At Catalyst, when there were only 15 or so of us in the office, we used to have a running joke about clients saying "I would have thought", where we would use that phrase to introduce progressively more ludicrous requirements, because we had the occasional client who used that phrase to get work done which had not been written into the contract.

"I would have thought that a system for finding computers on an international network would give some thought to that majority of the planet who don't use the english alphabet.¹

Yeah, sure. That'd be simple, right?

Of course such a phrase really indicates that whether they did (or did not) actually think of that requirement at the time, they certainly never documented it. Either they did think it, and simply assumed that everyone knew their business like they did (and we've all been guilty of making that assumption). Or they didn't.

The joke got to a point where we occasionally found it difficult to contain our giggles whenever a client actually came out with it, and for me at least that continues to this day.

As 'in' jokes go, it was an extremely valuable one to have around though, because it made us notice those points where clients were wandering away from the specification, giving us a decision point where we could clearly either acknowledge our failure to identify the requirement, or to argue whether such an assumption should have been reasonable for us to have understood, and so forth.

I'm reminded of this today, when I read RFC2445, in particular it's definition of PRIVATE vs CONFIDENTIAL.

The document does not give a lot of clues, and seems to trust in the meaning of those words to define which is stronger.

My initial inclination was to go with the ordering of the terms: PUBLIC => PRIVATE => CONFIDENTIAL. That, I thought, seems reasonable. In all the movies the nearly secret stuff is all stamped "CONFIDENTIAL", and then stuff gets stamped "TOP SECRET", and in such movies I'm sure that "PRIVATE" is reserved for signs on doors, rather than on secret files.

I immediately had to reconsider, however, when someone else from the other side of the world (literally) decided that PRIVATE should be the secret stuff, and CONFIDENTIAL was merely "somewhat secret". A small bit of googling suggested that I could well be in the minority on this one, so I will adjust my worldview, correct my software, and possibly even stop watching such silly movies.

Still, I thought it would be nice to deliver these conclusions in the place where they belong: right there on RFC2445. Sure, I could write to the authors and berate them for their wishy-washy language:

"... The access classification of an individual iCalendar component is useful when measured along with the other security components of a calendar system (e.g., calendar user authentication, authorization, access rights, access role, etc.). Hence, the semantics of the individual access classifications cannot be completely defined by this memo alone. Additionally, due to the "blind" nature of most exchange processes using this memo, these access classifications cannot serve as an enforcement statement for a system receiving an iCalendar object. Rather, they provide a method for capturing the intention of the calendar owner for the access to the calendar component."

Oh how very fucking useful. This is supposed to be a specification! The intention of my friend from France when he says "PRIVATE" clearly differs from my own, but that can't easily be arbitrated without a frame of reference which the standard should, in theory, provide.

After I calmed down a bit I was reminded of how some software that I use allows people to annotate the manuals, clarifying things, providing examples and so forth, which I have found incredibly useful from time to time, and it made me wonder whether a site that allowed people to generally annotate RFCs (or other documents) could also be useful.

So: do you think it would it be useful to have some room for interpretation?

¹ That one is not a quote, by the way - I have a very good idea of exactly how much debate has gone on around that, and how stupidly complex the issue has become.