Ted Hardie wrote: > > A periodic call for comments, say at 2 and 5 years out, with those > judged to be still useful moving up the ladder, for example? There should be at least an IETF Last Call before any such automatic advancement in order to figure out whether the community thinks there is sufficient implementation experience that supports advancing the document. Example: The "SPNEGO - the GSS-API negotiation mechanism" http://tools.ietf.org/html/rfc4178#appendix-C started at proposed with rfc-2478 (Dec-1998) was reviewed and serious problems fixed with rfc-4178 (Oct-2005). The basic problem was there there existed only a single implementation (from Microsoft) and the original implementor did either not sufficiently think about the spec while implementing it or forgot to tell the IETF CAT WG about the problems of the spec he found. Given the right mindset and some level of development experience, it is possible to find most issues and all serious issues in a spec doing only one single implementation. But there are issues that may significantly impair this process, such as implementation deadlines. My complaint in 1997 about the original spec was that it used ASN.1 all over the place where the same could have been easily accomplished entirely without ASN.1, and I predicted that this will reliably prevent serious review at the theoretical level for most IETF participants -- this certainly detered me from reviewing the protocol itself. (Discussing and reviewing the underlying solution architecture was no problem.) Having reviewed GSS-APIv2 before SPNEGO, I was _not_ surprized the least about the number of issues that were found and fixed in rfc-4178. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf