On Aug 30, 2011, at 2:02 PM, Eric Burger wrote: Note the language"MUST implement, SHOULD use" is a common compromise.
^^^^^^^^^^^
This is my heartache. Why is it a compromise? Most use of SHOULD I run into in WG's is either this precise one: I don't want to make this a MUST use, because I will have deployments *THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were. Example: instant messaging systems for enterprises where tapping is a legal requirement, not something to be avoided. Example: instant messaging systems deployed where governments want to do warrantless, undetectable tapping
I would offer neither of these examples are Internet examples, and we should get some iron underpants on and say so.
Mumble. I fundamentally don't buy the argument that things that are used on both local networks and the Internet should not be subject to Internet-strength security.
And even where recording is a legal requirement, that's NOT an argument for sending traffic in cleartext or with weak encryption. That might be an argument for some kind of backdoor - e.g. a trusted proxy or key escrow or whatever, but it's not an argument for making the traffic available for those without a legal need to see it. SHOULD should neither be a crutch for making a proprietary protocol look like an Internet protocol nor for making two proprietary protocols look like a single, Internet protocol.
agree.
Keith
|
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf