Hi Florian,
At 00:35 13-03-10, Florian Weimer wrote:
I've come across a RFC which basically says, "in order to do X safely,
perform checks Y before you do X". It turns out that it's possible to
evade those checks. What should I do about it? I've already
contacted the author, and he says that no update to the RFC is
planned. Should i just file an errata? The problem is not really
critical, fortunately.
The alternatives are:
(i) File an errata [1]. Only a few people will read it. A few
of these few people might fix their implementations if they can be
bothered to do so.
(ii) Write an I-D to document the flaw and propose a fix.
(iii) Write a revised version of the specification as an I-D.
If the RFC was the output of a WG, you'll have to convince the WG to
adopt your I-D for (ii) and (iii). Alternatively, the I-D can be an
individual submission. You'll have to convince an AD to sponsor it
[2]. It's not much of an effort to do (i).
Regards,
-sm
1. http://www.ietf.org/iesg/statement/errata-processing.html
2. http://www.ietf.org/iesg/statement/ad-sponsoring-docs.html
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf