Hi, Eric, responding as an individual. Obviously, I disagree with your basic claim that it is too early to write a document like this. I've asked the sponsoring AD to make a consensus call on whether we have sufficient support to be making this sort of statement. If not, then I'll be happy to take my document to the rfc editor. However I think it is completely pointless for us to argue about that particular issues: we're not going to agree. I disagree that the references need to be significantly expanded. I am familiar with the work you cited in your message. If you would like to propose specific text that improves the document and cites those references I'd like to consider your specific text suggestions. It seems you have read the document and think I favor ZKPP protocols. It's certainly true that in a world without patents I think they would be interesting to explore. However I wanted to discuss them mostly because I thought that the patent problem was important to turn out. It's certainly true that I have thought about what solutions I'd like to see. I think the solutions will likely be in the challenge response at the HTTP level or TLS-PSK space. I think the primary concern will be what we can manage to get deployed not protocol details. I've tried not to expose that too much in the document; I understand we disagree. I would like to make some changes based on your comments. First, I would like to make a pass to improve the separation between user interface and protocol. I doubt I'll get to a level you'll be happy with. Second, I'd like to address your comment about WPE and enrollment. Finally, I see no problem correcting areas where I was less precise than you wished I had been. Examples of this include conflating the TLS and HTTPS layer in the introduction. --Sam _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf