I have suggested repeatedly that the document contain sufficient information to create a secure and inter-operable implementation. It's not clear to me why these suggestions have been ignored, or rejected.
I guess you wanted to say that the document does not? contain sufficient information to create a secure and interoperable implementation. I disagree. But that doesn't mean your comments will not be addressed. This is after all a working group document and should reflect rough consensus. So we will address your remaining issues. It's not clear to me why these suggestions have been ignored, or rejected. I find it odd that you claim your suggestions have been ignored or rejected. We have created many issues on github (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues?q=is%3Aissue+is%3Aclosed+Alan) and submitted many pull requests addressing your comments (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pulls?q=is%3Apr+Alan+is%3Aclosed). When I merged this PR in the morning: https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/71, it looked like all of your comments had been addressed in the PR. Joe (the other co-chair) had approved this PR? As authors of a working group document of a voluntary standards organization, we have been doing voluntary service over the last several years. We started working on this document in 2018 (https://datatracker.ietf.org/doc/html/draft-mattsson-eap-tls13). You have been helping us with the document since the beginning. So thank you for your voluntary service as well. While it is not mandatory, helping us with github issues/PRs related to your reviews can help us ensure that your comments are not inadvertently left unaddressed; and that this community effort moves forward faster. --Mohit On 6/11/21 5:17 PM, Alan DeKok wrote: On Jun 11, 2021, at 9:56 AM, Mohit Sethi M <[email protected]><mailto:[email protected]> wrote: I guess you know that there are several implementations of the draft some of which are already deployed. While that's a nice comment telling me what I already know, it doesn't address my point. The fact that implementations exist does not mean that the specification is sufficient to create an implementation. The implementors have had many "behind the scenes" discussions about how to implement EAP-TLS 1.3. The outcome of those discussions was shared among implementors. That information is largely what enabled inter-operability. Information which is not all reflected in the document. I have suggested repeatedly that the document contain sufficient information to create a secure and inter-operable implementation. It's not clear to me why these suggestions have been ignored, or rejected. It is of course nice to strive for perfection. That comment misrepresents my position. Could you please submit a pull request addressing your unaddressed comments. I gave suggested text in my messages. These comments were largely ignored across multiple reviews. This is not how we should work towards consensus. If the goal of this document is simply to get it published, then I withdraw all of my objections. Implementors will then share extra knowledge behind the scenes. If the goal of this document is to enable secure and inter-operable implementations, then it would be useful to address comments from major implementors. Alan DeKok. _______________________________________________ Emu mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
