On Mon, Jul 28, 2014 at 11:04:50PM +0100, ianG wrote: > Having re-read the responses I think the term that comes closest is > "all-or-nothing". But even that doesn't seem to capture all of it, > because "all" isn't what they achieve, they are quite conscious of > ignoring certain threats such as tracking or DOS. > > Perhaps "high bar" security or "fixed bar" security? The flaw with much > work in the past is that the bar was set high, and those who failed to > leap it where knocked back. So they walked around. I like "all or nothing", "all" here is sensibly read as "everything implemented", not "everything possible". Thus simply a binary choice. However, in trying to work this into the text I am finding that it becomes more verbose, and spends too much time on inessential details. Perhaps this is just failure to craft the right text on my part, but I am having a hard time actually improving the text overall, even though "all or nothing" is perhaps better than "strong". There is a tension here between a quick informal description of existing practice, that should be clear to most, with a clear focus on the new model, and a more accurate/detailed description of past practice, that might detract from the focus of the document. Is anyone willing to take the time to carefully update the Introduction to find the sweet spot between the current cursory nod to the past on one extreme, and potentially an overly elaborute detour on the other? I tried a couple of times, but have not yet succeeded. Writers block and shortage of cycles perhaps... I think that if we change nothing, though the document could likely be improved, that the improvements are inessential. Perhaps we can leave well enough alone? -- Viktor.