Melinda,
On 01/02/2014 04:34 AM, Melinda Shore wrote:
On 1/1/14 7:06 PM, Dave Crocker wrote:
I fear that we are indulging in a cause/effect error. The probably
reason we aren't pursuing needed specifics is that we don't know how to.
That may be the case, and that this draft is a Something Must
Be Done document. That is fine, and we all more-or-less seem
to be in agreement that something must be done. I think,
however, that a Something Must Be Done document probably does
not belong on the standards track. A This is What We'll Do
document does. Concern about unforeseen consequences from
publishing a vague document seems appropriate to me.
The draft is not vague. Its high-level, which is quite
different. If there are parts that are vague please point
those out and we can try to fix them.
Waiting until we have a set of (not one!) this-is-what-we'll-do
documents would be a bad outcome for at least the reasons I
outlined in response to Dave just now.
Calling this a "Something Must Be Done" document seems
needlessly dismissive. Can you say how that's intended to
help?
I think we have a proof by demonstration that we have not
sufficiently considered this attack. The proposed BCP is
a first, high-level step in remedying that situation. And
if we can get WGs to properly consider the attack to be a
real current practice, then the draft will become a fine
BCP in all senses of the term.
S.
Melinda