On 01/02/2014 01:26 PM, Scott Brim wrote: > On Jan 2, 2014 8:18 AM, "Stephen Farrell" <stephen.farrell@xxxxxxxxx> wrote: >> And so with this one - stating only the high level requirement >> is the right thing to do for now > > Would it be better to leave this one informational and not make it a BCP? > There's extremely little in it that is Practice. The next level down is > where we would add more specific guidelines and BCPs. See the quote from 2026 in my response to Dave - what is wrong with following that and making a statement of principle as a BCP? There should be no need for all BCPs to have lots and lots of detail surely. And FWIW, I do think it'll be easier to get WGs to properly consider the attack/threats if this is a BCP. I also think it'll be cleaner to update as a BCP, if and when we wanted to add more detail, but that's a minor detail. S.