I have a question about this. Are you producing a document with a known
deficiency that you intend to correct later in the standards process?
There is a difference between a deficiency and a security flaw. The desire
for passwords was brought up very late in the process, an indication that
there are not pressing market needs for it. It would be nice to have, but
there are significant technical issues, and thus Peter is proposing an
extension to CMS.
appears to me that making the change that has been suggested using the
extension mechanism after it has been released as PS would likely cause CMS
to move backwards in the standards process, and not forwards.
I don't understand why. The separate proposal does not have to be bound to
CMS. If we want to later bind it to CMS, we can postpone going from
Proposed Standard to Draft Standard by enough months to let the extension
catch up. Otherwise, they can independently move to Draft Standard. Both
are quite common in the IETF.
whole process would be substantially delayed.
Just the opposite: there is no delay at all.
You're better off correcting
the problem now with the "..." or extension mechanism or whatever as part
of WG last call, and moving on rather than attempting to correct it later,
and then being shifted back in the standardization process...
I respectfully disagree.
--Paul Hoffman, Director
--Internet Mail Consortium