Re: BCP97bis

Michael Richardson <> Sat, 16 October 2021 20:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CEB633A0C5E for <>; Sat, 16 Oct 2021 13:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Mz-9heIprOXT for <>; Sat, 16 Oct 2021 13:29:15 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D64ED3A0C5C for <>; Sat, 16 Oct 2021 13:29:14 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0BBA518092; Sat, 16 Oct 2021 16:29:39 -0400 (EDT)
Received: from ([]) by localhost (localhost []) (amavisd-new, port 10024) with LMTP id cYycslpP_Y73; Sat, 16 Oct 2021 16:29:38 -0400 (EDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 4E4041808D; Sat, 16 Oct 2021 16:29:38 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 1A4F7236; Sat, 16 Oct 2021 16:29:12 -0400 (EDT)
From: Michael Richardson <>
To: "Murray S. Kucherawy" <>, ietf <>
Subject: Re: BCP97bis
In-Reply-To: <>
References: <> <>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 16 Oct 2021 16:29:12 -0400
Message-ID: <15645.1634416152@localhost>
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Oct 2021 20:29:20 -0000

{reading the document before I read the thread of replies}

Thank you for doing this revision: this kind of work is often thankless.

A question as I read section 4.2 (The IESG).
I think that idnits presently finds and notes downrefs.
As a document shepherd, I've never had to research them.
(Maybe that's a fault on my part, maybe I should have been)
I'm mostly thinking that downrefs should ideally be noted and resolved during
WGLC.  I think that this happens, but maybe I have too small a sample.
Are we having a problem getting downrefs identified early enough, or are
things okay?

I also wonder if we shouldn't have a process to attempt to clean the downref
registry out, but reclassifying the documents.  The repeated MD5 and HMAC
document listed as examples seem like good datapoints. (MD5 might be
Historic, but HMAC is still awesome)

} At a minimum, authors/editors of source documents need to secure freely
} available copies of the target documents for use by all anticipated reviewers
} during the source document's life cycle, which includes working group
} participants, any member of the community that chooses to participate in Last
} Call discussions, area review teams, IANA expert reviewers, and members of
} the IESG.

It seems to me, if this requirement is to be taken seriously, that either the
DT or some other resource needs to contain notes on how to obtain the
My opinion is that the IETF has allowed the IEEE to embrace and suffocate the effort.  During RFC8995 review, authors were told by many
about about 802.1AR had a new revision and shoudln't we update to it.
But, the new revision was unobtainable because the IEEE had 500 errors on
their web site for more than a year, which is why we did not cite it.
I feel that it shouldn't be just my problem to solve this problem on my own.

I have very strong opinions about what happens when a standard becomes part
of a lawful regulation.   It then becomes part of a law, and the public
should have full access to know the law. (Because, ignorance is not a defense)
This is particularly important for regulations relating to safety.
(I could insert "cyber" before safety, but the word cyber is almost always
redundant).  In particular,  it shouldn't cost money to find out if a product
one is being subjected to is safe.

As background to a talk I was asked to do, I actually have been doing some
reading on requirements to publish laws, and I thought it would be a
no-brainer in the UN Charter, but I was surprised.  Surely, Canada's 1982
Constitution and Charter of Rights would say something.... not obvious
actually.  Just that anything published federally has to be in both official
languages, and a bunch of provincial statements.  Some papers on how
governments have used copyright to generate revenue from publishing the laws
and legal decisions.  Only the Yukon territorial constiution has an actual

A reason I choose to do work at the IETF is because I could read the
specifications (using RFC/FTP by email...) without hassle.

So I am reacting the word "At a minium", and I don't think we are even
getting to that minimum.   There are a bunch of specifications that aren't
just transitioning from some legacy specification to an RFC, but which we are
allocating numbers/etc. for entities which make it very difficult to read their
documents.  I think that we should be doing more than the minimum here.

} Appendix A. Changes Since RFC8067
} The following are the changes in this document relative to the prior state of BCP 97:
} o Apply erratum #2793.
doesn't mention any errata.  indicates that it is
errata against RFC4897.

Michael Richardson <>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide