On Aug 15, 2013, at 12:26 PM, Yaron Sheffer
<yaronf(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
- One tag value you may want to consider adding is "critical" in the
security sense of the word, i.e., an application is required to fail if
it does not understand the value (probably best applied to map keys).
That's also an interesting idea. If included, it would be best to add
this as soon as possible, and ensure that it gets added to the test
vectors, to avoid problems we've had in the past with inadequate
implementations of criticality.
I agree this needs to go into the base spec ASAP, so that it really is
treated correctly. And it certainly cannot be a later extension, as Paul
suggested in another message.
You and I have been in IETF security WGs together for over a decade, and we
have seen how often implementers have gotten "critical" wrong regardless of the
wording in the various specs. They disagree about what it means to "understand"
an extension, to "be able to process" an extension, and so on. They are
completely sure that people who disagree with them are obviously wrong, even in
the face of multiple examples by seasoned programmers.
Someone joked at the mic in some WG years ago that the critical bit was called
that because we should be criticized for how poorly it is understood.
Instead of thinking "this time I'm sure we'll get everyone to understand this",
it might be better to have an extended discussion which possibly ends in
multiple tags with varying descriptions.
Also note that "critical" can be applied to all sorts of data, including data
items that are already tagged! I think this is not allowed for according to
the spec.
That is incorrect. Please point to the area where you think it says that so we
can make it clearer.
--Paul Hoffman