On Wed, Dec 11, 2013 at 10:18 AM, Randy Bush <randy(_at_)psg(_dot_)com> wrote:
The IETF should absolutely try to make privacy/security a
_possibility_, and that's why every effort should offer the
_possibility_ of mitigation. That's as far as we should go.
how many documents say if you want priavcy use ipsec. that's been a
real winner for us, eh? i always leave open the possibility that cash
may fall from the sky.
More context: I said: "Regarding "where possible", since every
situation is different, I do
not think the IETF should try to find a balance, or say anything
universal about deployment."
I didn't mean we should just stop at making privacy possible, I meant
that in writing this document, we shouldn't try to make short
rule-of-thumb memes for what to do when. It's complicated. Trying to
encapsulate it in something as short as "where possible" doesn't work.
When you extend that to "unless that gets in the way of operations"
you open up more cans of worms. I tried to keep what I said above
short, and look where it got me.
Scott