OPEN ISSUE: Standards Track

[Keith Moore]

> _nobody_ claims that AH and ESP were insecure because they
> were standardized without key distribution. 

not insecure, just useless.  and the fallback to bare IP _is_ insecure.

I'd also claim that IPsec implementation in hosts is useless without an
API that allows apps to determine the validity of their peers'
credentials...

maybe this is another illustration that we don't really try to
understand the full scope of the problem until it gets to IESG.
and it's hardly surprising if IESG does a poor job of fixing that.