I don't think I agree with this. On Jun 21, 2010, at 6:45 PM, Martin Rex wrote: > > I would prefer if the IETF retains the third level and puts an emphasis > on cutting down on protocol feature bloat when going from draft to > full standard. You want to be very careful cutting down on feature bloat. Some people may be using those features you consider "bloat". The right time to cut down on bloat is before publication of the original RFC. That's when it gets the most scrutiny, and that's the time to tell the author(s) that certain features should either clearly be OPTIONAL (aka MAY), or cut out entirely and placed in an extension document that may or may not later be advanced in maturity level. > What I see happening is that Proposed Standards often start out with > a lot of (unnecessary) features, and some of them even inappropriately > labelled as "MUST implement". Perhaps this should explicitly be part of the review process. Think of a minimal implementation, and make sure all the features it doesn't need are optional > The draft standard only does some interop testing on a small number > of implementations, not unlikely those participating the standardization > process. It neither addresses what subset other implementations implement > and what subset is actually necessary for the general use case in the > installed base. The small group of those participating in the standardization process doesn't necessarily change later. Even if more implementers have joined the fray, they don't necessarily come to the IETF. Their "contribution" is only reflected in "horror stories" from the same implementers of the original standard. With the TLS renegotiation thing late last year, some people thought that five leading implementations were responsible for almost all of TLS. It later turned out that there were dozens of implementations in active use. And yet, most of these implementers either don't participate in the TLS WG, or don't identify as such. I had no idea SAP had their own TLS implementation, although you had participated in the TLS WG for a while, and I have never said anything about Check Point's TLS implementation. > One of the worst feature bloat examples is PKIX. > > It contains an awkward huge number of features that a number of > implementations do not support -- and work happily without. > There should either be a split of e.g. 5280 into a "basic profile" > and a "advanced feature profile", or the status for some of the > extensions should be fixed from "MUST implement" to "SHOULD implement" > to match the real world and real necessity. I don't like SHOULDs that only a small subset implement. Advanced features beyond the basic profile should not be an all-or-nothing thing like an "advanced feature profile" implies. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf