I read the draft as giving de facto control of all IETF output to the security directorate. Which I would regard as an attack on the IETF... Lloyd Wood http://sat-net.com/L.Wood/ ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Stephen Farrell [stephen.farrell@xxxxxxxxx] Sent: 11 December 2013 21:19 To: John C Klensin; Brian E Carpenter; ietf@xxxxxxxx Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice I've a question about the relevance of your comment John: On 12/11/2013 08:53 PM, John C Klensin wrote: > if encryption > were pervasive The draft in question does not call for that. It calls for proper consideration of the pervasive monitoring attack and work to mitigate that. Use of encryption for confidentiality will be a relevant mitigation for various protocols, but to comment as if this draft called for ubiquitous confidentiality seems very odd if one has read the draft. John - can you say what part of the draft caused you to incorrectly conclude that "pervasive encryption" (whatever that means) is even being discussed never mind recommended? Thanks, S.