> The main problem is that: privacy issues are deeper than that, the > question could be misunderstood without a larger context, and there's > already a set of documents discussing most of that larger context (RFC > 6973, the perpass problem statement draft, etc.). > > The Document Shepherd Write-Up currently doesn't reference security > guidelines directly. Instead of asking a few specific questions in the > shepherd's writeup as you suggest, consider adding the privacy/perpass > docs to BCP 72 (which already includes RFC 3552) as they are approved, > and then optionally add a question to the shepherd's writeup that > refers to it, in order to emphasize the increased attention to the > issue. FWIW, I do not feel strongly about this topic but my personal opinion is that if we do something with the shepherd write-up, it should be on the general level outlined by Scott above. (But I think the documents themselves are more important than the write-ups. A few years down the road, I'm sure the reader like to know what the thinking on security was on such and such RFC. On any aspect of security, PM or otherwise. When there's something to say, of course, which isn't always.) Jari