Dan, again, with the text as it stands, what attacks do you see permitted by these requirements that you believe should not be permitted. The text changes you proposed were considered but are rather problematic for existing protocols. I don't think we mind mandating changing protocols for real problems but we do mind doing so if we cannot understand the problem we're solving. I do agree that the proposed changes would be better using RFC 2119 language. If the authors want to fix that in auth48, I'll permit the change. However I think the language is clear enough that it is a requirement now so I will not hold up the document for that. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf