Melinda, On 01/02/2014 04:34 AM, Melinda Shore wrote: > On 1/1/14 7:06 PM, Dave Crocker wrote: >> I fear that we are indulging in a cause/effect error. The probably >> reason we aren't pursuing needed specifics is that we don't know how to. > > That may be the case, and that this draft is a Something Must > Be Done document. That is fine, and we all more-or-less seem > to be in agreement that something must be done. I think, > however, that a Something Must Be Done document probably does > not belong on the standards track. A This is What We'll Do > document does. Concern about unforeseen consequences from > publishing a vague document seems appropriate to me. The draft is not vague. Its high-level, which is quite different. If there are parts that are vague please point those out and we can try to fix them. Waiting until we have a set of (not one!) this-is-what-we'll-do documents would be a bad outcome for at least the reasons I outlined in response to Dave just now. Calling this a "Something Must Be Done" document seems needlessly dismissive. Can you say how that's intended to help? I think we have a proof by demonstration that we have not sufficiently considered this attack. The proposed BCP is a first, high-level step in remedying that situation. And if we can get WGs to properly consider the attack to be a real current practice, then the draft will become a fine BCP in all senses of the term. S. > > Melinda > > >