On Thu, Jan 16, 2014 at 2:16 AM, Eliot Lear <lear@xxxxxxxxx> wrote: > > On 1/15/14 5:40 PM, Sam Hartman wrote: >>>>>>> "Eliot" == Eliot Lear <lear@xxxxxxxxx> writes: > >> >> I absolutely agree that general guidance of this form would be valuable >> either in some general security BCP that the other security BCPs >> reference or restated in the security BCPs. > > It is a basic precept of engineering that the earlier you spot a design > flaw, the less costly it is to address. We needn't teach such basic > precepts in our series. Then where should they be taught? Personally I prefer having the fundamentals taught again and again rather than being in a single place that most people have forgotten about. There are new people in the IETF all the time, many of whom are new to this level of design. I don't want to depend on ad hoc osmosis and "common knowledge" to get the basic principles across. >> we're not working on such a BCP now, so I'm trying to add the advice I >> need to this BCP in order for it to work for me as a WG chair and >> document author. > > And as a working group chair you must balance ALL considerations and not > just this one. Yes of course. >> It's not so much a truism that we all agree to it. I've definitely >> worked with WGs that didn't want to consider these sorts of issues when >> choosing technology and didn't seem to agree that they had to. > > And I've seen participants all but derail working groups by solely > focusing on one design consideration. If I'm understanding correctly, you're echoing the concern expressed a week or two ago that the Security ADs were being given a Big Hammer and tyrannical authority over every working group. No one is saying this is the only architectural consideration - we have other RFCs on protocol architecture. The text just says it really should be considered. No? Thanks ... Scott