On Jul 9, 2018, at 4:54 PM, Joe Clarke <[email protected]> wrote: > Broadly, given that we want an informational draft that describes the > protocol as it is implemented today, I feel there should be a balance > struck with respect to normative language so that we don't make existing > clients "out of spec."
It's an informational draft, so from a bureaucratic point of view, it doesn't really define a standard. That being said, the spec should require that implementations be as secure as possible given the protocol limits. If this means forbidding things that are widely used... well... that's progress. If the spec is as strong as possible, then implementors will still be free to ignore it. Just as they ignore the specs for most other protocols. :( But users of those implementations can ask pointed questions of "Why are you shipping me something that is insecure by design?" Which is a Good Thing. Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
