Hi - The -03 draft says in its security considerations section: Although the specification of valid subtags for an extension (see: Section 3.6) MUST be available over the Internet, implementations SHOULD NOT mechanically depend on it being always accessible, to prevent denial-of-service attacks. Although registry specifications don't typically talk about this kind of thing, since we've already stepped into this tarpit we should make our intent clear. As a technical contributor, I propose replacing this paragraph with: <t> Although the registry defined here SHALL be available over the Internet, implementations MUST NOT depend upon it always being accessible. It is intended to be used as a resource for application developers, rather than for the applications themselves. Due to obvious scalability concerns, automated access to the registry by applications is NOT RECOMMENDED. </t> One could write this same thing about almost all of the other registries maintained by IANA, but, since the issue was raised in the WG, I'd like to ensure that we address it. Randy _______________________________________________ Ltru mailing list Ltru at lists.ietf.org https://www1.ietf.org/mailman/listinfo/ltru
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.