> On Dec 17, 2020, at 6:48 PM, Fernando Gont <fgont@xxxxxxxxxxxxxxx> wrote: > > On 17/12/20 23:35, Joseph Touch wrote: >>> On Dec 17, 2020, at 5:58 PM, Fernando Gont <fgont@xxxxxxxxxxxxxxx <mailto:fgont@xxxxxxxxxxxxxxx>> wrote: >>> >>> What we mean is: >>> >>> #1: Spell out the interop req. i.e., tell us the properties that the IDs must have. -- we want to know the minium requirements the IDs need to comply to. >>> >>> #2: Analyze the possible implications of such IDs. >>> >>> #3: If you found any possible issues in #2, just suggest something to the implementer that complies with #1 and deals gracefully with #2. >> That would be the topic of a document on “Specifying the interoperability requirements of generated IDs in protocols”. >> That is not the title of this document; the difference between the two is where we disagree. > > Clearly not. > > There's no single advice in this document on how to specifiy interoperability requirements for numeric IDs. > > The goal is to do a security analysis. That isn’t #1. It’s a giant leap to assert that as the point of #2 - basically because “possible” doesn’t mean likely. And “graceful” does not describe what this document recommends. Joe -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
