On Mon, May 27, 2013 at 7:54 PM, Randy Bush <randy(_at_)psg(_dot_)com> wrote:
while i appreciate joe's listening to my other comments on the draft, i
still strongly object to publication of this draft as an rfc for the
reasons made very clear in the sec cons. please read the summary
section of rfc 2804.
While the RFC should not be materially misleading, I don't think there
is a requirement for Informational RFCs to guarantee any particular
level or security or privacy.
RFC 2804 is about the security of communications content, not the
security of statically stored address information. I'm not denying the
applicability of some security considerations, I'm just saying that
RFC 2804 doesn't seem to me to be particularly applicable. In any
case, the final part of the summary section of RFC 2804 calls for the
publication of specifications that might affect security.
Thanks,
Donald
=============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3(_at_)gmail(_dot_)com
randy