Date: 2005-06-23 12:45
From: Ned Freed <ned(_dot_)freed(_at_)mrochek(_dot_)com>
Which in turn works because there are always security considerations - the
closest thing to valid empty security considerations section we have is one
that says "this entire document is about security". A section that simply
says
"there are no security considerations here" is invalid on its face and
indicates insufficient review has been done.
Possible counterexamples:
RFC 2234:
Security is truly believed to be irrelevant to this document.
I remember this one. The validity of this statement was in fact questioned and
discussed.
RFC 3935:
Considering security is one of the core principles of sound network
engineering for the Internet. Apart from that, it's not relevant to
this memo.
First, saying that "security is a core principle" is hardly equivalent to
saying "there are no security considerations". In fact it is pretty much the
opposite.
Second, I actually think this is a case where some discussion of how security
relates to the mission of the IETF would actually have been appropriate. Had I
been on the IESG at the time I would have voted DISCUSS on this one, but
because the section is IMO incomplete, not because it says there are no
security considerations.
In any case, you've found one document where there arguably were no security
considerations. Fine, so I should have said "almost always" instead of
"always". It's still a red flag when a document says there's aren't any
security considerations because such documents are rare. But documents
not having IANA considerations are very common, so the same princples
don't apply.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf