ietf
[Top] [All Lists]

Re: Discussion of draft-hardie-advance-mechanics-00.txt

2010-10-04 18:37:10

Ted Hardie wrote:

A periodic call for comments, say at  2 and 5 years out, with those
judged to be still useful moving up the ladder, for example?

There should be at least an IETF Last Call before any such
automatic advancement in order to figure out whether the community
thinks there is sufficient implementation experience that supports
advancing the document.

Example:  The "SPNEGO - the GSS-API negotiation mechanism"

http://tools.ietf.org/html/rfc4178#appendix-C

started at proposed with rfc-2478 (Dec-1998) was reviewed
and serious problems fixed with rfc-4178 (Oct-2005).

The basic problem was there there existed only a single implementation
(from Microsoft) and the original implementor did either not
sufficiently think about the spec while implementing it or forgot
to tell the IETF CAT WG about the problems of the spec he found.

Given the right mindset and some level of development experience,
it is possible to find most issues and all serious issues in a spec
doing only one single implementation.  But there are issues that
may significantly impair this process, such as implementation
deadlines.

My complaint in 1997 about the original spec was that it used
ASN.1 all over the place where the same could have been easily
accomplished entirely without ASN.1, and I predicted that this
will reliably prevent serious review at the theoretical level
for most IETF participants -- this certainly detered me from
reviewing the protocol itself.   (Discussing and reviewing the
underlying solution architecture was no problem.)

Having reviewed GSS-APIv2 before SPNEGO, I was _not_ surprized the
least about the number of issues that were found and fixed in rfc-4178.


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>