On Wed, Jan 1, 2014 at 4:18 PM, Melinda Shore <melinda.shore@xxxxxxxxx> wrote: > I'd actually be fine with experimental, to the extent that it > provided background for some experiments with trying to find > a workable framework for evaluating snoop-resistance in IETF > specifications. I'm less good with publishing a BCP that's > neither "best" nor "current" nor "practice." I don't believe finding a "framework for evaluating snoop-resistance in IETF specifications" describes the goal. That would be very very difficult. Providing background for such an effort? Sure, but again I don't think that's a primary goal. We want to establish guidelines for WGs in doing security considerations ... but IMHO specific statements of guidelines are beyond the scope of this draft. I believe this draft is just establishing a fundamental principle on which to take the next steps. Maybe it should just be informational because there's very little actual practice in it? Scott