On Mon, Apr 26, 2021 at 8:24 AM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
- It doesn't matter to you, but it does matter to other people like me.
You have been told several times, by several people, that a draft is not a standard. No matter what vendors do, no matter what emails say about it. Even if the subject of the document says “A Standard BLS Mechanism,” until it is an RFC it is not a standard.
People within the IETF often use the word standard in a number of ways. That doesn’t mean the document IS a standard.
I unmderstand this is frustrating to you, but just because some vendors implemented a draft, and you found a bug, that doesn’t mean the draft authors have to push out an update immediately.
Not immediately. I reported the bugs privately a long time ago by a responsible disclosure mechanism, no fixing action and then I reported it publicly, no fixing action, no time commitment. I have been reporting security bugs many time (e.g. I reported most bugs (mine and on behalf of other people) in https://github.com/google/wycheproof/blob/master/doc/bugs.md), but this is the 1st time there is a strange deadlock. I understand BLS Internet-Draft authors' perspectives and I understand libraries authors' perspectives. I tried but failed in convincing everyone to compromise in moving and fixing it :(
There is a reason, after all, why the document is called a *draft*