I have recently started looking at this NG. I saw some postings on "Security"
and some thoughts expressed on the subject. May be this is not the right forum
for it, but I will say on the subject; and may be we can move it to another
dedicated active IETF place for security discussion if one exists.
I have quickly combed the IETF site for Security work. It seems distributed in
various places, not interrelated in an obviously coherent way. For instance I
found the following.
o- A security Area, and an IPsec Policy WG within it.
o- A Policy Framework WG within the Ops and Mngmt area; and some work
on QoS Policy within it.
There are perhaps historical reasons for this, but no obvious rationale.
It would seem to make sense if there were a Security Policy working group; and
IPSec Policy would extend that work as a particular instance. It is just as the
Policy Framework is extended (particularized) by the IPSec Policy or QoS
Policy. This would determine a bigger scope for Security work at IP layer but
not tie it, at the outset, to a particular protocol like IPSec at that layer.
Thanks and Regards
Rahim
Note: My thoughts are personal to myself, and do not represent my employer.