i have read this draft and followed the discussion on saag. i think it is needed and worthwhile contribution. while i am especially fond of encrypt by default, it is important that inability to authenticate must not lead to cleartext when unauthenticated encryption is possible. randy