It is a shame that this opportunity was not taken to highlight the need
for authentication. Having a totally secure channel with perfect
encryption is of little value if the other end of the channel is a
hostile power.
RFC3365, which you cite, gets in right (of course!). It lists three
requirements and top of the list - Authentication service. It may of
course be that the author was only putting the requirements in
alphabetic order but whatever the reason, the emphasis is appropriate.
Tom Petch
----- Original Message -----
From: "IETF Chair" <chair(_at_)ietf(_dot_)org>
To: <ietf(_at_)ietf(_dot_)org>; <ietf-announce(_at_)ietf(_dot_)org>
Sent: Sunday, September 08, 2013 10:53 PM
Here are some thoughts on reports related to wide-spread monitoring and
potential impacts on Internet standards, from me and Stephen Farrell:
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
Comments appreciated, as always.
Jari & Stephen