Re: [irsg] An IETF repository for working code in our protocols?

Eliot Lear <> Thu, 20 August 2020 14:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E68FE3A0A52 for <>; Thu, 20 Aug 2020 07:45:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YQkF9s4yR3wW for <>; Thu, 20 Aug 2020 07:45:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F2EA63A09EE for <>; Thu, 20 Aug 2020 07:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=6732; q=dns/txt; s=iport; t=1597934735; x=1599144335; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=TsR67fIWUKesG/5lOQh5/cPu3CZoe2lIDiegHCrNU3I=; b=HbOOtZRD8OKOw1YXEbNNU/wPniDn2RhWbRvi2JmSsssqhn7FhfB0/san PjRZnrOJfAEadqW46qMVaExXpGjIQ8iE0fKSIgvb3YN2NK8Rai3TcPL3q quRoDz9fg/ZYi97AJgh64Qae1vEX5V+I9p3fEEHp/FfkHHZ6pLZttcmcQ Q=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BXAAAQiz5f/xbLJq1fHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgTgFAQELAYF6gXMBIBIsjTiILpN/hhyBfQQHAQEBCQMBAS8?= =?us-ascii?q?EAQGETAKCQyU2Bw4CAwEBCwEBBQEBAQIBBgRthWiFcQEBAQMBeQULCxguVwY?= =?us-ascii?q?TGYMNAYJcILB5dIE0hVKFHRCBOAGBUotoggCBESccgh8uPogHgi0EkkaIYJs?= =?us-ascii?q?Tgm2DDIEtlWkDHoMBjmmOQJQtmX+DWAIEBgUCFYFbBi2BVzMaCBsVOyoBgj4?= =?us-ascii?q?+EhkNj0QBDo0VPwMwNwIGCgEBAwmRTQEB?=
X-IronPort-AV: E=Sophos;i="5.76,333,1592870400"; d="asc'?scan'208,217";a="28913934"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Aug 2020 14:45:30 +0000
Received: from [] ([]) by (8.15.2/8.15.2) with ESMTPS id 07KEjUHx032057 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 20 Aug 2020 14:45:30 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_918F6C63-4BF6-4237-AA79-6D63364BF294"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Subject: Re: [irsg] An IETF repository for working code in our protocols?
Date: Thu, 20 Aug 2020 16:45:28 +0200
In-Reply-To: <>
Cc: "Joel M. Halpern" <>, Vijay Gurbani <>, "" <>
To: Stephen Farrell <>
References: <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3608.
X-Outbound-SMTP-Client:, []
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Working Group Chairs <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Aug 2020 14:45:37 -0000

> On 20 Aug 2020, at 01:09, Stephen Farrell <> wrote:
> Hiya,
> On 19/08/2020 23:51, Joel M. Halpern wrote:
>> There is different value in open and closed source implementations.  But
>> bother are valuable.
> I maintain that, for implementers of RFCs, the existence of
> open-source code is valuable in a way that closed-source
> can never match. ISTM, that means OSS is inherently better
> for the purpose we're discussing here.

When we speak in generalities, some finer points get lost.  I can see value in open source in that people can take it and use it.  And this is good to a point.  One perversity is that if the standard is complex and there is source available, then that might be the ONLY implementation, or one of a very small number.  This is precisely what happened in 2002 with SNMP and the ASN.1 interpreter bug that hit the entire industry, and it has since happened with openssl, although there are now a good number of libraries out there that cover its ground.

If the point is to test interoperability, then OSS and closed source can be of similar value if someone is running a test harness of some sort through the closed source, and we see that fairly often as well in the form of bakeoffs and test portals.  We do both OSS and closed now with MUD for instance.

>> There is as far as I can tell no benefit in the IETF actually storing
>> the source for these projects.
> I disagree. Finding the commit that matches the time at
> which the RFC was written can be non-trivial and will
> sometimes be useful/needed.

There is some value of a pointer.  First, very little code only implements one standard.  The code has a purpose in life that may extend beyond a POC.  And this also means that the only thing that the IETF has to worry about is how to update a list of pointers, and not who gets to commit on active projects.  And yeah, it might also keep the IPR just a bit simpler.