On 08/12/2015 11:02 PM, Roy T. Fielding wrote: > The reason I read it that way is because, in fact, none of the protocols > we developed at that time actually required strong cryptography. They > just assumed you would layer the right amount of cryptography underneath, > using one of the (at that time) non-IETF security protocols with appropriate > patent and export licensing. I was in the room at the Danvers plenary, and that was not the impression I got. In particular, at that time many people believed very strongly that IPSEC, an IETF protocol, would be THE most useful tool for achieving security, once it was finished. Other RFCs at the time included RFC 1968, the PPP Encryption Control Protocol, RFC 1969, the PPP DES Encryption Protocol, and RFC 1964, the Kerberos Version 5 GSS-API mechanism. A cynic would say that they were just making different wrong assumption from the one Roy observed, but people seemed to strongly believe that the IETF was developing protocols that required strong cryptography. -- Surveillance is pervasive. Go Dark.