Chris Ridd <[EMAIL PROTECTED]> writes:
>I read Peter Guttmann's screed on X.509 and char sets last night -
>interesting, though he does fall into the trap of discussing all the myriad
>of drafts, and forgetting that these are just drafts. The standards
>themselves are less ambiguous.
The reason I have to cover what's in drafts is because most of what's out there
is implemented from drafts rather than final standards (leading to problems
like the one where the policy qualifiers display text in RFC 2459 was quietly
changed from what it had been in every draft version, so everything which
implemented it based on the draft got it wrong using the final version, and
vice versa). Because of the incredibly long time it takes to get these things
finished and the fact that the typical product development cycle is a small
fraction of the standard development cycle, what's being shipped is based on
drafts, not on final standards. The most extreme cases I've seen of this is
comments like "We know this is a version 0.01 draft and full of bugs, but we
already have products shipping based on it and so it's too late to change it"
(I'll leave the vendors/drafts anonymous, and it's not just PFX either :-).
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
