IETF Logo Mail Archive

Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC

S Moonesamy <sm+ietf@elandsys.com> Sun, 11 May 2014 19:32 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5171A033C for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 12:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.292
X-Spam-Level:
X-Spam-Status: No, score=0.292 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lH_qz9YMazOg for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 12:32:05 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 816451A033B for <ietf@ietf.org>; Sun, 11 May 2014 12:32:05 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.226.232.174]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s4BJVjE7021496 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Sun, 11 May 2014 12:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1399836717; bh=sh9z47rVjYLN/N6msZ6wpldJ5bSk/BVCm2xCbtcpUX4=; h=Date:To:From:Subject:In-Reply-To:References; b=KL9LPL2zf6hOQkVmjrSyrGouTrmfeoKH2dlbLNBpVqh6T30+w2u4PVxzHz0Unav+Y at3hM1uiZuTLh0N4yOpdWfXWXM9fxhQKYc8KWiMbY8P47voxaWFw/ZGMAAr9VrG2ys V1g/FtVFJvu8IkSToeTNP8bObEWu9d+tnWjQP2DE=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1399836717; i=@elandsys.com; bh=sh9z47rVjYLN/N6msZ6wpldJ5bSk/BVCm2xCbtcpUX4=; h=Date:To:From:Subject:In-Reply-To:References; b=cFm6UAS1L0W0IeX4AIEngry1UVcspxz3Se3JH8KP38MIz1CauyDhLwLGw3wEYvW2p qwfrYHVF1fwx1MMhC5GKt5o7GJ7R4VBRo0F3oCPKm6ir7dYD8mEwUUkGzsocbiXsze FL1EMr/C8z4NmOK5GdCjDElkMiU8aUbbntN7yGf0=
Message-Id: <6.2.5.6.2.20140510215740.0b45b690@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sun, 11 May 2014 02:48:41 -0700
To: ietf@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
In-Reply-To: <20140509191841.18372.97889.idtracker@ietfa.amsl.com>
References: <20140509191841.18372.97889.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/gC_SxBG6r55dLbdKRT2doUhY4qw
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 19:32:07 -0000

At 12:18 09-05-2014, The IESG wrote:
>The IESG has received a request from an individual submitter to consider
>the following document:
>- 'Expectations of Implementers of IETF Protocols'
>   <draft-housley-implementer-obligations-01.txt> as Informational RFC
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action. Please send substantive comments to the
>ietf@ietf.org mailing lists by 2014-06-06. Exceptionally, comments may be

The document defines three expectations which can be summed up as 
"follow".  I don't think that's a good idea.

The Introduction Section of the draft states that IETF protocols are 
about interoperability and defines what is expected of 
implementers.  In that section:

   "IETF protocols foster interoperability.  This interoperability brings
    great benefits.  IETF protocols are building blocks for many products
    and services, and they enable innovation."

The above comes out as marketing IETF protocols to the world.  The 
implementers I am acquainted would be suspicious if I were to use 
words such as "great benefits" and "enable innovation".

   "Yet, IETF standards are voluntary standards.  No one is required to
    implement them."

Some IETF standards, e.g. TCP, are de facto standards.  When an IETF 
standard is widely used and widely implemented there isn't any 
practical alternative except to follow suit.  Arguing that it is a 
voluntary goes against describing an IETF protocol as the standard.

The real test of a protocol specification is the implementation.  An 
implementer (not speaking for anyone else) decides how to implement 
what is specified in the RFC instead of blindly following what is 
written in it.  I'll note that some IETF protocols are 
over-specified, e.g. they prescribe methods instead of specifying the 
interoperable elements.

Ideally, a BCP would describe best current practice.  In practice, a 
BCP states the beliefs of the proponents as current practice.  The 
expectation for implementers to follow associated BCPs could be seen 
as an imposition.

It is not clear what IANA registry practices has to do with this 
document.  There is a normative reference to RFC 2860.  That RFC is 
an agreement between IETF and ICANN.

Section 2 quote Postel's Law. It has been argued in an IEEE 
publication that several mistakes in Postel's principle lead to the 
opposite of robustness - unmanageble insecurity.  The RFC 1122 
discussion of that principle provides better guidance to the 
implementer.  Unfortunately, there is a tendency to quote the 
sentence instead of the RFC 1122 discussion.

Section 2 of the draft states that "many protocol specifications are 
living documents".  An implementer would expect that a specification 
has reached a level of maturity where it won't be changed 
significantly.  The rationale here is that there is a cost to making 
changes.  There are also other parties involved and the implementer 
does not have any control over them.  On a somewhat related note, the 
IETF has published a specification in 1998.  There are errata for 
that specification.  It seems that the IETF found it sufficient to 
publish a specification and not include technical changes which 
affect the specification.  Reading nine "updates" does not make the 
life of the implementer easier.  In simple terms, the IETF would be 
unable to follow its own advice.

Section 3 mentions that:

   "Often the implementer needs to look through the BCP index to find
    related BCPs."

The secret of Polichinelle is that there is some hand-waving in a BCP 
when nobody knows, or there isn't agreement, about what guidance to 
give.  That leaves the implementer without guidance.

Section 4 is quite lengthy compared to the sections about the first 
two expectations.  The section states that the Internet Assigned 
Numbers Authority is a central authority.  That section might be in 
contradiction with RFC 6220; the latter mentions a Registry Operator 
without stating that the Internet Assigned Numbers Authority will 
always be the central authority.

The following is odd:

   "Implementers are expected to follow the IANA registry practices
    associated with the protocol, especially in the assignment of new
    values.  By following these practices, other implementations will
    learn about new values and make the appropriate updates to handle
    them properly."

It looks like implementers are to follow registry practices so that 
other implementations will have to be updated.  It lessens the 
argument for interoperability by choice and makes a strong argument 
for forcing implementations to follow the registry practices.  A 
future effect might be to turn registry assignments into 
controversial discussions with the IETF acting as a gatekeeper.

The implementer is advised to follow the registry practices for 
"top-level DNS names in the rare cases where such values are 
needed".  A search turned up:

http://support.microsoft.com/gp/gp_namespace_master
http://support.apple.com/kb/ts3389
http://www.belkin.com/PYRAMID/AdvancedInfo/F5D7632uk4Aver7000/Interfaces/Interface/English/lan_main_0.stm
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1295
http://www.enterprisenetworkingplanet.com/netsysm/article.php/991281
http://community.linuxmint.com/tutorial/view/159
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html

The advice has not been followed previously.  It is unlikely that it 
will be followed.

It is better to have a technical discussion about the implementation 
details of a specification than to argue that "you must do what the 
RFC says".  Interoperability does not work without mutual 
consent.   An expectation that people will follow does not create a 
sense of collaboration.  The draft mentions that the "expectations 
reflect the fundamental philosophy of the IETF".  As much as it is 
appealing to know better, is that the philosophy that the IETF would 
like to encourage?

Regards,
S. Moonesamy

v2.23.0 | Report a Bug | By Email