Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
S Moonesamy <sm+ietf@elandsys.com> Sun, 11 May 2014 19:32 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5171A033C for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 12:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.292
X-Spam-Level:
X-Spam-Status: No, score=0.292 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lH_qz9YMazOg for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 12:32:05 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 816451A033B for <ietf@ietf.org>; Sun, 11 May 2014 12:32:05 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.226.232.174]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s4BJVjE7021496 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Sun, 11 May 2014 12:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1399836717; bh=sh9z47rVjYLN/N6msZ6wpldJ5bSk/BVCm2xCbtcpUX4=; h=Date:To:From:Subject:In-Reply-To:References; b=KL9LPL2zf6hOQkVmjrSyrGouTrmfeoKH2dlbLNBpVqh6T30+w2u4PVxzHz0Unav+Y at3hM1uiZuTLh0N4yOpdWfXWXM9fxhQKYc8KWiMbY8P47voxaWFw/ZGMAAr9VrG2ys V1g/FtVFJvu8IkSToeTNP8bObEWu9d+tnWjQP2DE=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1399836717; i=@elandsys.com; bh=sh9z47rVjYLN/N6msZ6wpldJ5bSk/BVCm2xCbtcpUX4=; h=Date:To:From:Subject:In-Reply-To:References; b=cFm6UAS1L0W0IeX4AIEngry1UVcspxz3Se3JH8KP38MIz1CauyDhLwLGw3wEYvW2p qwfrYHVF1fwx1MMhC5GKt5o7GJ7R4VBRo0F3oCPKm6ir7dYD8mEwUUkGzsocbiXsze FL1EMr/C8z4NmOK5GdCjDElkMiU8aUbbntN7yGf0=
Message-Id: <6.2.5.6.2.20140510215740.0b45b690@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sun, 11 May 2014 02:48:41 -0700
To: ietf@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
In-Reply-To: <20140509191841.18372.97889.idtracker@ietfa.amsl.com>
References: <20140509191841.18372.97889.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/gC_SxBG6r55dLbdKRT2doUhY4qw
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 19:32:07 -0000
At 12:18 09-05-2014, The IESG wrote: >The IESG has received a request from an individual submitter to consider >the following document: >- 'Expectations of Implementers of IETF Protocols' > <draft-housley-implementer-obligations-01.txt> as Informational RFC > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send substantive comments to the >ietf@ietf.org mailing lists by 2014-06-06. Exceptionally, comments may be The document defines three expectations which can be summed up as "follow". I don't think that's a good idea. The Introduction Section of the draft states that IETF protocols are about interoperability and defines what is expected of implementers. In that section: "IETF protocols foster interoperability. This interoperability brings great benefits. IETF protocols are building blocks for many products and services, and they enable innovation." The above comes out as marketing IETF protocols to the world. The implementers I am acquainted would be suspicious if I were to use words such as "great benefits" and "enable innovation". "Yet, IETF standards are voluntary standards. No one is required to implement them." Some IETF standards, e.g. TCP, are de facto standards. When an IETF standard is widely used and widely implemented there isn't any practical alternative except to follow suit. Arguing that it is a voluntary goes against describing an IETF protocol as the standard. The real test of a protocol specification is the implementation. An implementer (not speaking for anyone else) decides how to implement what is specified in the RFC instead of blindly following what is written in it. I'll note that some IETF protocols are over-specified, e.g. they prescribe methods instead of specifying the interoperable elements. Ideally, a BCP would describe best current practice. In practice, a BCP states the beliefs of the proponents as current practice. The expectation for implementers to follow associated BCPs could be seen as an imposition. It is not clear what IANA registry practices has to do with this document. There is a normative reference to RFC 2860. That RFC is an agreement between IETF and ICANN. Section 2 quote Postel's Law. It has been argued in an IEEE publication that several mistakes in Postel's principle lead to the opposite of robustness - unmanageble insecurity. The RFC 1122 discussion of that principle provides better guidance to the implementer. Unfortunately, there is a tendency to quote the sentence instead of the RFC 1122 discussion. Section 2 of the draft states that "many protocol specifications are living documents". An implementer would expect that a specification has reached a level of maturity where it won't be changed significantly. The rationale here is that there is a cost to making changes. There are also other parties involved and the implementer does not have any control over them. On a somewhat related note, the IETF has published a specification in 1998. There are errata for that specification. It seems that the IETF found it sufficient to publish a specification and not include technical changes which affect the specification. Reading nine "updates" does not make the life of the implementer easier. In simple terms, the IETF would be unable to follow its own advice. Section 3 mentions that: "Often the implementer needs to look through the BCP index to find related BCPs." The secret of Polichinelle is that there is some hand-waving in a BCP when nobody knows, or there isn't agreement, about what guidance to give. That leaves the implementer without guidance. Section 4 is quite lengthy compared to the sections about the first two expectations. The section states that the Internet Assigned Numbers Authority is a central authority. That section might be in contradiction with RFC 6220; the latter mentions a Registry Operator without stating that the Internet Assigned Numbers Authority will always be the central authority. The following is odd: "Implementers are expected to follow the IANA registry practices associated with the protocol, especially in the assignment of new values. By following these practices, other implementations will learn about new values and make the appropriate updates to handle them properly." It looks like implementers are to follow registry practices so that other implementations will have to be updated. It lessens the argument for interoperability by choice and makes a strong argument for forcing implementations to follow the registry practices. A future effect might be to turn registry assignments into controversial discussions with the IETF acting as a gatekeeper. The implementer is advised to follow the registry practices for "top-level DNS names in the rare cases where such values are needed". A search turned up: http://support.microsoft.com/gp/gp_namespace_master http://support.apple.com/kb/ts3389 http://www.belkin.com/PYRAMID/AdvancedInfo/F5D7632uk4Aver7000/Interfaces/Interface/English/lan_main_0.stm https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1295 http://www.enterprisenetworkingplanet.com/netsysm/article.php/991281 http://community.linuxmint.com/tutorial/view/159 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html The advice has not been followed previously. It is unlikely that it will be followed. It is better to have a technical discussion about the implementation details of a specification than to argue that "you must do what the RFC says". Interoperability does not work without mutual consent. An expectation that people will follow does not create a sense of collaboration. The draft mentions that the "expectations reflect the fundamental philosophy of the IETF". As much as it is appealing to know better, is that the philosophy that the IETF would like to encourage? Regards, S. Moonesamy
- RE: Last Call: <draft-housley-implementer-obligat… Adrian Farrel
- Re: Last Call: <draft-housley-implementer-obligat… Brian E Carpenter
- Re: Last Call: <draft-housley-implementer-obligat… Abdussalam Baryun
- Re: Last Call: <draft-housley-implementer-obligat… S Moonesamy
- Re: Last Call: <draft-housley-implementer-obligat… Nikos Mavrogiannopoulos
- Re: Last Call: <draft-housley-implementer-obligat… Brian E Carpenter
- Re: Last Call: <draft-housley-implementer-obligat… Elwyn Davies
- RE: Last Call: <draft-housley-implementer-obligat… l.wood
- Re: Last Call: <draft-housley-implementer-obligat… Nikos Mavrogiannopoulos
- Re: Last Call: <draft-housley-implementer-obligat… Eliot Lear
- Re: Last Call: <draft-housley-implementer-obligat… John C Klensin
- Constructive suggestions/ alternatives (was: )e: … John C Klensin
- Re: Last Call: <draft-housley-implementer-obligat… Avri Doria
- Re: Last Call: <draft-housley-implementer-obligat… Brian E Carpenter
- Re: Last Call: <draft-housley-implementer-obligat… Eric Rosen