On 2015-11-26 09:08, "Carsten Bormann" <cabo@xxxxxxx> wrote: >Göran Selander wrote: >> we should >> not ignore these security issues in new standards. > >Definitely, we shouldn't ignore these security issues when defining new >standards. > >Now why is this a comment on the IETF last-call for an existing >specification? I’m sorry if you find this comment coming a bit late. Let me expand on the history. As mentioned the object security work has been going on since a year starting with CoAP. When turning to the other drafts in the CoAP suite, we couldn't understand how blockwise works with proxies from the draft and asked the question to the CORE list (June). The only answer we got was actually wrong, in the sense that it gave the impression that this is not a proxy operation that would be of any use - an indication that blockwise proxy operations, although not invented yesterday, has not been well understood. It was not until the social event in Prague (July) where we learnt (in private conversation) that this is not a corner case. In the mail discussion that follow on the CoRE list I formulate this problem as a question to you but I don’t get any answer (Sept. 2). In the CORE WG f2f meeting in Yokohama I raised the issue with blockwise and proposed solution in my presentation (Nov. 5), but there is no comment. That is why this is a comment on the IETF last-call. Göran