On 05/01/2014 08:14, Stewart Bryant (stbryant) wrote:
Sent from my iPad
On 4 Jan 2014, at 16:01, "Stephen Farrell"
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
On 01/03/2014 08:36 PM, Stewart Bryant (stbryant) wrote:
I have been wondering whether a simple update to "A Guide to Writing
A Security Considerations Section" is all that is needed to address
the problem in hand?
After a bit of offlist mail with Stewart, it turns out I had
misinterpreted the above.
I now believe (haven't quite confirmed, but its a fine idea
anyway so worth raising here) that what Stewart meant was
not to open up 3552 and add this text, (which'd take years) but
rather to make the RFC resulting from this draft be just another
part of BCP72 (aka RFC 3552).
Yes, that is what I meant. An RFC that says updates RFC3552 in
the top left corner, and provides advise on this security issue in
the same manner and style that RFC3552 deals with all the other
important security issues.
But, RFC 3552 has a lot of technical meat, and RFC 3365 has quite
specific technical content too. I don't see the present draft as being
in that category at all.
I agree that we need equivalents of those two RFCs for this issue.
There's technical analysis heading in that direction in RFC 6973
and there's draft-trammell-perpass-ppa, but work remains to be done.
Brian
Brian