Discussed during interop test triage:
1) It is unclear how the service capability GSESetting.McSecurity rep. SMVSetting.McSecurity are to be understood.
Do they apply to L2 Multicast messages or to L2 and Routable as well.
2) It is unclear how the property securityEnable at the GSEControl resp. SampledValueControl works during te configuration: KDC responsible for distributing the Key determines if encription is selected or not. Does the KDC configuration superseeds the SCL configuration?
Proposal
For 1) it makes sense to indicate that the service capability applies to L2 only, as security is mandated per Part 61850-8-1 for Routable protocol, and 62351-6 is mandating both signature and encryption for Routable protocol. Therefore there is no need to expose securit support for Routable in the capability
2) Probably, subscribers needs to be aware that security is enabled at a message - as per 62351-6 - to verify that the received message is fulfilling the security configuration. A boolean instead of an enumeration would be sufficient.