I don't understand the security concerns about "do not publish this." It's protected by transport level security, and it's encouraged to use application-level signing. It's machine readable, or easily parseable, and it makes it easier for people to report problems. Do we have a problem with over-reportage? Don't let the perfect be the enemy of the better. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
