> We should not approve an IETF policy statement > until we have a good idea of the way we will use it. I'm struggling a bit with this statement -- it seems just as broad as the draft under discussion, and just as much of a "policy" as the draft under discussion. What does a "good idea," actually mean? That we have a fairly well defined way to accomplish any particular goal before going about stating those goals? That we should not go about trying to accomplish something until we already have a good idea of how to accomplish it? If so, I don't think this is a good result. The point of engineering seems, to me, to be that you choose a goal, then you find a way to get to that goal. You might, on stating the goal, find there's no obvious way to fulfill the goal, but that's when you turn to research and lots of thinking, rather than simply declaring the goal unreachable, and hence not worth articulating. As for the politics piece -- I don't read this draft as political. The problem is, rather, a more practical one -- if the Internet is made up of systems and protocols that are essentially completely open to anyone reading anything you send, post, or otherwise place into an IETF designed protocol at any time by anyone, then the Internet isn't a place where anyone is going to want to actually do much of anything at all. The general objections to this are twofold: - If you've not done anything wrong, you have nothing to hide. Refuted on multiple occasions. You can begin by observing that "wrong," is, in the modern world (and unfortunately), a completely relative term. It might mean something completely different tomorrow than what it means today, but the electronic record, as things stand today, is generally permanent. - If you don't want to hide it, then don't put it on the Internet. Ten years ago, no-one thought information about who your friends are (or what you eat for dinner on a regular basis) had any economic worth. Today, this information is considered valuable, and hence information you might actually want to be careful to control in some way. What will suddenly be discovered to be valuable in ten years' time? We can't even guess, so the better statement is -- you should hide everything unless you've made a conscious decision to unhide it. The default shouldn't be, "let everyone see," the default should be, "let no-one see." There is an elephant in the room that I think needs to be brought out and recognized: people don't make millions/billions on this information just by knowing it. No-one pays a search engine provider to find out what's in your email just because they want to know. They pay to know what's in your email so they can (hopefully) change your behavior in some way (buy this rather than that, you need that even though you hadn't thought of it before), or your beliefs (vote for Joe rather than John). We are playing with something that's more than just "I don't want people to know stuff about me," here. This comes down to a fundamental level of trust -- who am I revealing information to that might be used to shape my thoughts and actions in the future, and how can I control the revelation of that information? The fact is that the IETF has designed a suite of protocols that are mostly unsecure, and widely used in a world where we're just starting to see the importance of security around not only your credit card number, but also your address book. That the IETF should make a statement saying, "we seem to have something backwards here, and it's about time we reverse our assumptions," isn't a political statement at all -- it's a facing of reality. That the facing of reality has come about through any particular political situation shouldn't imply that the statement is generally political -- reacting to a political situation with a statement of a change in policy isn't a political reaction, nor even (necessarily) a reaction against the politics. Rather, it's just saying, "hey, we didn't think about this problem before now, but now that we've thought about it, we need to set some new goals." Don't confuse the on list argument about politics with the actual point of the draft; they're two different things entirely. Anyway, that's my 2c. I've read the opposing arguments, and I'm still in support of this draft. Russ