--On Friday, September 20, 2013 10:15 -0400 Ted Lemon <ted.lemon@xxxxxxxxxxx> wrote: > On Sep 20, 2013, at 9:12 AM, Harald Alvestrand > <harald@xxxxxxxxxxxxx> wrote: >> From the stack I'm currently working on, I find the ICE spec >> to be convoluted, but the SDP spec is worse, becaue it's >> spread across so many documents, and there are pieces where >> people seem to have agreed to ship documents rather than >> agree on what they meant. I have not found security >> implications of these issues. > > This sort of thing is a serious problem; people do make > efforts to address it by writing online guides to protocol > suites, but this isn't always successful, and for that matter > isn't always done. We could certainly do better here. Ted, Based in part on experience with the specs of, and discussions in, other standards bodies, the problem with guides (online or not) is (1) They may contain errors and almost always have omissions. The latter are often caused by the perfectly good intention of simplifying things and making them understandable by covering only the important cases. (2) If they are comprehensible and the standard is not, people tend to refer to them and not the standard. That ultimately turns them into the "real" standard as far as the marketplace is concerned. FWIW, the same problem can, and has, happened with good reference implementations. I don't know of any general solution to those problems, but I think the community and the IESG have got to be a lot more willing to push back on a spec because it is incomprehensible or contains too many options than has been the case in recent years. john