Why can't all my routers do FOO ?

I'm trying to finish off the operational security requirements
draft (http://www.ietf.org/internet-drafts/draft-jones-opsec-01.txt)
which is a collection of operational security requirements for routers
and other network infrastructure. The last major change that needs
to happen is splitting out the Best Current Practice (BCP) info
from the other items. This is where I'd like some feedback.

If you're so motivated take 5 minutes to brainstorm two lists.
The first is "*security features* I use everywhere now" (logging,
aaa, filters...). The second is everything else: "I can't believe
no vendor does FOO...", "Vendor A does BAR, life/security would be so
much better if all vendors did it" etc. I'll take your lists
and try to correctly align them with the drafts.

If you're more motivated, you can see exactly which features have
migrated from the BCP draft (opsec-01a-toc.txt) to the "info"
draft (opsec-info-00.txt) by looking at the table of contents
of the work-in-progress drafts @ http://www.port111.com/opsec/

Replies can come to the list (preferred to avoid duplication, allow
discussion) or to me directly.

---George Jones