On Aug 15, 2013, at 12:26 PM, Yaron Sheffer <yaronf.i...@gmail.com> wrote:
>>> - One tag value you may want to consider adding is "critical" in the >>> security sense of the word, i.e., an application is required to fail if >>> it does not understand the value (probably best applied to map keys). >> >> That's also an interesting idea. If included, it would be best to add >> this as soon as possible, and ensure that it gets added to the test >> vectors, to avoid problems we've had in the past with inadequate >> implementations of criticality. > > I agree this needs to go into the base spec ASAP, so that it really is > treated correctly. And it certainly cannot be a later extension, as Paul > suggested in another message. You and I have been in IETF security WGs together for over a decade, and we have seen how often implementers have gotten "critical" wrong regardless of the wording in the various specs. They disagree about what it means to "understand" an extension, to "be able to process" an extension, and so on. They are completely sure that people who disagree with them are obviously wrong, even in the face of multiple examples by seasoned programmers. Someone joked at the mic in some WG years ago that the critical bit was called that because we should be criticized for how poorly it is understood. Instead of thinking "this time I'm sure we'll get everyone to understand this", it might be better to have an extended discussion which possibly ends in multiple tags with varying descriptions. > Also note that "critical" can be applied to all sorts of data, including data > items that are already tagged! I think this is not allowed for according to > the spec. That is incorrect. Please point to the area where you think it says that so we can make it clearer. --Paul Hoffman
