Rick Smith <smith(_at_)securecomputing(_dot_)com> writes:
RFCs traditionally have that special section at the end called "Security."
Instead of the traditional phrase "This whole RFC is about security"
Well isn't it? :-)
perhaps that is the right place to put security recommendations. This would
be more in line with other RFCs, wouldn't it?
Also, this would reflect a (previously misplaced and sorely missed)
recognition of the difference between security and security mechanisms.
So long as the importance of adherence to security recommendations is
clear; ignoring them entirely could lead to some bizarrely insecure
implementations which could legitimately claim to be OpenPGP
compliant.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`