Some comments on draft-leiba-cotton-iana-5226bis-19

Stewart Bryant <stewart.bryant@gmail.com> Wed, 11 January 2017 17:20 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93582129500; Wed, 11 Jan 2017 09:20:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPiDT3ENX44Z; Wed, 11 Jan 2017 09:20:09 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 707C0129483; Wed, 11 Jan 2017 09:20:09 -0800 (PST)
Received: by mail-wm0-x233.google.com with SMTP id c206so117818246wme.0; Wed, 11 Jan 2017 09:20:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=skVK5QVuAMSrVNJZgl0FSINTQRm9zz8cEjeJmC0TPw8=; b=KUiX9uIWwzEdCApYYJa5UfGTNamKA9Okos6EHeMO4k1TiBG8i4tcGSJNtUxvfodPgq FMonDNtOCPMBakmNhWAHYMTUoqQe9ze9iRFJtAtx2aeQXP1VHkakxTxJ0grJikXQGt9q LfWBbK0OUeD34jqhqvARAHWDF8p/FAvnX9Yc4HOjtq/t+0Dpc45oavrg96pOGbvkkc7W yfzeJ3nUCEje+qL2nzqWyJuX+VcXoZ2KzZCmobG4P2QeYfVsbEKf7P0FSVqzrupCnLv5 YuFECcsB8CUow4gev6d3GWj4yJp8WnCw6K8t7oFHki7EJDxyO8G/Vj4NLdohOfCwiboG kZmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=skVK5QVuAMSrVNJZgl0FSINTQRm9zz8cEjeJmC0TPw8=; b=Or6AuQlgOAN5tOIpb5O+IN1KJzL4ubb33WGKWnaL4hYOfRV+q0T5E5qYh4gwwOSFsV x8v+DsbtKbvZmcG3PbDhm95viCaRzxrVqYCY3d42IPE+RZv/UnT0WE04Z7TNmRWBGbxf zuefzboo+JlrmwJKGVfuWbFAzF2TNkG0O+3HmkBEHnaWGipn53f2j5H6MXL4wQxdavg7 JqyW4uwehdHjjg30C7rP8twDJDHkFRCbp0Z29TXOEvAlIBfipWesqcSUgRn94NnP6olU yJLg8uR3703jQ6rWhigEzQ+DgcpdmVsHNzuA19wPXBL+Im7zR0qT6AfZX5FzbVax3Kby Z8jQ==
X-Gm-Message-State: AIkVDXKfFVmHlI5nrZmbDqrA+Gbn9Fl67s7IWnur6js7LjpIcTnoptDdKF+uFKCtlzkdDw==
X-Received: by 10.28.139.131 with SMTP id n125mr3999946wmd.116.1484154897997; Wed, 11 Jan 2017 09:14:57 -0800 (PST)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id g73sm9964786wme.16.2017.01.11.09.14.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jan 2017 09:14:55 -0800 (PST)
From: Stewart Bryant <stewart.bryant@gmail.com>
Subject: Some comments on draft-leiba-cotton-iana-5226bis-19
To: draft-leiba-cotton-iana-5226bis@ietf.org, IETF Discussion <ietf@ietf.org>
Message-ID: <f0680859-3918-31da-3abb-8f5b7cf0985c@gmail.com>
Date: Wed, 11 Jan 2017 17:14:53 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/2xXrFfCv5SDyufFD7jgyQKcvSsM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2017 17:20:11 -0000


    The Protocol field in the IP header [RFC0791] and MIME media types
    [RFC6838] are two examples of such coordinations.

SB> nit I suspect that coordination should be singular.

===========


1.2.  For Updated Information

    IANA Services maintains a web page that includes additional
    clarification information, beyond what is provided here, such as
    minor updates and summary guidance.  Document authors should check
    that page.  Any significant updates to the best current practice will
    have to feed into updates to BCP 26 (this document), which is
    definitive.

       <https://iana.org/help/protocol-registration>.

SB> The URL seems stranded.
SB> Surely the para should be slit and it placed up there.

=============

    If you are registering into an existing registry...

SB> I am surprised that there is no guidance to copy the layout in
SB> the existing registry. So authors don't do that and it is much
SB> harder to check that it is correct.

==============

       Providing a URL to precisely identify the registry helps IANA
       Services understand the request.  Such URLs can be removed from
       the RFC prior to final publication, or left in the document for
       reference.  If you include iana.org URLs, IANA Services will
       provide corrections, if necessary, during their review.


SB> This seems new. Certainly it is not common in documenting the lower
SB> layers of the stack. Has this led to any significant problems in the
SB> past?

================

2.4.  Revising Existing Registries



    Normally, numeric values to be used are chosen by IANA Services when
    the document is approved, and drafts should not specify final values.
    Instead, placeholders such as "TBD1" and "TBD2" should be used
    consistently throughout the document, giving each item to be
    registered a different placeholder.  The IANA Considerations should
    ask the RFC Editor to replace the placeholder names with the assigned
    values.  When drafts need to specify numeric values for testing or
    early implementations, they will either request early allocation (see
    Section 3.4) or use values that have already been set aside for
    testing or experimentation (if the registry in question allows that
    without explicit assignment).  It is important that drafts not choose
    their own values, lest IANA Services assign one of those values to
    another document in the meantime.  A draft can request a specific
    value in the IANA Considerations section, and IANA Services will
    accommodate such requests when that's possible, but the proposed
    number might have been assigned to some other use by the time the
    draft is approved.

SB> It would be useful to remind the new reader of early allocation
SB> so that they can gain pre-standards experience with the protocol

=================

    The IANA Considerations section should summarize all of the actions,
    with pointers to the relevant sections elsewhere in the document as
    appropriate.  Including section numbers is especially useful when the
    reference document is large; the section numbers will make it easier
    for those searching the reference document to find the relevant
    information.

SB> It can be hard enough to display some registries without this extra text
SB> 80 chars is not much space.
SB> Hopefully this will not escalate to become a requirement.

=============

    Note: In cases where authors feel that including the full table of
    changes is too verbose or repetitive, authors should still include
    the table in the draft, but may include a note asking that the table
    be removed prior to publication of the final RFC.


SB> Surely this risks loosing tractability? Maybe relegate it to an
SB> appendix? Many times I have found it useful to know exactly
SB> when an why a registry entry changed.

=================

3.3.  Overriding Registration Procedures

    Experience has shown that the documented IANA considerations for
    individual protocols do not always adequately cover the reality of
    registry operation, or are not sufficiently clear.  In addition,
    documented IANA considerations are sometimes found to be too
    stringent to allow even working group documents (for which there is
    strong consensus) to perform a registration in advance of actual RFC
    publication.

    In order to allow assignments in such cases, the IESG is granted
    authority to override registration procedures and approve assignments
    on a case-by-case basis.

    The intention here is not to overrule properly documented procedures,
    or to obviate the need for protocols to properly document their IANA
    considerations.  Rather, it is to permit assignments in specific
    cases where it is obvious that the assignment should just be made,
    but updating the process beforehand is too onerous.

SB> Perhaps this should also make clear that in the event of a dispute
SB> with a designated expert the IESG can overrule the expert.

==================

3.4.  Early Allocations

    IANA Services normally takes its actions when a document is approved
    for publication.  There are times, though, when early allocation of a
    value is important for the development of a technology: for example,
    when early implementations are created while the document is still
    under development.

    IANA Services has a mechanism for handling such early allocations in
    some cases.  See [RFC7120] for details.  It is usually not necessary
    to explicitly mark a registry as allowing early allocation, because
    the general rules will apply.


SB> RFC7120 has text saying that an early allocation dies of old age
SB> unless certain procedures are followed. In practice I have seen
SB> such code-point technically die, but remain in deployed use up
SB> until the draft later becomes ready for publication perhaps a couple
SB> of years later.
SB> It would be useful to clarify that at publication the in use
SB> but technically dead codepoint can be allocated to the RFC.


========================


    It should be noted that it often makes sense to partition a namespace
    into multiple categories, with assignments within each category
    handled differently.  Many protocols now partition namespaces into
    two or more parts, with one range reserved for Private or
    Experimental Use while other ranges are reserved for globally unique
    assignments assigned following some review process.  Dividing a
    namespace into ranges makes it possible to have different policies in
    place for different ranges and different use cases.

SB> What can also be useful is to reserve a bunch of numbers in case
SB> is "a run on the bank". Particularly if done is such a was
SB> as to permit range extension. RFC7274 is an example of where
SB> a range extension method was published.


=====================

4.1.  Private Use

    For private or local use only, with the type and purpose defined by
    the local site.  No attempt is made to prevent multiple sites from
    using the same value in different (and incompatible) ways.  IANA
    Services does not record assignments from registries or ranges with
    this policy (and therefore there is no need for IANA Services to
    review them) and assignments are not generally useful for broad
    interoperability.  It is the responsibility of the sites making use
    of the Private Use range to ensure that no conflicts occur (within
    the intended scope of use).

    Examples:

       Site-specific options in DHCP [RFC2939]
       Fibre Channel Port Type Registry [RFC4044]
       TLS ClientCertificateType Identifiers 224-255 [RFC5246]

SB> The 192.168.0.0 and 10/24 subnets are possibly better known
SB> examples to the new reader.

==============

    When code points are set aside for experimental use, it's important
    to make clear any expected restrictions on experimental scope.  For
    example, say whether it's acceptable to run experiments using those
    code points over the open Internet, or whether such experiments
    should be confined to more closed environments.  See [RFC6994] for an
    example of such considerations.

SB> This seems to be backing away from what I have always thought was
SB> best practice, i.e. don't deploy these codepoints outside the lab.
SB> Otherwise what happens is code-point-squatting on experimental
SB> values with all sorts of consequential problems.

=================

4.5.  Expert Review

SB> I did not see it covered here, but my recollection is that
SB> the documentation of ER codepoints does not need to be placed
SB> in the public domain, and that where this is a matter of
SB> conflict of interest, or commercial confidentially a suitably
SB> no-partizan expert may be appointed to the task.

=================


4.6.  Specification Required

    The intention behind "permanent and readily available" is that a
    document can reasonably be expected to be findable and retrievable
    long after assignment of the requested value.

SB> Do we need to comment on the cost of acquiring the specification?
SB> A text may be publicly available but at unaffordable cost. It may
SB> also be both copyright and out of print.

=================

4.12.  Using Multiple Policies in Combination

SB> An alternative to consider is to use a lower bar registration but reserve
SB> some values for the future.

=================


5.2.  The Role of the Designated Expert

    Designated experts are generally
    not expected to be "gatekeepers", setting out to make registrations
    difficult to obtain, unless the guidance in the defining document
    specifies that they should act as such.

SB> I wonder if "generally not expected to be" is strong enough?

    If a designated expert has a conflict of interest for a particular
    review (is, for example, an author or significant proponent of a
    specification related to the registration under review),

SB> The CoI is of course corporate, and it is generally best practise
SB> for an employee of the requesting organization not to act as
SB> ER for their employers codepoint requests.

==================


9.  Miscellaneous Issues

9.1.  When There Are No Actions

    Before an Internet-Draft can be published as an RFC, IANA Services
    needs to know what actions (if any) it needs to perform.  Experience
    has shown that it is not always immediately obvious whether a
    document has no actions, without reviewing the document in some
    detail.  In order to make it clear to IANA Services that it has no
    actions to perform (and that the author has consciously made such a
    determination), such documents should, after the authors confirm that
    this is the case, include an IANA Considerations section that states:

       This document has no actions.

    IANA Services prefers that these "empty" IANA Considerations sections
    be left in the document for the record: it makes it clear later on
    that the document explicitly said that no actions were needed (and
    that it wasn't just omitted).  This is a change from the prior
    practice of requesting that such sections be removed by the RFC
    Editor, and authors are asked to accommodate this change.

SB> I am wondering why this change of policy? It would have made
SB> sense in the past when drafts really were ephemeral, but now
SB> the full history of the drafts is available through datatracker
SB> we have a full audit trail.
SB> If anything we should be moving the other way from leaving
SB> the null section in to now taking it out.

=================


9.4.  Reclaiming Assigned Values
SB> A reference to RFC7274 might be a useful case study here.


12.  Security Considerations

This section considers protocol security.

As a process document do we need to consider the security and
auditability of the IANA process itself?

- Stewart