Regarding "where possible", since every situation is different, I do
not think the IETF should try to find a balance, or say anything
universal about deployment. There is no position that will work for
everyone. The IETF should absolutely try to make privacy/security a
_possibility_, and that's why every effort should offer the
_possibility_ of mitigation. That's as far as we should go.