Mr. Kent - when did you do this and isn't there an issue of propriety in
this decision?
Todd,
The requirement for progression of an RFC is that we document
interoperability among at least two independent implementations of
the protocol in question. The documentation is provided by the folks
who have performed the testing, usually folks who have implemented
the protocol, and thus this is typically a distributed activity.
That's what has happened here. The PKIX list has received numerous
accounts of TSP testing experiences from a number of implementors of
TSP clients and servers over several months. I asked Denis, as the
RFC author, to collect the received info and construct the required
documentation for submission to the IESG. This is exactly what we did
for OCSP recently; I believe Ambarish led that effort and he too was
an author of the relevant RFC.
I see no problem with this approach in general, given the diverse set
of folks who typically provide the inputs. I would worry of we had
only a couple of implementations of a protocol and there might be
some concern re collusion, but that is not the case for TSP, since it
is a simple protocol and thus not hard to implement for either the
client or server side. Bigger protocols pose more of a problem in
terms of the scope of interoperability testing and diversity of
implementations.