RE: IAB draft on security

At 05:02 PM 7/27/1999 -0700, Dave Crocker wrote:
>I don't agree.
>In effect, 1984 makes a set of cases about general issues.  It's entirely 
>I think that something which analyses current detail would be appropriate.

I fully agree with Dave.

The question of "what about export rules" come up so often in various 
security debates that it really should be dealt with in the secmech 
document. Two or three paragraphs explaining why the IETF rules were 
adopted, what has transpired since RFC 1984 that have shown the rules to be 
good ones, and advice to implementors who are faced with legal issues 
implementing the mechanisms described in secmech would go a long way to 
getting security actually implemented correctly.

We're not trying to change the laws here, simply to explain why we are not 
paying attention to some transient local laws when we design protocols with 

--Paul Hoffman, Director
--Internet Mail Consortium

Received on Wednesday, 28 July 1999 12:48:40 UTC