On 01/03/2014 08:36 PM, Stewart Bryant (stbryant) wrote: > I have been wondering whether a simple update to "A Guide to Writing > A Security Considerations Section" is all that is needed to address > the problem in hand? After a bit of offlist mail with Stewart, it turns out I had misinterpreted the above. I now believe (haven't quite confirmed, but its a fine idea anyway so worth raising here) that what Stewart meant was not to open up 3552 and add this text, (which'd take years) but rather to make the RFC resulting from this draft be just another part of BCP72 (aka RFC 3552). (In case folks don't know, BCPs can be made up of multiple RFCs, e.g. BCP 10 [1] is like that.) I think that's quite an interesting idea, and would probably only require adding a sentence or two to relate this text to that in 3552 (which is currently all of BCP72). I'd certainly have no problem were that the outcome. I guess that just might help folks with concerns that as a new BCP this might be over zealously applied. But I'm not sure - would that in fact help anyone with such concerns? Cheers, S. PS: This might make suggest a fine longer term plan to work on a broader revision of BCP72 as we better appreciate privacy concerns in general and pervasive monitoring. [1] http://tools.ietf.org/html/bcp10 > > Stewart > > Sent from my iPad > >> On 3 Jan 2014, at 19:00, "Melinda Shore" <melinda.shore@xxxxxxxxx> >> wrote: >> >>> On 1/3/14 8:33 AM, Eric Rosen wrote: One has to look at the >>> likely impact of the draft, not merely at the intentions of the >>> authors. >> >> I don't know if I'd use "likely" here but I definitely think the >> IETF should be somewhat more thoughtful about "possible." >> >> I've been trying to figure out if there's a way forward that >> doesn't involve bulldozing the dissenters. Personally, I'd be fine >> with publishing it as informational or experimental, or if the >> document provided a lot more clarity about the basis for review >> (along the lines of 3552). >> >> Melinda >> >