On 22 Nov 2016, at 21:25, Michael StJohns <mstjohns@xxxxxxxxxxx> wrote: > > Is it time to revise BCP72/RFC3522 to require we also address threats *from* the protocols to the Internet as a whole? Indeed. We did some of this in the security considerations of RFC 7252 (e.g., section 11.3 and 11.5). A catalog of issues to consider would certainly help in writing future security considerations sections. https://tools.ietf.org/html/rfc7252#section-11.3 https://tools.ietf.org/html/rfc7252#section-11.5 Grüße, Carsten