> From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx] > No, we don't. We just need to discourage the practice of > waiting to write such a document until after protocol design > is complete, rather than doing it first. That depends. Take the recently renamed WAE. The original idea of this group was to go after phishing. I work on phishing every day, I think they would do far better and produce something with much more immediate impact by instead applying their technology to the problem of Internet pedophiles. Changing bank authentication infrastructure is hard and the liability issues are savage. Bottom up work is what this particular community does best. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf