> So... should the protcol spec have a requirement stating that implementations
MUST ensure this can not happen, and - oh, go figure out how to do that, not a
protocol issue ?
I am not sure what you are trying to say. That it's hard to determine where the fault is sometimes? I don't think anyone disagrees with that.
I worry about something like "protocol-vulnerabilities@xxxxxxxx" becoming swamped with implementation issues, but I would support this if we agreed it was a two-year experiment or something.
> In patents, patent protection is only granted when the description is
sufficient to build a working model. So if you want to claim that a protocol
is not at fault for an attack, its description needs to be sufficient to
make it clear how to build a working model protecting against the attack.
Patents (at least in the US) typically have an "escape clause" near the beginning, often written like "As will be readily obvious to one familiar with the field" So I see the same parallel to standards: avoiding memory exhaustion under load should be readily obvious to one familiar with the field.
