* Pete Resnick wrote: >I think this document is real problem and I object to the current form >it is in. Having an algorithm without explanation as to *why* one ought >to perform the steps in the algorithm is completely inappropriate and >not worthy of WG publication. We do not do blind instructions without >explanation in the IETF. It also makes it nearly impossible for the IETF >community to review the document to see if the instructions given are >sane or not. I think the document either needs to be completely >rewritten or needs to be withdrawn.
My experience is that people who are given instructions, but no means to understand why the instructions are given, tend to implement them wrong. My experience is also that people who give instructions, but do not ex- plain why they are giving them, often do not really understand why they provide the instructions either, which often means the instructions they are giving are actually wrong, in one sense or another. You can largely eliminate both problems by having a test suite that can easily be automated: if people use the test suite, they'll find cases where the wrong instructions are given, and they can find cases where the instructions have been misunderstood or incorrectly implemented. So, if there is a very good test suite, I could live with a specification that does not explain rationale behind requirements quite well. (A test suite does not replace rationale, as a test suite would capture only the status quo, which may change at any time; how it may change is dependant on rationale, so even with the most excellent test suite, a specification without rationale is strictly worse than one with as you could not predict changes based, only, on what you know from both.) -- Björn Höhrmann · mailto:[email protected] · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
