Evolution/Risks
Benefits of extensibility include experimentation, grown, while retaining stability, including new features and adaptation of existing ones. However, there are also risks of unintended consequences, some of which are outlined in [IAB-extension]. The risks are associated with deployment of implementations of extensions and new versions.
- reverse engineering
- motivation of implementors to follow "leading" implementations
- security vulnerabilities
- Repeatedly standards organizations have seen when the combination of what looks like an innocuous extension into an unanticipated context resulting in security vulnerabilities of the combination. Security analysis is difficult, and the combinatorial analysis is even more difficult.
- instability of conformance
- If references, lists of allowable values, and combinations are allowed to vary over time, then the notion of "conformance" becomes difficult to maintain.