[Ietf-not43] -02 requirements draft
Stephane Bortzmeyer
bortzmeyer@nic.fr
Tue, 12 Nov 2002 09:56:38 +0100
On Fri, Nov 08, 2002 at 11:36:17AM -0800,
Ted Hardie <Ted.Hardie@nominum.com> wrote
a message of 83 lines which said:
> I understand why registrars are reluctant to take on this task
> without knowing the extent of the costs involved. I support altering
> 3.2.3 to include language which constrains the mechanism to be
> lightweight and which explicitly notes that this should require
> priviledged access.
As a general rule, I would add such language in many places in the
requirments document: we should define a protocol, not a policy. IMHO,
it is not sufficient to say "The people who run the service are free
to disable it." We risk that some shrink-wrapped implementations will
not allow to disable (the RIPE whois server has a "search-by-contact"
feature which cannot be disabled except by patching the code and many
ccTLD had a search-by-contact feature without knowing because they
used this server).
I therefore suggest to add sentences like "The service MUST [do
something]. Actual implementations SHOULD allow the administrator to
disable this feature".