On Tue, 25 Oct 2005 21:18:44 +0200, Peter Saint-Andre <[EMAIL PROTECTED]>
wrote:
Tijl Houtbeckers wrote:
Of course we can say: ah well, who cares wether you can call something
XMPP compliant or not. But I think the fact this discussion was started
after what ralphm said, shows how unreasonable this kind of language in
the RFC is.
Some of that stuff is in there to make the security mafia happy, which
you have to do in order to get published as an RFC (it's called
"cross-area review"). That was part of the trade-off of standardization
through the IETF.
They actually complained? Or was the inclusion of DIGEST-MD5 "pre-emptive"?
Also, must-implement is different from must-deploy.
And different from "Mandatory-to-Implement Technologies" as the RFC calls
it? In that case, neither we nor they have to worry that Google Talk is
"not fully compliant with RFC 3920." anymore. Still I think it's confusing
right now, after all if even Ralph makes such a suggestion on the list..
might be something to think on for rfc3920bis.
And as noted, we can attempt to fix this stuff in rfc3920bis.
I can hardly image anyone in the security maffia being happy with
DIGEST-MD5 over the past 5 years. Maybe they're not as "maffia" as I
thought ;)
