[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: response to Last Call on: IP Authentication using Keyed MD5




Perry,

> > ... The authors of that document
> > have ignored past recommendations I made to this group regarding
> > the choice of this function.
>
> I'd say that "ignored" is too strong a statement. "Felt exhausted by
> the battles over the authentication transform and were too desultory
> about making changes to the document because we were utterly and
> completely burned out" is perhaps a much more accurate statement. We
> were sort of depending on people to come up with specific language to
> insert. There being none mentioned, things slouched towards last call.
>
> I'm happy to see the suggestions you made adopted in this round,
> *PROVIDED* that my co-authors don't object (big provisio) and that the
> incorporation of your suggestions does not substantially delay the
> adoption of the document (another big provisio). This has been a draft
> for some time, and has been in last call for some time -- you did have
> an opportunity to make objections a long time ago.

Hugo _did_ make his objections known long ago, as you recognize in your
note. The one thing he didn't do so far is to contribute replacement text,
and your text implies that the only reason you know for not adopting Hugo's
suggestions is that such text was not provided and you were too, well, tired
to write it yourselves.

Your complaint here is not justified, as you (all editors) never expressed
your agreement with Hugo's suggestions and asked him to contribute text.

> This is not to say that I don't want the technically best solution
> adopted, but it is to say that I'm more willing to try to make the
> changes when the documents move the next notch up the standardization
> process than I am to let these documents, which should have been out
> literally years ago, get delayed any longer.

We certainly don't want any more delay!! But then, it is folly for the
WG to produce a standard where we agree that the basic technique should be
changed. The process was delayed too long, and we, and hopefully other vendors,
are already planning to offer products which comply to the standard as much
as possible this year. If the `draft standard' would contain a wrong
function, then it would be implemented, and it'll be difficult to get rid
of it. It's not much work to change the draft to make use of Hugo's spec
and that seems the best solution.
>
...
> I feel like we have to bend over backwards to try to accomodate your
> ideas -- but PLEASE DONT EVER DO THIS AGAIN!  Next time, please bring
> this all up earlier, and be mindful of the fact that the earlier set
> of working group last calls were in place specifically to remind you
> to jog our memory about such things.

I'm happy to see you plan to fix things. But please understand: you can't
complain that Hugo did not provide text as you never asked him to do so;
clearly you were aware of his objections and suggestions.

best, Amir




References: