Phillip Hallam-Bakerwrote: ... > The reason I keep coming back to the data level security issue is that > > 1) It is in scope for IETF. Data level security protects data at rest and > in motion. > > 2) There have been recent expiries and are imminent pending expiries > of key IPR that makes a solution much easier. > Clearly that statement is self-contradictory. If the IPR has existed long enough to be at expire, the 'easier solution' has existed for a long time. The choice of not using it is simply a cost issue. If people don't believe protecting the data is worth the cost, the data will be exposed. > 3) It is one of the things we can fix that has the greatest security payoff. > You can "improve" it, but you will never "fix" it. As long as humans have to interact with the data, there has to be a mechanism to expose the data, and that mechanism will always be vulnerable to compromise. Tony