Hi Paul,
I am quite sure that I fully understand the semantics of "critical"
(probably erroneously), so I'm not the right person to clarify the
various meanings of the word. I would appreciate a proposal.
Just for the record, my "critical" means: the reader must be able to
process the data item according to its specification, not just
syntactically but also semantically, and must fail otherwise. There may
still be contained non-critical data items that are NOT understood by
the reader.
Sec. 2.4 consistently mentions "tag" in the singular. For example, the
first sentence could be "a data item can optionally be preceded by one
or more tags" - but it isn't.
Thanks,
Yaron
On 2013-08-15 22:57, Paul Hoffman wrote:
On Aug 15, 2013, at 12:26 PM, Yaron Sheffer <yaronf.i...@gmail.com> wrote:
- One tag value you may want to consider adding is "critical" in the
security sense of the word, i.e., an application is required to fail if
it does not understand the value (probably best applied to map keys).
That's also an interesting idea. If included, it would be best to add
this as soon as possible, and ensure that it gets added to the test
vectors, to avoid problems we've had in the past with inadequate
implementations of criticality.
I agree this needs to go into the base spec ASAP, so that it really is treated
correctly. And it certainly cannot be a later extension, as Paul suggested in
another message.
You and I have been in IETF security WGs together for over a decade, and we have seen how often implementers
have gotten "critical" wrong regardless of the wording in the various specs. They disagree about
what it means to "understand" an extension, to "be able to process" an extension, and so
on. They are completely sure that people who disagree with them are obviously wrong, even in the face of
multiple examples by seasoned programmers.
Someone joked at the mic in some WG years ago that the critical bit was called
that because we should be criticized for how poorly it is understood.
Instead of thinking "this time I'm sure we'll get everyone to understand this",
it might be better to have an extended discussion which possibly ends in multiple tags
with varying descriptions.
Also note that "critical" can be applied to all sorts of data, including data
items that are already tagged! I think this is not allowed for according to the spec.
That is incorrect. Please point to the area where you think it says that so we
can make it clearer.
--Paul Hoffman
