I agree with those who've said a threat analysis is needed before
deciding access is limited to TLS or other secure alternative.
But we have that threat analysis, and the recommended mitigation is precisely
"encrypt everything." The "pervasive monitoring" threat is analyzed by a number
of perpass drafts, and Stephen has merely followed the conclusions of that
analysis. There is no need to repeat that analysis for each and every tool that
the IETF produces, and there is indeed a need for the IETF as a whole to "lead
by example."
-- Christian Huitema