Hi Very much support the draft and the idea of creating a BCP.
Have also appreciated the discussion on opportunistic encryption, which I consider akin to a holy grail. Been thinking about it in a DTN context for a while, but don't feel like I ever got very far. I am, however, looking at another part of the text. I appreciate that the requirements are a MUST and that reads well, but, doesn't including a statement "Note that this is contingent on practicality" really downgrade it to a SHOULD? I think that "really has to be sent in clear for a protocol to be able to operate" is too hand wavy as a guideline. Perhaps the draft could go deeper in the kinds of conditions that indicate that: a) it was really necessary - what are the reasonable conditions for necessity? b) an indication of what practical actions have been taken to avoid this insurmountable obstacle and a discussion of which particular requirements could not be met. c) a guideline that indications be given on how can these instances be mitigated This could well be a clue to what sort of information is needed to meet the requirement of explaining why the protocol does not fill the other requirements for protecting private data. While I think that perhaps that I should go a little further breaking down a-c above, Irealized I would not get this sent of for several weeks if I were to try and go further and actually recommend text on a-c above. avri _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
