Nor should we go about implementing something with complete disgregard to
the realities of how people expect to be able to secure things in the field.
While the points you make are certainly valid they don't diminish the value
to having actual authentication in the process.
Oh come on. We have our marching orders from the IETF already, I need
no further moral arguments about security or implications about
"complete disregard" - that's grandstanding. If you see a problem,
propose something concrete.
cheers
Bill
