IETF Logo Mail Archive

Re: Last Call: Recognising RFC1984 as a BCP

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 11 August 2015 04:17 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FB0D1ACD89 for <ietf@ietfa.amsl.com>; Mon, 10 Aug 2015 21:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aS3nuTxx38gL for <ietf@ietfa.amsl.com>; Mon, 10 Aug 2015 21:17:37 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967861A01F0 for <ietf@ietf.org>; Mon, 10 Aug 2015 21:17:37 -0700 (PDT)
Received: by pabyb7 with SMTP id yb7so120828530pab.0 for <ietf@ietf.org>; Mon, 10 Aug 2015 21:17:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=VetHH2VC26A/3XRk8h8eIb7uKnDGSrZP7i7Mpt8LpcY=; b=jgkSUsdSTo4lXDHmOd0trfrgDnmc4W7wgyblbvMEKQiaTysLn3GqisqoR1mdYuRygj DS6uKNwjI6lVG5fSeg7UGDqyRHB5u+/em6U8mpMafUziYhP7BCUSX0JUvzg0mRY262iY 8D18nU3Gg8aSh4UpdsP1na1ileRLpCZ6dmb6xeYAwjqSOzE+hFoeplcDhusQQ9qpGIXL asyWCUzY/upF7W7va2eKdlvhKkxmJz9YS3TzKPt3XuOVkX2ykAPK2TgsI2Q9fo00Em79 0lRXr8bqJL9cIp0kidoh6ess+PcnRiZixU6BeUTTyRD5m/i/U3BKRhT6GEinFJsyYhVR Zwng==
X-Received: by 10.66.193.136 with SMTP id ho8mr53251603pac.154.1439266657265; Mon, 10 Aug 2015 21:17:37 -0700 (PDT)
Received: from ?IPv6:2406:e007:6a64:1:28cc:dc4c:9703:6781? ([2406:e007:6a64:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id rg10sm658110pbc.33.2015.08.10.21.17.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Aug 2015 21:17:36 -0700 (PDT)
Message-ID: <55C97760.4060200@gmail.com>
Date: Tue, 11 Aug 2015 16:17:36 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "Roy T. Fielding" <fielding@gbiv.com>
Subject: Re: Last Call: Recognising RFC1984 as a BCP
References: <20150810171306.11047.24159.idtracker@ietfa.amsl.com> <C4962381-2D30-471E-92B1-C282926CB140@vpnc.org> <935C93F4-687E-4A56-A768-704D5910068E@gbiv.com> <55C92069.5020500@gmail.com> <C70EF655-BC22-408F-8375-A26AE08251F5@gbiv.com>
In-Reply-To: <C70EF655-BC22-408F-8375-A26AE08251F5@gbiv.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/2B1il2anLHjz2-rRLlTUjXssyhQ>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 04:17:39 -0000

Roy,

On 11/08/2015 10:53, Roy T. Fielding wrote:
>> On Aug 10, 2015, at 3:06 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>> On 11/08/2015 05:34, Roy T. Fielding wrote:
>>>> On Aug 10, 2015, at 10:23 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>>>>
>>>> On 10 Aug 2015, at 10:13, The IESG wrote:
>>>>
>>>>> The IESG has received a request from an individual participant to make
>>>>> the following status changes:
>>>>>
>>>>> - RFC1984 from Informational to Best Current Practice
>>>>> (IAB and IESG Statement on Cryptographic Technology and the Internet)
>>>>>
>>>>> The supporting document for this request can be found here:
>>>>>
>>>>> https://datatracker.ietf.org/doc/status-change-rfc1984-to-best-current-practice/
>>>>
>>>> Yes, please. What was discussed in 1996 really is a best practice today, and it has certainly been made the current practice.
>>>>
>>>> --Paul Hoffman
>>>
>>> Umm, the document is specifically worded as a position statement from the
>>> IAB and IESG.  There is no "current practice" described by it.  Rather, it is an
>>> argument against key escrow and limited key sizes; a sort of anti-pattern for
>>> an old practice.
>>>
>>> I'd rather it be left as an informational document, as it was approved,
>>
>> When RFC 1984 was published, the way BCP was defined by RFC 1818 made it impossible
>> to classify it as BCP. RFC 2026 expanded the definition of BCP considerably
>> and specifically mentioned "the results of community deliberations" and
>> "common guidelines for policies" and is explicit that a BCP can be a vehicle
>> for IAB and IESG statements subjected to community consensus. So we are a
>> few years late, but this action seems well within the rules.
> 
> That doesn't change the content of the text, which is not expressing a BCP
> in any shape or form.  It is an opinion piece, which is fine as Informational.
> The document does not describe common guidelines for policies, nor does it summarize
> the results of community deliberations.  It states an opinion of the IAB and IESG
> at that time regarding two very bad suggestions for key management.  The right
> opinion, IMO, but still just an opinion of a dozen or so individuals.

That isn't so. Trivially, it was more like two dozen people (IAB+IESG)
speaking as bodies put in place by the IETF community, not as individuals.
Non-trivially, we strongly believed at the the time that we were giving
the rough consensus view of the IETF as a whole. There was a vigorous
debate in plenary at IETF 32 (Danvers, April 1995) which made the strength
of opinion in the IETF about the need for strong crypto very clear.
Unfortunately I can't readily find any trace of minutes of that plenary.

The first draft of what became RFC 1984 was circulated and wordsmithed
within the IAB and IESG, starting June 1996. An IAB and IESG Statement
version was released to the media on July 24, 1996 and simultaneously
sent to the IETF list, with a statement of intent to publish it as
an RFC. There was a rush due to US Congressional hearings that week.

The only comments we got on the IETF list were supportive, although
there was no formal last call. The RFC version was posted August 19,
1996.

> Changing the document status serves no useful purpose.  At best, it provides a
> bad example of how to write other BCPs.  If you can't generate enough energy
> to re-edit the document as a consensus specification, 

The whole point is *symbolic*. What we (the IETF) thought in 1995/96
is what we think now, and the choice of RFC number was not accidental.
Promoting it to BCP, consistently with RFC 2026 as I pointed out
before, reinforces that nothing in the last 20 years has changed
the underlying logic.

Yes, if the RFC 2026 definition of BCP had been in force in July 1996,
we'd have worded it slightly differently and there would have been
a formal Last Call. But it wasn't, so we didn't.

   Brian


> then it surely isn't
> important enough to serve as a bad example of back-door standardization.
> 
> Why is it that security-related statements by the IESG need to avoid
> being subject to the same process as all our other specifications?
> 
> ....Roy
> 
>

v2.23.0 | Report a Bug | By Email