Hi Melinda,
On Jan 22, 2013, at 9:05 AM, Melinda Shore wrote:
there's general agreement that options are not a good thing and
a pretty decent understanding of the issues around complexity, but
there's many a slip, etc.
It may seem to be very easy to agree with you on that point. However, the story
isn't that simple as it first seems to be.
For example: For SIP there are many different key distribution protocols being
specified (see http://tools.ietf.org/html/rfc5479 and
http://tools.ietf.org/html/draft-ietf-avtcore-rtp-security-options-01).
Why are there so many different ways to distribute keys for usage with SRTP?
Why cannot we just have one solution and always use it? It turns out that there
are many reasons, including different properties of individual solutions,
designed by other organizations (e.g., 3GPP) and nobody wanted to upset them,
IPRs, different architectural assumptions (e.g., regarding regulatory
requirements), etc. Even the question whether SRTP should be mandated is
already complicated as discussed in
http://datatracker.ietf.org/doc/draft-ietf-avt-srtp-not-mandatory/
Another example from a different area: Why do we need so many transition
technologies for the migration from IPv4 to IPv6? Wouldn't it be less complex
to just have one transition mechanism?
Yet another example: Diameter supports TCP and SCTP. RADIUS initially supported
UDP only and later added support for TCP. Couldn't the RADIUS guys just have
used Diameter if they want to use a reliable transport?
Ciao
Hannes