Re: Alternate entry document model (was: Re: IETF processes (wasRe:
Martin Rex <mrex@sap.com> Tue, 02 November 2010 18:16 UTC
Return-Path: <mrex@sap.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CED933A69E8 for <ietf@core3.amsl.com>; Tue, 2 Nov 2010 11:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.949
X-Spam-Level:
X-Spam-Status: No, score=-9.949 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_62=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTwA9192k2zz for <ietf@core3.amsl.com>; Tue, 2 Nov 2010 11:16:40 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 63E3E3A69EB for <ietf@ietf.org>; Tue, 2 Nov 2010 11:16:40 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id oA2IGVtB013826 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 2 Nov 2010 19:16:36 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201011021816.oA2IGTtL009396@fs4113.wdf.sap.corp>
Subject: Re: Alternate entry document model (was: Re: IETF processes (wasRe:
To: ynir@checkpoint.com
Date: Tue, 02 Nov 2010 19:16:29 +0100
In-Reply-To: <B469FC3F-F422-492A-A08C-AA379BB6CE87@checkpoint.com> from "Yoav Nir" at Nov 2, 10 06:08:40 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal04
X-SAP: out
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Nov 2010 18:16:41 -0000
Yoav Nir wrote: > > My conclusion is that we can't just ignore industry and keep polishing > away, but that we have to do things in a timely manner. One thing > we've learned from the TLS renegotiation thing was that it is possible > to get a document from concept to RFC in 3 months. Yes, you need > commitment from ADs and IETFers in general (IIRC you and I were among > those pushing to delay a little), but it can be done. Funny that you mention TLS renego. This document was actually a severe abuse of most IETF process rules. And a significant part of the document contents was written and published against WG consensus and without IETF consensus. We could have easily finished the work in two month with a simpler and more robust solution and higher quality spec if there had not been so much resistence from a group of conspiring vendors plus AD, WG co-chair and document editor. I realized it is *MUCH* easier to write a new I-D from scratch than getting the problems of the original proposal fixed by discussion in the WG because of the existing bias -- which is why I think that both, the document editing process and the "WG item, documented progress hobbled by consensus process" is the most significant roadblock in IETF document progression if there is strong bias in the system. If there is a need to ship draft versions of a spec, there should be a field in the protocol identifying which version of a draft a particular implementation is based on -- or the "early adopters" should voluntarily bear the burden to either limit control or field update distributed implementations of early drafts. Another worrysome event was with the TLS channel bindings document, when the definition of "TLS-unique" channel bindings had to be changed underneath the RFC Editors feet to match the installed base of some vendor (who failed to point out this issue earlier, although the original definition had been like that for a few years). Or the gssapi zero length message protection, which had been explicitly described for GSS-APIv2 (rfc-2743,Jan-2000) because it is a non-expendable protocol element required by the FTP security extensions (rfc2228,oct-1997) specified in rfc-2743, section 2.3 last paragraph of page 62: https://tools.ietf.org/html/rfc2743#page-62 but foobar'ed in Microsoft Windows Vista & Windows7 (fails decryption of gss_wrap(conf=TRUE) tokens with SEC_E_ALTERED_MESSAGE). This features is tested and the error is reported by the OpenSource gssapi test tool that I've been providing since 2000. But as I've previously commented: http://www.ietf.org/mail-archive/web/kitten/current/msg00640.html testing seems not very high up on some vendors priority lists. It is a real pity that either Microsoft didn't bring any Vista betas to this event: https://lists.anl.gov/pipermail/ietf-krb-wg/2006-March/005885.html or there was no interest in performing rfc-4121 interop tests with a GSS-API interop test tool that works quite well for interop testing an MIT Kerberos for windows with Microsoft Win2K&Win2K3 Kerberos SSP. -Martin
- IETF processes (was Re: draft-housley-two-maturit… RJ Atkinson
- Re: IETF processes (was Re: draft-housley-two-mat… Dave CROCKER
- Re: IETF processes (was Re: draft-housley-two-mat… Bob Braden
- Re: IETF processes (was Re: draft-housley-two-mat… Scott Brim
- Re: IETF processes (was Re: draft-housley-two-mat… Dave CROCKER
- Re: IETF processes (was Re: draft-housley-two-mat… Eliot Lear
- Re: IETF processes (was Re: draft-housley-two-mat… RJ Atkinson
- Alternate entry document model (was: Re: IETF pro… John C Klensin
- Re: Alternate entry document model (was: Re: IETF… SM
- Re: Alternate entry document model (was: Re: IETF… Andrew Sullivan
- Re: Alternate entry document model (was: Re: IETF… Martin Rex
- Re: Alternate entry document model (was: Re: IETF… Michael Richardson
- Re: Alternate entry document model (was: Re: IETF… John C Klensin
- Re: Alternate entry document model Arnt Gulbrandsen
- Re: Alternate entry document model (was: Re: IETF… Yoav Nir
- Re: Alternate entry document model Joel M. Halpern
- Re: Alternate entry document model Dave CROCKER
- Re: Alternate entry document model (was: Re: IETF… t.petch
- Re: Alternate entry document model (was: Re: IETF… Randy Presuhn
- Re: Alternate entry document model (was: Re: IETF… Spencer Dawkins
- Re: Alternate entry document model (was: Re: IETF… Ted Hardie
- Re: Alternate entry document model (was: Re: IETF… Martin Rex
- Re: Alternate entry document model (was: Re: IETF… Andrew Sullivan
- Re: Alternate entry document model (was: Re: IETF… Spencer Dawkins
- Re: Alternate entry document model (was: Re: IETF… Yoav Nir
- Re: Alternate entry document model (was: Re: IETF… Martin Rex
- Re: Alternate entry document model (was: Re: IETF… Martin Rex
- Re: Alternate entry document model (was: Re: IETF… SM
- Re: Alternate entry document model (was: Re: IETF… t.petch
- Re: Alternate entry document model (was: Re: IETF… Yoav Nir
- Re: Alternate entry document model Gonzalo Camarillo