Hi, On 2009-4-15, at 17:47, Todd Glassey wrote:
Lars Eggert wrote:Nothing would be "tested", the IETF isn't in the business of auditing TCP stacks.Yo Lars Good-morning, let me respond. "Sure it is..." let me amplify - Don't the IETF standards processes "require the development of two ormore independent implementations of any given protocol specification and the associated interoperability testing to document that the suite runsas advertised in the specification?"
this is required when moving from Proposed Standard to Draft Standard. (Also, what RFC are you quoting in the previous paragraph?) This doesn't apply to the document we're discussing here, because:
What we're talking about is describing attack vectors, potential countermeasures and the the impact (downsides) those countermeasures might come with. Implementors will need to decide for themselves if and how to apply any of these techniques to their stacks.Which would be filed as a Use Case Document as a set lf BCP's for aprotocol stanadard. This by the way is where the real value of the IETF comes in - in also telling people how to and how not to use these protocols.
Yes, it is likely that whatever the outcome is, the document would be published as Informational or BCP.
Lars
<<attachment: smime.p7s>>
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf