On Jan 1, 2014, at 6:07 PM, Melinda Shore
<melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
I'm sorry, but when we get to the point where we need to point to an
RFC to stop progress on a document that has obvious vulnerabilities,
our brains have fallen out.
This is counterfactual. We used to routinely handwave about security. We've
gotten better about that. RFC3552 is why. RFC3552 does not discuss the
threat of pervasive monitoring. So we need a document that does. This is
that document. RFC3552 is a BCP. It makes sense that this document would
also be a BCP. The fact that we needed RFC3552, and that we need this
document, is not evidence that our brains have fallen out. It is simply
evidence that it is good to state expectations formally rather than hoping that
everybody is on the same page but not making any attempt to actually get them
there.