Protocol designers, I beg you to include an actual security design document with your designs, there is no reasonable way for me to verify your security choices if you don't tell me why they are made!

I literally cannot use your protocol for anything serious (read: something that marginalized people will be using) if you don't tick this box, no matter how nice your website or conference talk is