Security Considerations: bad split

John C Klensin klensin at jck.com
Sun Dec 7 22:34:11 CET 2008 


--On Sunday, 07 December, 2008 09:03 +0100 Harald Tveit
Alvestrand <harald at alvestrand.no> wrote:

> Having re-read the security considerations on -bidi, I fail to
> see how it's possible to comprehend these few paragraphs
> without just having read -bidi.
> 
> I also fail to see how these few paragraphs will enhance
> people's understanding of any of the other documents.

> For reference, the text is:
> 
> 9.  Security Considerations
> 
>    This modification will allow some strings to be used in
> Stringprep
>    contexts that are not allowed today.  It is possible that
> differences
>...
> In the case of -bidi, I see the drive for an unified security
> considerations section as quixotic, harmful and nonsensical.
> 
> Clear enough opinion?

Yep.   I've already written you about getting rid of the implied
reference to Stringprep, which is a bit of a disconnect from the
rest of the new documents.  

More broadly, while I hope that the Security ADs will help us
with a decision on this particular ones, I think it illustrates
another reason why I'm feeling reluctant to rearrange these or
other sections.  

Using this as an example, as the current material is written and
structured, I think it has to be with/ part of Bidi, otherwise
it won't make much sense, even if someone read the Bidi document
some time previously.  It could certainly be moved somewhere
else, but doing so and having the material remain consistent and
understandable would then require rewriting, adding
cross-references, etc.  That is not trivial work, either for the
editors or for the WG to check and verify that everything is
(again) right.  

That suggests to me that the bar for demonstrating that
something should be moved should be fairly high at this point
and should get higher as we slip further behind our original
committed schedule... and that, in particular, those arguing for
changes should need to demonstrate that the current text or
organization is inadequate or harmful, rather than expecting
editors to move text unless they can demonstrate that such moves
would be harmful.

Just my opinion, but I note that the charter calls for all of
these documents to be in IETF Last Call by last month and that
these sorts of non-substantive changes move us further away
from, rather than catching up with, that target.

    john

More information about the Idna-update mailing list