On 2/18/15 1:08 PM, Leif Johansson wrote:
18 feb 2015 kl. 19:54 skrev Pete Resnick<presn...@qti.qualcomm.com>:
On 2/18/15 5:07 AM, Leif Johansson wrote:
The idea of making best practice sorta-kinda normative makes me a bit
queasy.
Let's not forget that a BCP *is* a community consensus document. It means that
the IETF community has decided that we do things a particular way. A BCP *is*
normative.
I think it's quite reasonable for the document to say, "MUST NOT negotiate
SSLv2" because doing otherwise causes harm to implementations and to the net in
general. There are no Internet police. If you violate that MUST NOT, you don't go to
jail. We're simply saying that they way to do security properly on the Internet is that
you MUST NOT use SSLv2.
So I don't have a problem with the document saying, "Existing protocols have
tradeoffs to make between interoperability and security, so we (the IETF) expect those
tradeoffs to be made. New protocols we (the IETF) expect to abide by the requirements and
recommendations in this document unless they give some serious justification for not
doing so." That's what we mean by a BCP.
hmm yeah sure
"During a lecture the Oxford linguistic philosopher J. L. Austin made
the claim that although a double negative in English implies a positive
meaning, there is no language in which a double positive implies a
negative. To which [philosopher Sidney] Morgenbesser responded in a
dismissive tone, 'Yeah, right.'"
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
