On 30/01/2014 08:46, Brian E Carpenter wrote:
> On 30/01/2014 05:15, Scott Brim wrote:
>> On Wed, Jan 29, 2014 at 10:57 AM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
>>
>>> I take your suggestion to reduce to a simple guideline:
>>>
>>> The default applicability for an IETF specification is the 'open'
>>> Internet. Any specification intended for more constrained use needs to
>>> describe the constraints. One means of achieving this can be an
>>> "Applicability" section in the specification, with a description of
>>> intended use.
>>
>> +1. Where would you put it?
>>
>
> IMHO it should have been in RFC 1958, and I'm embarassed that
> we missed this point back in 1996, because it's so fundamental.
> I have a tickle at the back of my brain, because I think there
> is text somewhere about how solutions designed for local use
> have a nasty habit of appearing on the open Internet and
> causing trouble, but I can't find it.
grep found this in RFC 3365 (BCP 61):
History has shown that applications that operate using the TCP/IP
Protocol Suite wind up being used over the Internet. This is true
even when the original application was not envisioned to be used in a
"wide area" Internet environment. If an application isn't designed
to provide security, users of the application discover that they are
vulnerable to attack.
Brian