before
the rest is ready to publish.
Brian
>
> The real lesson from that was the remarkably vague and obstructionist
> process that took place for years, until we started getting concrete.
>
> The RFC is the result of that realization. In other words, it's not
> that it enabled less handwaving but that the realization we needed to
> stop handwaving that enabled it.
>
> Note that the current draft lacks any specificity and, therefore, leaves
> us with a similar vagueness as we used to have about security
> considerations.
>
> To repeat from earlier: the draft's goal and the draft are worthy for
> pursuit, but we are currently clueless about how to apply it.
>
> Clueless.
>
> d/
>