----- Original Message -----
From: "Brian E Carpenter" <brian.e.carpenter@xxxxxxxxx>
To: <dcrocker@xxxxxxxx>
Cc: "IETF Discussion" <ietf@xxxxxxxx>
Sent: Thursday, January 02, 2014 4:31 AM
> On 02/01/2014 16:27, Dave Crocker wrote:
> > On 1/1/2014 7:11 PM, Ted Lemon wrote:
> >> We used to routinely handwave about security. We've gotten better
> >> about that. RFC3552 is why.
> >
> > No it's not.
> >
> > It's useful, but had nothing at all to do with the strategic change.
> > That came much earlier and was the result of policy changes in IESG
> > requirements on specs.
>
> Yes. As I mentioned in Vancouver, it was RFC 2316 that stated an
aspiration
> and RFC 3365 that set technical requirements (whereas 3352 set writing
> requirements; I should have mentioned that too). Surely the present
draft
> is only trying to state the aspiration - there's a lot more work to do
before
> the rest is ready to publish.
And which stream, to use modern jargon, published RFC2316 and at what
status?
Gosh, shock horror:-)
Tom Petch
p.s.
2316 Report of the IAB Security Architecture Workshop. S. Bellovin.
April 1998. (Format: TXT=19733 bytes) (Status: INFORMATIONAL)
>
> Brian
>
> >
> > The real lesson from that was the remarkably vague and
obstructionist
> > process that took place for years, until we started getting
concrete.
> >
> > The RFC is the result of that realization. In other words, it's not
> > that it enabled less handwaving but that the realization we needed
to
> > stop handwaving that enabled it.
> >
> > Note that the current draft lacks any specificity and, therefore,
leaves
> > us with a similar vagueness as we used to have about security
> > considerations.
> >
> > To repeat from earlier: the draft's goal and the draft are worthy
for
> > pursuit, but we are currently clueless about how to apply it.
> >
> > Clueless.
> >
> > d/
> >
>