On 1/31/11 6:51 PM, Cullen Jennings wrote:
So first, we already have a BCP that says more or less all protocols must
implement a secure version but deployment is optional. This is a good BCP,
and it comes from the right area to say that - security. It's probably
impacts design work in working groups more than any other BCP. It has IETF
consensus. The IESG holds protocols to this.
But this isn't only about IETF process. You just asked about why the
IETF is special and why 3GPP shouldn't be treated on equal footing.
Well, then what about ITU, ISO, W3C, and Joe's Standards Body?
Now - I am at loss to see why forcing people to use one port will make it
more likely to have secure protocols. This seems crazy. Please do enlighten
The vast majority of the requests I see have 0 security built in until I
ask the question. A few come back with a plan. Take away that lever
and I don't even get to ask the question.
And on the topic, I'm still looking forward to an explanation of how the
current CoAP design stomping all over the TLS code points would be an
I missed a step there? CoAP?
Ietf mailing list