Re: Proposed IESG Statement on the use of the “Updates” header

Brian E Carpenter <> Tue, 11 September 2018 20:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E3219130DF1; Tue, 11 Sep 2018 13:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dMDfN3gLpds7; Tue, 11 Sep 2018 13:56:29 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 16678130DE4; Tue, 11 Sep 2018 13:56:29 -0700 (PDT)
Received: by with SMTP id h79-v6so12802499pfk.8; Tue, 11 Sep 2018 13:56:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=o5ODtWEAH5C3QWo6T+Y/q4dWEpJF19yQ133oUDoG0KA=; b=bFXbigb3DawBdoQSo/CWX0372uquokHuRe+oEK5n4nY7CihlQ2m7n8TsnJOTUbsuG+ VwIcsEZ+I6Bp8OhXyoHa91uK6DHvSk9SKAtWaSipSirqJviNjN9smmjVwP2fZ7bmfLlj DPUn/M/Wf+cWuf8fFHPbBZxED7EvEsFmKvZEPwmRMe98Jh7pOf63eVrIzcguAZVHQePK Y4RmEhULuC7eoKwh5Ms5xouW7IxfXsQvrszBitvAgbmyUH+DcJhtmsZJwlmsVcRu78/b +jlD4focJk4a3AJw7Bjjy/hEGcAksQNi3BSCYTZ4ugahIyJxtDOhBvPqNm75aNe2qHuM YqgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=o5ODtWEAH5C3QWo6T+Y/q4dWEpJF19yQ133oUDoG0KA=; b=JgqAwisB6in622SA0BRTzP1jUNyvWqCdt/qYNBvx0hZH7XpI5CUhH+vUg1/ngvzpCC 24Fnmfo853G7m2Svj2Af+1DeKoG1oaNAi1DgMMYb+p0/Yjb5yx9UgGLs1BcWQIMmkm9b VN8rz0hFbhbD817ZsQG7rXwGW3TJ+Euw2bJ+vhzue8bhpk8wdCs4YdHSflDhf2klrgPb TBJwNi+eL8XjE6YbymrPNdNdCdAIYKZj7WV/mDA/IBXEWj/kc7U0TSTvqmBIZV2EwFbS hF6xIBJrQcptj8qZRW9Pj6sNjlmh7uMPSxK+KxMjAU7hoF2zc5nVZ6EoowhC8tsHPbLe ynjQ==
X-Gm-Message-State: APzg51BSK5hbOZKk0RQQ94uWe4fjLz2kgFzpVllX37Z3bobmf4d2XI32 yQ6k82NmktwG+Arm+jOUEHq9awMn
X-Google-Smtp-Source: ANB0VdZR6X9q+rC6F9KRray7ZJy2vnXxuclH6QbRZhuln9SGRUCpupFBB0PRw7Id10nvceSBTwkARg==
X-Received: by 2002:a63:5964:: with SMTP id j36-v6mr30037875pgm.222.1536699388575; Tue, 11 Sep 2018 13:56:28 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id x9-v6sm35568166pfd.31.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Sep 2018 13:56:27 -0700 (PDT)
Subject: =?UTF-8?Q?Re:_Proposed_IESG_Statement_on_the_use_of_the_=e2=80=9cUp?= =?UTF-8?B?ZGF0ZXPigJ0gaGVhZGVy?=
To: Robert Sparks <>, Ben Campbell <>,
Cc: The IESG <>
References: <> <>
From: Brian E Carpenter <>
Message-ID: <>
Date: Wed, 12 Sep 2018 08:56:23 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Sep 2018 20:56:31 -0000

On 2018-09-12 06:08, Robert Sparks wrote:
> I can live with this statement, but I don't like it.
> I'm in the camp that prefers the more specific "This changes the code 
> you need to write" camp - I would prefer Update be restricted to the 
> cases where you are changing the protocol defined in the updated 
> document in an essential way. 

The IAB already opined indirectly on this topic. says:

>>>    Extension designers should examine their design for the following
>>>    issues:
>>>    1.  Modifications or extensions to the underlying protocol.  An
>>>        extension document should be considered to update the underlying
>>>        protocol specification if an implementation of the underlying
>>>        protocol would need to be updated to accommodate the extension.
>>>        This should not be necessary if the underlying protocol was
>>>        designed with a modular interface.

(followed by more detailed discussion).

I'm not sure the IESG text is 100% compatible with this.

> nor do they, by themselves, imply that implementers must implement the updating RFC to continue to comply with the updated one.

seems to be going to far. It may be the intent of the update that
implementations *need* to be updated, because the update fixes a bug.
In that case, "updates" really means "partially obsoletes". 

Another point: the statement is scoped to the IETF stream. But it would
be much better if all RFC streams use the same semantics. I'd like to
hear from the RFC Series Editor on this.


> The use of extension points doesn't cross 
> that bar. So, count me as against everything in the second paragraph 
> beyond the first sentence.
> That said, I again note that I can live with what's proposed.
> RjS
> p.s. I assume you've rehashed previous IESGs discussions of adding a 
> "See Also" relationship?
> On 9/11/18 10:55 AM, Ben Campbell wrote:
>> Hi Everyone,
>> There have been several discussions lately about the use and meaning of the “Updates” header in RFCs, and the resulting “Updates”/“Updated by” relationships. The IESG is thinking about making the following statement, and solicits feedback.
>> Thanks!
>> Ben.
>> --------------------------------------------
>> There has been considerable confusion among the IETF community about the formal meaning of the “Updates” / "Updated by" relationship in IETF stream RFCs. The “Updates” header has been historically used for number of reasons of various strength. For example, the “Updates” header may be used to indicate critical normative updates (i.e. bug fixes), optional extensions, and even “additional information”.
>> The IESG intends these headers to be used to inform readers of an updated RFC that they need to be aware of the RFC that updates it. The headers have no formal meaning beyond that. In particular, the headers do not, by themselves, imply a normative change to the updated RFC, nor do they, by themselves, imply that implementers must implement the updating RFC to continue to comply with the updated one.
>> The specific reasons that a given RFC updates another should be described in the abstract and body of the new RFC. The level of detail may differ between the abstract and the body; typically an abstract should contain enough detail to help readers decide if they need to read the rest of the RFC. The body should contain enough detail for readers to fully understand the nature of the update.
>> The importance of including an “Updates” header depends on the nature of the update. Normative updates that do not use a known extension point should always include an “Updates” header. Extensions that do use known extension points do not typically need to include the “Updates” header, but may in cases where it’s important to make the extension known to readers of the original RFC. Other uses of “Updates” may be appropriate when it’s important for readers to know about them; for example a new RFC may expand security or operational considerations in a way that is not normative, but still important.
>> RFCs that fully replace other RFCs should typically use the “Obsoletes” header rather than the “Updates” header. The “Updates” header should be used to flag updates to published RFCs; it is not appropriate to “Update” an Internet-Draft.