IETF Logo Mail Archive

Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 11 May 2014 20:23 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738731A0343 for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 13:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s3KAJ5W9fh1k for <ietf@ietfa.amsl.com>; Sun, 11 May 2014 13:23:33 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id D59F41A0342 for <ietf@ietf.org>; Sun, 11 May 2014 13:23:33 -0700 (PDT)
Received: by mail-pa0-f50.google.com with SMTP id fb1so6865805pad.9 for <ietf@ietf.org>; Sun, 11 May 2014 13:23:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=RuE1p1TA4TzbaB4xSV94XcGdV0WmvJKmxUN8pD/uTkA=; b=LCBhT5lAq1/lJtvfvUV/U9SSpKxE5CNOU2QXH2hYJV8c1ZOM3itP2HbY/AXDDM9Nuv nAo3cMfkCOqHKmaWJFML1HiUGeIu0285OGAlbLDrZhTen8qnKZnnWw9Viqo42aUx5LdV 52f/P2vKp3ES61dBnEdAsJ/jHxVnAjXas8D3oJr6mmrJhs/1ouaEUuEHTDANcu3Sw185 sNf3rlcB7LWLu/KHayRWMlgWiPJhZebc08XaES/4YWiKCiFszD4DT6g15gf+YnjCLHRi HzKDd14UedonGFDl+tOQvZsib5IihOM87eAN1XMIt5bdmXJ7dB+8xoHKDjpvK36AdNC0 rSGA==
X-Received: by 10.66.192.225 with SMTP id hj1mr47704474pac.142.1399839808269; Sun, 11 May 2014 13:23:28 -0700 (PDT)
Received: from [192.168.178.20] (174.197.69.111.dynamic.snap.net.nz. [111.69.197.174]) by mx.google.com with ESMTPSA id ov4sm18967819pbc.46.2014.05.11.13.23.26 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 11 May 2014 13:23:27 -0700 (PDT)
Message-ID: <536FDC3F.6000703@gmail.com>
Date: Mon, 12 May 2014 08:23:27 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Subject: Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
References: <20140509191841.18372.97889.idtracker@ietfa.amsl.com> <06a301cf6c7e$770e51e0$652af5a0$@olddog.co.uk> <536E8CB1.7060802@gmail.com> <1399838117.17297.12.camel@nomad.lan>
In-Reply-To: <1399838117.17297.12.camel@nomad.lan>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/rJ-AmOtibg7h6bIeUftJRdFIxjY
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 20:23:35 -0000

Nikos,

On 12/05/2014 07:55, Nikos Mavrogiannopoulos wrote:
> On Sun, 2014-05-11 at 08:31 +1200, Brian E Carpenter wrote:

...
>> I like to think of somebody else: a young programmer working far,
>> far away, who will probably never attend an IETF meeting or join
>> an IETF mailing list. For this person, we need to state things that
>> are obvious to us. For example:
>> "It is not sufficient to do an initial implementation of the protocol.
>>  Maintenance is needed to apply changes as the come out in the future,
>>  especially to fix security issues that are found after the initial
>>  publication of a protocol specification."
> 
> This document doesn't fill this purpose as it is written as a what-to-do
> document rather than a document with advice to implementers. If somebody
> has specific expectations from implementers then that should be
> reflected in a contract with them.

That's a straw man. You know very well that (precisely because IETF
standards are voluntary) there will never be such a contract between
the IETF and the implementer.

> 
> If on the other hand this is written in purpose to introduce
> IETF-certified or IETF-approved implementations it must be even more
> precise than this document. As it is, it doesn't fill any obvious
> purpose.

The document is aspirational, not contractual. It seems perfectly reasonable
to ask implementers (whether a profit-making company, an open-source
community, or an individual) to accept ongoing responsibility for their
code. Isn't that exactly what GnuTLS does, for example?

I'm not sure the IETF has ever said this before, however, and the only
way we have to say things permanently is by publishing an RFC.

   Brian

v2.23.0 | Report a Bug | By Email