IETF Logo Mail Archive

Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC

Abdussalam Baryun <abdussalambaryun@gmail.com> Sun, 11 May 2014 10:17 UTC

Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E0701A021D for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 03:17:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSGjzmsn8OAG for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 03:17:45 -0700 (PDT)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 873311A0203 for <ietf@ietf.org>; Sun, 11 May 2014 03:17:45 -0700 (PDT)
Received: by mail-yk0-f174.google.com with SMTP id 9so4982262ykp.33 for <ietf@ietf.org>; Sun, 11 May 2014 03:17:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3UR0KJEFN2TJNAkHvalWKFi/QkoKjhBjmos+b68a9HA=; b=L0zhV+VnbHn1ziDBy4hP+tcT+SXSOc4HwqRh+YasCBuVz6f5pt8EZPJZMaxE/ciaZe ZURkWLXb4xQg0jJZ38bKirgXa6H0/eUVKNSoiWxfNjX+xeMBSmQz60kkSoPpaTOeRAPt OKTh0BhfoKidtudBxMk4e0ThMfZlCFMqQx6LqfPq7/toyFKisjif9XGVjR0NrYwcBi+n mBRZoz521n6381tYh9nYzDJQoJkqa65tFqSW6EZyJ5MT+Q06PS+x5D2kFq8+iqu7Nb13 yIdHLhgQu7wamAKsMnaGhbM2D1I9BoA242QTmUj2PaHRAIaR9XSb+0xclbGRyGPyiExE aGGg==
MIME-Version: 1.0
X-Received: by 10.236.79.134 with SMTP id i6mr31539778yhe.16.1399803458774; Sun, 11 May 2014 03:17:38 -0700 (PDT)
Received: by 10.170.87.135 with HTTP; Sun, 11 May 2014 03:17:38 -0700 (PDT)
In-Reply-To: <536E8CB1.7060802@gmail.com>
References: <20140509191841.18372.97889.idtracker@ietfa.amsl.com> <06a301cf6c7e$770e51e0$652af5a0$@olddog.co.uk> <536E8CB1.7060802@gmail.com>
Date: Sun, 11 May 2014 11:17:38 +0100
Message-ID: <CADnDZ88Je4SkMJaWv-Ca5Pkqbk1QifnbAHbeEJn=D7KqkgUn8w@mail.gmail.com>
Subject: Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="20cf30051044ea87f104f91d2392"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/kBOYPZ8eRhHVgDpFO9M6av-gqAI
Cc: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 10:17:49 -0000

I agree with most of Adrian comments.  However, Brian's opinion is
reasonable and the author's intentions are understood, but the draft should
change its approach in solving the problem and its sources. I think more
work needs to be done in the title, Abstract, and body. The draft has a
narrow viewpoint and does not consider the problems in users' expectations
of IETF.

The draft needs to identify the problem clearly, then design the approach
to solve such problem as informational work or as best practice work (it is
better to make it an informational). The problem is not only in the user
side or the implementor side but also includes the IETF specification
author, the problem domain includes IETF process that should consider
expectations of both sides.

More comments below, and I hope the author to consider my suggestions and
comments in this input.

On Saturday, May 10, 2014, Brian E Carpenter wrote:

> Hi Adrian,
>
> On 11/05/2014 06:34, Adrian Farrel wrote:
> > While I appreciate the effort the author put in to resolve previous
> > discussions, I do not support the publication of this document.

Agree, because more work is needed.

> >
> > The thrust of my previous comments were to say "It is all platitude,
> > but probably harmless" and "at whom is this document aimed". This
> > review is in a little more detail. I still find the whole document to
> > be one big platitude that does not need to be published,

I think the requirement was to enhance the relationship between
IETF specification author and  IETF user, their both expectations are not
matching, so the draft needs to fix both sides not only one, while the
source of problem may be the IETF or the IETF expectations.

>
> I can certainly see how you could reach that view, but I think you're
> looking at it from the viewpoint of somebody who's been around the
> IETF for a long time and knows what we do here and why we do it.


You Brain are the same as Adrian, both been around for long time. However,
the relationship with diversified users and their expectations is still
needed in IETF.

>
> I like to think of somebody else: a young programmer working far,
> far away, who will probably never attend an IETF meeting or join
> an IETF mailing list. For this person, we need to state things that
> are obvious to us.



> I agree, but also we need to see if our IETF process and its expectations
are involving such small firm diverse users.


> For example:
>
> "It is not sufficient to do an initial implementation of the protocol.
>  Maintenance is needed to apply changes as the come out in the future,
>  especially to fix security issues that are found after the initial
>  publication of a protocol specification."
>
> That isn't a trivial statement. It says that a protocol design may have
> zero-day vulnerabilities and if you implement it, it's your job to
> watch out for future updates and apply them. Is that going to be obvious
> to someone starting a garage company in Africa?


I agree, but does IETF have relationships with African users. We cannot
make our expectations of others if we don't know them or we don't involve
them in this draft process. I recommend many diverse users to review this
draft and we get their feedback and document it to the acknowledgement
section.


> I think the document is valuable.


Valuable only for IETF and for who were around for long, but not much for
the diverse implementers.   The draft title should state expectation of the
relationship between IETF and users/implementers.

>
> One specific comment: I think it should be mentioned that implementers
> should always read the references cited in a specification, especially
> but not only the normative references, and apply them as relevant.


So that is good suggest, because you are fixing the author side or the IETF
side, so any author/IESG-member needs to consider this draft while the IETF
processes.

>
> I also suggest mentioning implementation of extensions. Faulty extensions
> are harmful to interoperability and security. We have a couple of RFCs
> about that too (4775 and 6709).


That is important for both sides authors and users. Does WGs consider all
RFCs within IETF or does IETF WGs just look into their published work? We
need more cross Area within IETF process, that confuses the users very very
much. Users are expecting that IETF is one body and not separated by Areas
or WGs, this statement needs to be added to the draft as well.

AB

v2.23.0 | Report a Bug | By Email