[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: XAUTH is broken
Dan's exactly right here. As a veteran of the IANA registration battles in
the mail arena, I can assure you that the Right Thing To Do is to use a
single private identifier in the draft. When (well, if) the draft becomes
an RFC, remind IANA to give you a number.
This works both for people who implement too early (as in, during the draft
stage) and people who wait for the RFC. The early people use the private
value and then add in the standard number after the RFC is issued. As soon
as the number is issued, they start to emit the number, not the private ID,
but they continue to accept the private ID, probably forever.
The end result of this is that there are two identifiers for a few years,
but the private one falls from grace after a while. The only other logical
alternative is to *always* use private identifiers, which is worse (in my
mind) unless those are what get registered with IANA. The latter method is
how algorithms are identified in things like PKIX and S/MIME, and it leads
to massive lack of interoperability as people use their own OIDs or have
multiple, similar meanings for the same OID.
--Paul Hoffman, Director
--VPN Consortium
References: