On Wed, Jan 1, 2014 at 4:18 PM, Melinda Shore
<melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
I'd actually be fine with experimental, to the extent that it
provided background for some experiments with trying to find
a workable framework for evaluating snoop-resistance in IETF
specifications. I'm less good with publishing a BCP that's
neither "best" nor "current" nor "practice."
I don't believe finding a "framework for evaluating snoop-resistance
in IETF specifications" describes the goal. That would be very very
difficult. Providing background for such an effort? Sure, but again I
don't think that's a primary goal. We want to establish guidelines for
WGs in doing security considerations ... but IMHO specific statements
of guidelines are beyond the scope of this draft. I believe this draft
is just establishing a fundamental principle on which to take the next
steps. Maybe it should just be informational because there's very
little actual practice in it?
Scott