once you hand security the keys to your organisation, it's no longer your organisation. I am unsurprised by the increasing speed of security moves here (really, security policy matters; policy is easy to push. governments do it all the time) and the increasing slowness of everything else. (it's been twenty years since RFC1323bis kicked off. Don't hold your breath.) Lloyd Wood http://sat-net.com/L.Wood/dtn I was right in warning about DTN. Seems I''m right in warning about this. right? ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Stewart Bryant [stbryant@xxxxxxxxx] Sent: 07 April 2014 15:24 To: John C Klensin; Ted Lemon; Stephen Farrell Cc: Tim Bray; IETF-Discussion; The IESG Subject: Re: Security for various IETF services On 07/04/2014 15:02, John C Klensin wrote: > As to the core proposal, unlike SM, I would like to see each new > application that someone proposes to be accessible through "secure" > means only discussed one at a time. I concur with John. > My fear of the whole Prepass effort was that it would be used in "we > approved that, therefore we can and should do this without further > discussion" arguments. I just thought it would take a few years to get > to that point. That was the root of my object to the publication of the Attack RFC. - Stewart