(Top posting to save everyone time) For whatever it is worth, I find myself in complete agreement with Dave and with his statement of the issues. In particular, if our desire is to make a statement of concern (superficial or otherwise), we should do that and not wrap it in an apparently-technical document and/or set of commitments for which we can be held accountable for not delivering. If we actually do want to make commitments for action, this document is, at best, immature. The recent "where are the real threats" discussions about https and the roles of DNSSEC and various types of certification, including distinctions between data integrity and data quality for security purposes, reinforce that view. Personally, I favor the commitments for action but only if they are associated with a clear understanding and presentation (both tactical and strategic) of what we reasonably can do technically. I don't believe the value of expressions of concern beyond what was already demonstrated in Vancouver is sufficient to justify the costs of arriving at consensus on them. best, john --On Wednesday, December 11, 2013 09:15 -0800 Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > On 12/9/2013 5:28 AM, Stephen Farrell wrote: >> >> The question essentially >> is how to cater for network management. I think the >> current text is fine, Eliot doesn't, > > The IETF has been bitten by the privacy-protection bug, which > is prompting extensive, serious activity on the topic. That's > excellent, of course. However the community is responding > with a sense of urgency about issuing policy statements that I > believe is precipitous. > > Policy statements need to represent more than a simple > assertion of a desire or goal. They need to consider > implications, carefully and relatively thoroughly. It's also > best if the statements are written with some attention to > likely misinterpretation. (For example, the current draft is > careful to explain its distinctive use of the word 'attack'; > while some readers will persist in misinterpreting the use, at > least the document makes itself clear.) >... > In other words, the community needs to take on a work item to > offer comments on the likely application of this draft to > technical efforts in the IETF, so that we can develop some > understanding of how the document will be useful (and how it > might be revised to avoid difficulties...) > > At that point, the document will represent a degree of > substantive, strategic technical thinking by the community, > rather than a more wistful and frankly superficial expression > of concern.