Skip to main content

Optional Security Is Not An Option

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Brian Trammell
Last updated 2020-04-19 (Latest revision 2019-10-17)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document explores the common properties of optional security protocols and extensions, and notes that due to the base-rate fallacy and general issues with coordinated deployment of protocols under uncertain incentives, optional security protocols have proven difficult to deploy in practice. This document defines the problem, examines efforts to add optional security for routing, naming, and end-to-end transport, and extracts guidelines for future efforts to deploy optional security protocols based on successes and failures to date.


Brian Trammell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)