Section 3 effectively rules out any requirement for security within a domain. I don't think that's right. In 5.8.7, confidentiality SHOULD be supported. The ability to listen to signaling channels is a major guide to what data channels are interesting. 5.9.2 is null. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)