Phillip - All -
the inclusion of critical Use Guidelines are critical to creating real
standards as opposed to general purpose recommendations. The other side of
the coin is in including value - and the Trust wants its IP to be worth as
much as possible. That said it is totally reasonable to require these use
document additions to RFC's and I-D's for new initiatives IMHO.
Todd
----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
To: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>; "Hadmut Danisch"
<hadmut(_at_)danisch(_dot_)de>; <ietf(_at_)ietf(_dot_)org>
Cc: <rfc-editor(_at_)rfc-editor(_dot_)org>
Sent: Wednesday, July 26, 2006 10:37 AM
Subject: RE: Mandatory numeric examples in crypto-RFCs?
It has been pointed out to me that the second sentence is unintentionally
ambiguous.
The point I was making is that when the spec has the examples included it is
much more likely to result in successful interop than the case where the
spec has no examples.
Although I generated the initial examples the ones in the final spec were
generated by Tommy Lindberg after I moved on to another project.
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker(_at_)verisign(_dot_)com]
Sent: Wednesday, July 26, 2006 12:17 PM
To: Hadmut Danisch; ietf(_at_)ietf(_dot_)org
Cc: rfc-editor(_at_)rfc-editor(_dot_)org
Subject: RE: Mandatory numeric examples in crypto-RFCs?
I provided these examples in XKMS and the general feedback on
doing so was very positive. We found that implementations
were much more likely to interop having been written from the
spec alone than without the examples. It also helped identify
ambiguities in the specification as people reported
ambiguities in the text where they resorted to the examples
for checking.
-----Original Message-----
From: Hadmut Danisch [mailto:hadmut(_at_)danisch(_dot_)de]
Sent: Wednesday, July 26, 2006 10:41 AM
To: ietf(_at_)ietf(_dot_)org
Cc: rfc-editor(_at_)rfc-editor(_dot_)org
Subject: Mandatory numeric examples in crypto-RFCs?
Hi,
I am currently debugging some ISAKMP problems and thus
using RFCs like
2085, 2412, etc. about cryptographic algorithms and data formats.
Such RFCs are sometimes a little bit ambiguous or difficult to read
since details are spread around the paper. When implementing such
algorithms or data parsers, you don't know whether the
implementation
is correct without a test case, e.g. feeding in some examples and
check whether the result is what is expected.
I'd therefore propose that every RFC dealing with crypto
algorithms or
data formats has to have a mandatory appendix section with
examples to
be used as a test case. (Every I-Draft should have.)
E.g. when describing key agreements precise examples of the random
numbers and secrets, byte sequences of example messages, and the
results (signatures, keys,...) should be given allowing to
do a simple
check of any implementation to see, whether the
implementation works
in principle, and does not have such common bugs like wrong
padding,
byte order problems etc.
regards
Hadmut
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf