OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] CKM_SEAL_KEY

On 7/10/2013 3:18 PM, Tim Hudson wrote:

On 11/07/2013 2:45 AM, Michael StJohns wrote:

"Why" questions are some of the most insidious and useless ones for
getting work done in standards.

Actually the "Why" questions are the most important ones to be asking in
developing a cooperative standard to ensure we have a common
understanding of both the problem being addressed and the problem
explicitly not being addressed.
If you ask me the "why" of pretty much any proposal, the base answer is either "There's a bug in the spec and this is one way of fixing it" or "There is some capability missing that I perceive I need and this is one way of doing it". Both of those are objective answers. The rest of it is all argumentative cruft that can and should be gotten at in other ways.
If you ask me for a use case - I can provide my vision of how the capability might be used. That's not a "WHY", but a how. If you provide your own use case and ask me how the proposal applies, that's a "how" and a good one and will probably result in changes and additions to the proposal for the better.
If you point out an issue with the proposal AND provide an idea of what you think is a better approach, that's a HOW as well. I might not agree with the approach, but I will certainly discuss it with you and changes may occur.
If all you do is ask "why did you make that design choice" and "why didn't you consider this" and ... instead of contributing your thoughts on how to actually improve things - that's just tearing things down. I've found few instances of "why" that are particularly helpful - both here and in the IETF.
In the current case "Why do we need the PKCS11 consumer involved in that at all" - "There is some capability missing that I perceive I need and this is one way of doing it AND the PKCS11 vendors aren't meeting my need in their products, and one reason they aren't is probably related to not having a standard PKCS11 way of doing things."
I'm always going to look with suspicion on any "why" question. I'm going to look with favor on "how" questions and "how about this approach" suggestions. You'll note from my comments on other proposals, I tend to follow my own guidelines. 

Mike

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]