On Fri, Sep 6, 2013 at 12:16 PM, SM <s...@resistor.net> wrote: > In a Last Call comment a few months ago it was mentioned that a > specification takes the stance that security is an optional feature. I > once watched a Security Area Director spend thirty minutes trying to > explain to a working group that security feature should be implemented. If > I recall correctly the working group was unconvinced. > > Would the community raise it as an issue during a Last Call if a proposed > protocol did not have strong security features? It's up to the reader to > determine the answer to that.
It is tragic if the community does understand strong encryption is essential in many cases (with the caveat that it is not a panacea for all security breaches) As for raising issues at the last-call. Why not ? The last-call is no different than any other mailing list discussion or going to the mic in a physical meeting. (Other than the urgency of having the last chance to comment ?) -- Vinayak
