Yes. I thought that would be the NEXT step after this draft. But let's not skip this one. The next will take a bit of time, so let's publish this one so the world can see our position. Once the next one is done it can incorporate this one and obsolete it.
Scott
On Jan 4, 2014 2:15 PM, "Stewart Bryant (stbryant)" <stbryant@xxxxxxxxx> wrote:
Sent from my iPad
> On 4 Jan 2014, at 16:01, "Stephen Farrell" <stephen.farrell@xxxxxxxxx> wrote:
>
>
>
>> On 01/03/2014 08:36 PM, Stewart Bryant (stbryant) wrote:
>> I have been wondering whether a simple update to "A Guide to Writing
>> A Security Considerations Section" is all that is needed to address
>> the problem in hand?
>
> After a bit of offlist mail with Stewart, it turns out I had
> misinterpreted the above.
>
> I now believe (haven't quite confirmed, but its a fine idea
> anyway so worth raising here) that what Stewart meant was
> not to open up 3552 and add this text, (which'd take years) but
> rather to make the RFC resulting from this draft be just another
> part of BCP72 (aka RFC 3552).
Yes, that is what I meant. An RFC that says updates RFC3552 in
the top left corner, and provides advise on this security issue in
the same manner and style that RFC3552 deals with all the other
important security issues.
- Stewart
>
> (In case folks don't know, BCPs can be made up of multiple RFCs,
> e.g. BCP 10 [1] is like that.)
>
> I think that's quite an interesting idea, and would probably only
> require adding a sentence or two to relate this text to that in 3552
> (which is currently all of BCP72). I'd certainly have no problem
> were that the outcome.
>
> I guess that just might help folks with concerns that as a new BCP
> this might be over zealously applied.
>
> But I'm not sure - would that in fact help anyone with such concerns?
>
> Cheers,
> S.
>
> PS: This might make suggest a fine longer term plan to work on a
> broader revision of BCP72 as we better appreciate privacy concerns
> in general and pervasive monitoring.
>
> [1] http://tools.ietf.org/html/bcp10
>
>>
>> Stewart
>>
>> Sent from my iPad
>>
>>> On 3 Jan 2014, at 19:00, "Melinda Shore" <melinda.shore@xxxxxxxxx>
>>> wrote:
>>>
>>>> On 1/3/14 8:33 AM, Eric Rosen wrote: One has to look at the
>>>> likely impact of the draft, not merely at the intentions of the
>>>> authors.
>>>
>>> I don't know if I'd use "likely" here but I definitely think the
>>> IETF should be somewhat more thoughtful about "possible."
>>>
>>> I've been trying to figure out if there's a way forward that
>>> doesn't involve bulldozing the dissenters. Personally, I'd be fine
>>> with publishing it as informational or experimental, or if the
>>> document provided a lot more clarity about the basis for review
>>> (along the lines of 3552).
>>>
>>> Melinda
>>