Re: [irsg] An IETF repository for working code in our protocols?

[Toerless Eckert <tte@cs.fau.de>]

Good points, Eliot

Random thoughts:

I always thought sendmail was likely the earliest reference example for "single" (dominant)
implementation protocol back in the day (rfc822). Made popular of course by 
https://en.wikipedia.org/wiki/Morris_worm

I wonder if there would be in IETF land ever be value in official "reference software"
I remember this primarily from ISO/MPEG where it was/?is? common, e.g.:

https://standards.iso.org/ittf/PubliclyAvailableStandards/c025029_ISO_IEC_TR_11172-5_1998(E)_Software_Simulation.zip

I guess implicitly we have such reference software implicitly in our tooling chain, e.g.: 
tools written by IETF tooling team for e.g.: rfc7991 (RFC xml). Not sure if
there is anything similar for "technical" area work product (RFCs).

Cheers
    Toerless

On Thu, Aug 20, 2020 at 04:45:28PM +0200, Eliot Lear wrote:
> 
> 
> > On 20 Aug 2020, at 01:09, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> > 
> > 
> > Hiya,
> > 
> > On 19/08/2020 23:51, Joel M. Halpern wrote:
> >> There is different value in open and closed source implementations.  But
> >> bother are valuable.
> > 
> > I maintain that, for implementers of RFCs, the existence of
> > open-source code is valuable in a way that closed-source
> > can never match. ISTM, that means OSS is inherently better
> > for the purpose we're discussing here.
> > 
> 
> When we speak in generalities, some finer points get lost.  I can see value in open source in that people can take it and use it.  And this is good to a point.  One perversity is that if the standard is complex and there is source available, then that might be the ONLY implementation, or one of a very small number.  This is precisely what happened in 2002 with SNMP and the ASN.1 interpreter bug that hit the entire industry, and it has since happened with openssl, although there are now a good number of libraries out there that cover its ground.
> 
> If the point is to test interoperability, then OSS and closed source can be of similar value if someone is running a test harness of some sort through the closed source, and we see that fairly often as well in the form of bakeoffs and test portals.  We do both OSS and closed now with MUD for instance.
> 
> 
> >> There is as far as I can tell no benefit in the IETF actually storing
> >> the source for these projects.
> > 
> > I disagree. Finding the commit that matches the time at
> > which the RFC was written can be non-trivial and will
> > sometimes be useful/needed.
> 
> 
> There is some value of a pointer.  First, very little code only implements one standard.  The code has a purpose in life that may extend beyond a POC.  And this also means that the only thing that the IETF has to worry about is how to update a list of pointers, and not who gets to commit on active projects.  And yeah, it might also keep the IPR just a bit simpler.
> 
> Eliot



-- 
---
tte@cs.fau.de