Göran Selander wrote: > we should > not ignore these security issues in new standards. Definitely, we shouldn't ignore these security issues when defining new standards. Now why is this a comment on the IETF last-call for an existing specification? It's not like Block was invented yesterday and people are still figuring out how to implement it. For years, it has actually been part of a number of specifications that were derived from the CoAP specifications. It isn't very likely that spending another year or two on finding out what specific mandates on proxies might possibly make life a bit easier for a new object security specification would have any influence on today's CoAP implementations. When you have found out what is needed, write what you need into that object security specification. Document the level of backwards compatibility achieved (hint: You may want to carefully define your objectives here). (And don't forget that you should be solving the problem for cross-protocol proxies as well.) Grüße, Carsten <not wearing chair hat today because I happen to be the author of that specification>