ietf
[Top] [All Lists]

Re: Transparency in Specifications and PRISM-class attacks

2013-09-20 12:26:13
Carsten,

I am not saying all the specifications are great but I wanted to know first what target audience Harald is talking about.

You are talking about us, guys who have been in the IETF for a long time, as the target audience. If we find specifications difficult to read then that's a real issue since it is rather unlikely that anyone else will find it a lot easier.

If you talk about regulators as another potential target audience of our documents, for example, then you might quickly find out that they find all our specifications unreadable.

I also have a number of things I don't like but I personally don't think that improving the readability of our specifications will lead to a change in the offered security.

Ciao
Hannes


On 20.09.2013 17:48, Carsten Bormann wrote:
On Sep 20, 2013, at 13:38, Hannes 
Tschofenig<hannes(_dot_)tschofenig(_at_)gmx(_dot_)net>  wrote:

2) Are there documents you find non-readable?

I'm not sure you aren't mocking us, but...

*Yes*, there are documents in the IETF that are highly non-accessible.

I could name examples from areas other than security, but probably the most 
glaring example in the security area is the maze of twisty little passages that 
the TLS spec is.

Many of the specifications that make up TLS are of the form "MMM is almost like [RFCNNNN], except 
that.".  Of course, RFCNNNN says "NNN is almost like [RFCQQQQ], except that.".  In the end, 
you need several weeks of analysis, heaping layer over layer of changes, with increasing uncertainty of what 
the spec resulting from this layer cake really says.  Also when trying to ascertain a specific property, all 
these changes have to be examined again, and it is really easy to misinterpret one of these changes, coming 
up with the wrong conclusion.  The whole thing reminds me of the old concept of an "interfiled" 
loose-leaf service update, except that the new pages are never actually sorted in but you are keeping all the 
updates around together with the original set to check them in sequence whenever you need a specific page.

I think I understand how the current situation came about, but I think it qualifies for 
"documents you find non-readable".

Grüße, Carsten

PS.: Harald: The SDP spec is bad in large parts because of the mission creep; 
SDP was great for its uses in 1993 but is excruciatingly bad for what it is 
being used for today.  It's a disaster we didn't manage to replace it in time 
before the complexity ballooned...


<Prev in Thread] Current Thread [Next in Thread>