Re: Transparency in Specifications and PRISM-class attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Friday, September 20, 2013 10:15 -0400 Ted Lemon
<ted.lemon@xxxxxxxxxxx> wrote:

> On Sep 20, 2013, at 9:12 AM, Harald Alvestrand
> <harald@xxxxxxxxxxxxx> wrote:
>> From the stack I'm currently working on, I find the ICE spec
>> to be convoluted, but the SDP spec is worse, becaue it's
>> spread across so many documents, and there are pieces where
>> people seem to have agreed to ship documents rather than
>> agree on what they meant. I have not found security
>> implications of these issues.
> 
> This sort of thing is a serious problem; people do make
> efforts to address it by writing online guides to protocol
> suites, but this isn't always successful, and for that matter
> isn't always done.   We could certainly do better here.

Ted,

Based in part on experience with the specs of, and discussions
in, other standards bodies, the problem with guides (online or
not) is 

(1) They may contain errors and almost always have omissions.
The latter are often caused by the perfectly good intention of
simplifying things and making them understandable by covering
only the important cases.

(2) If they are comprehensible and the standard is not, people
tend to refer to them and not the standard.  That ultimately
turns them into the "real" standard as far as the marketplace is
concerned.   FWIW, the same problem can, and has, happened with
good reference implementations.

I don't know of any general solution to those problems, but I
think the community and the IESG have got to be a lot more
willing to push back on a spec because it is incomprehensible or
contains too many options than has been the case in recent years.

   john







[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]