I don't think I agree with this.
On Jun 21, 2010, at 6:45 PM, Martin Rex wrote:
I would prefer if the IETF retains the third level and puts an emphasis
on cutting down on protocol feature bloat when going from draft to
You want to be very careful cutting down on feature bloat. Some people may be
using those features you consider "bloat". The right time to cut down on bloat
is before publication of the original RFC. That's when it gets the most
scrutiny, and that's the time to tell the author(s) that certain features
should either clearly be OPTIONAL (aka MAY), or cut out entirely and placed in
an extension document that may or may not later be advanced in maturity level.
What I see happening is that Proposed Standards often start out with
a lot of (unnecessary) features, and some of them even inappropriately
labelled as "MUST implement".
Perhaps this should explicitly be part of the review process. Think of a
minimal implementation, and make sure all the features it doesn't need are
The draft standard only does some interop testing on a small number
of implementations, not unlikely those participating the standardization
process. It neither addresses what subset other implementations implement
and what subset is actually necessary for the general use case in the
The small group of those participating in the standardization process doesn't
necessarily change later. Even if more implementers have joined the fray, they
don't necessarily come to the IETF. Their "contribution" is only reflected in
"horror stories" from the same implementers of the original standard.
With the TLS renegotiation thing late last year, some people thought that five
leading implementations were responsible for almost all of TLS. It later turned
out that there were dozens of implementations in active use. And yet, most of
these implementers either don't participate in the TLS WG, or don't identify as
such. I had no idea SAP had their own TLS implementation, although you had
participated in the TLS WG for a while, and I have never said anything about
Check Point's TLS implementation.
One of the worst feature bloat examples is PKIX.
It contains an awkward huge number of features that a number of
implementations do not support -- and work happily without.
There should either be a split of e.g. 5280 into a "basic profile"
and a "advanced feature profile", or the status for some of the
extensions should be fixed from "MUST implement" to "SHOULD implement"
to match the real world and real necessity.
I don't like SHOULDs that only a small subset implement. Advanced features
beyond the basic profile should not be an all-or-nothing thing like an
"advanced feature profile" implies.
Ietf mailing list