On 10/17/2012 08:23 PM, John C Klensin wrote:
* A protocol specification that has the appearance of being
solely the product of a single vendor or other organization is
inherently dangerous and dangerous to the IETF, not just the
particants. Problems can arise if a standards body rubber-stamps
a one-organization specification, especially if that
organization gains an advantage from standardization of its
technology.
I'm with Dave on this one. I don't believe we should
feel any need whatsoever to fiddle with, or to look like
we've fiddled with, something that's already good, nor
ought we offer guidance to that effect.
If I recall correctly, HMAC (rfc 2104) is a fine counterexample
to the need-to-fiddle claim. The Internet is better because
we adopted what looks like that one-vendor specification
and we shouldn't feel like that's a problem, when it just
isn't.
So I don't see a need for any such addition to the FAQ.
S.