At 9:43 AM +1300 3/18/10, Brian E Carpenter wrote: >In my opinion this is not ready for prime time. I agree with all of Brian's issues, and add another one that is equally, if not more, significant. This document talks about an IANA registry having entries for compliance, but does not describe what the compliance is applied to. >3.1. MANDATORY > > This is the strongest requirement and for an implementation to ignore > it there MUST be a valid and serious reason. > > Implementations: To be considered compliant, all implementations > MUST support this registry entry. > Operations: To be considered compliant, operations MUST use at least > one of the mandatory entries. > Note 1: There can be more than one MANDATORY requirement. > Note 2: The requirement applies only to new or future > implementations on the day the requirement is released. In many > cases existing implementations can become compliant via software > upgrade or point release. Look at an IANA registry such as the one that prompted this draft, <http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml>. If there is an algorithm that is now marked "MANDATORY", and your implementation did not have it, you would not be in compliance with the registry. The IETF has never had a concept of compliance to an IANA registry, which is a good thing. Suggesting that we should start doing that now is just plain wrong. It is *fine* to have an RFC specify which algorithms must be implemented / supported / whatever for compliance to the RFC; we do that now just fine. When the community agrees on changes to what is needed to comply with an RFC, you update the RFC; we now do that just fine as well. Putting new words in an IANA registry will make things more confusing, not less. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf