Re: Protocol numbers for RSA/SHA{256|512} (Was: Re: [dnsext] GOST DNSSEC, implementations?)

[Doug Barton <dougb@dougbarton.us>]

Andrew Sullivan wrote:
> Hi,
> 
> I didn't see an argument that seemed like, "This is harmful," where harm
> was defined otherwise than, "It's in bad taste."  I don't think bad
> taste is enough, and as I argued before, I think the precedent argument
> is bogus (and I'm prepared to meet it in future).

I think that there are numerous flaws in your logic here, but given
that A) You don't find my arguments persuasive, and B) No one else in
the WG has spoken up explicitly to say that they also believe that
different numbers should be assigned, I am willing to let the matter
drop assuming no one else agrees that it should be pursued.

FWIW, the most egregious flaw in your logic is that it is possible to
"meet" the precedent argument in the future. Your decision seems to
rest on two pillars, the first being that Jelte had "a good reason" to
ship code with those two numbers and that "interoperability" is
important to maintain in this situation (in spite of the fact that the
feature was marked experimental, is incredibly unlikely to have any
critical deployments at this point, is not enabled in more recent
releases, etc. etc.).

Given these two points, the next person/group/organization that picks
their own code points and ships code with them will fall into exactly
the same category. They will have a "good reason" to have done so,
reinforced by this precedent (and others in the past) and will have at
least as strong an argument on the interoperability front (given that
the current argument is flimsy at best). So are you going to draw the
line in the sand next time when it might actually break something, or
do you draw the line in the sand this time when the organization in
question has explicitly stated that "The code using these code points
has been disabled in more recent releases," and "you would also not
meet with any resistance if other code points would be assigned?"

Or maybe we just have no lines? After all there are hundreds of
unassigned code points in that registry (and most of the others for
that matter). Who really cares if we just start appropriating them?

Finally I'd like to reiterate my point that this is not an attack
against Jelte personally, NLnet Labs, Andrew, or anyone else. Mistakes
happen, and I'm sure I'll make some of my own someday. :) However in
my mind this principle is incredibly important, based on my experience
of having dealt with the fallout when I was at IANA. However if no one
else agrees that this is something worth pursuing, so be it.


Doug (... and no sand for that matter)

-- 

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/