On 05/01/2014 08:14, Stewart Bryant (stbryant) wrote:
>
> Sent from my iPad
>
>> On 4 Jan 2014, at 16:01, "Stephen Farrell" <stephen.farrell@xxxxxxxxx> wrote:
>>
>>
>>
>>> On 01/03/2014 08:36 PM, Stewart Bryant (stbryant) wrote:
>>> I have been wondering whether a simple update to "A Guide to Writing
>>> A Security Considerations Section" is all that is needed to address
>>> the problem in hand?
>> After a bit of offlist mail with Stewart, it turns out I had
>> misinterpreted the above.
>>
>> I now believe (haven't quite confirmed, but its a fine idea
>> anyway so worth raising here) that what Stewart meant was
>> not to open up 3552 and add this text, (which'd take years) but
>> rather to make the RFC resulting from this draft be just another
>> part of BCP72 (aka RFC 3552).
>
> Yes, that is what I meant. An RFC that says updates RFC3552 in
> the top left corner, and provides advise on this security issue in
> the same manner and style that RFC3552 deals with all the other
> important security issues.
But, RFC 3552 has a lot of technical meat, and RFC 3365 has quite
specific technical content too. I don't see the present draft as being
in that category at all.
I agree that we need equivalents of those two RFCs for this issue.
There's technical analysis heading in that direction in RFC 6973
and there's draft-trammell-perpass-ppa, but work remains to be done.
Brian
Brian