The fact that the "Security and privacy considerations" and the "Accessibility considerations" sections are completely blank in this proposal is delightful meta commentary on the state of the AI hype cycle. I know it's just a draft so far, but it got a laugh out of me.

I'm struggling to think of a good entry under those sections, what did you have in mind?

For accessibility, that's a client consideration typically, the agent using the MCP server would be responsible for making its output accessible. I don't think the intention is to let webapps define how their output is displayed to end users, but to define outputs for agents instead.

For security, other than what the MCP protocol itself provides, what should be defined?

I think it's a draft, there is still discussion about it, they might not have reached a point where there consensus for those categories. But I'm curious to hear your thoughts.

don't worry in a few weeks they'll have AI generate some policies for them to skim!

This stuck out to me. What a joke.