Hi,
On 2009-4-15, at 17:47, Todd Glassey wrote:
Lars Eggert wrote:
Nothing would be "tested", the IETF isn't in the business of auditing
TCP stacks.
Yo Lars Good-morning, let me respond. "Sure it is..." let me amplify -
Don't the IETF standards processes "require the development of two or
more independent implementations of any given protocol specification
and
the associated interoperability testing to document that the suite
runs
as advertised in the specification?"
this is required when moving from Proposed Standard to Draft Standard.
(Also, what RFC are you quoting in the previous paragraph?) This
doesn't apply to the document we're discussing here, because:
What we're talking about is describing attack vectors, potential
countermeasures and the the impact (downsides) those countermeasures
might come with. Implementors will need to decide for themselves if
and how to apply any of these techniques to their stacks.
Which would be filed as a Use Case Document as a set lf BCP's for a
protocol stanadard. This by the way is where the real value of the
IETF
comes in - in also telling people how to and how not to use these
protocols.
Yes, it is likely that whatever the outcome is, the document would be
published as Informational or BCP.
Lars
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf