Re: Gen-ART LC/Telechat Review of draft-ietf-isis-genapp-03.txt
Ben Campbell <ben@nostrum.com> Wed, 06 October 2010 15:54 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B23CF3A6F99; Wed, 6 Oct 2010 08:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.333
X-Spam-Level:
X-Spam-Status: No, score=-102.333 tagged_above=-999 required=5 tests=[AWL=-0.334, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ajj5RTa09kA0; Wed, 6 Oct 2010 08:54:16 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id A82033A7130; Wed, 6 Oct 2010 08:54:14 -0700 (PDT)
Received: from dn3-174.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id o96FtCwm099055 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 6 Oct 2010 10:55:12 -0500 (CDT) (envelope-from ben@nostrum.com)
Subject: Re: Gen-ART LC/Telechat Review of draft-ietf-isis-genapp-03.txt
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <AE36820147909644AD2A7CA014B1FB520C2F3904@xmb-sjc-222.amer.cisco.com>
Date: Wed, 06 Oct 2010 10:55:12 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <2F37C712-C4A4-4B01-B995-D2CE0F0961B7@nostrum.com>
References: <33716978-4BFA-42BD-B9A1-07F8AD1AAB32@nostrum.com> <AE36820147909644AD2A7CA014B1FB520C2F388E@xmb-sjc-222.amer.cisco.com> <880898FA-B137-4E6C-9390-1919FB8A6DB6@nostrum.com> <AE36820147909644AD2A7CA014B1FB520C2F3904@xmb-sjc-222.amer.cisco.com>
To: Les Ginsberg <ginsberg@cisco.com>
X-Mailer: Apple Mail (2.1081)
X-Mailman-Approved-At: Wed, 06 Oct 2010 12:58:40 -0700
Cc: draft-ietf-isis-genapp.all@tools.ietf.org, General Area Review Team <gen-art@ietf.org>, The IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 15:54:17 -0000
On Oct 6, 2010, at 10:14 AM, Les Ginsberg (ginsberg) wrote: [...] >>> >>> From RFC 5226: >>> >>> "Specification Required - Values and their meanings must be >>> documented in a permanent and readily available public >>> specification, in sufficient detail so that >> interoperability >>> between independent implementations is possible. When >> used, >>> Specification Required also implies use of a Designated >>> Expert, who will review the public specification..." >>> >>> We deliberately chose "Specification Required" because: >>> >>> a)It requires a public specification >>> b)It allows the public specification to be other than an RFC >>> c)It requires expert review >> >> Completing the sentence in your quote: "who will review the public >> specification and evaluate whether it is sufficiently clear to allow >> interoperable implementations." >> >> My understanding of "Specification Required" is that the expert review >> is merely to ensure that the documentation is sufficiently complete > and >> readable to implement in an interoperable way. That review is not >> intended to ensure compliance to other criteria specified in the > draft. >> >> However, the draft includes some specific criteria for GENINFO >> applications. If you want the reviewer to enforce those criteria, then >> I think you need at least "Expert Review". OTOH, in RFC5226, the >> "expert review" policy has less to say about the required level of >> documentation, so the draft might require some more meat in that area. >> > > This is a bit distressing - because you are suggesting that RFC 5226 > doesn't define a category which is appropriate for our usage - which > means we have to try to define a unique policy. I am not quite sure how > to do that with sufficient authority and minimal controversy. > > My understanding is that RFC 5226 is specific to IANA considerations - > so we have attempted to define a clear policy as to how the review of > code point assignments is done. > > Beyond that, it seems clear that a given Application specification could > specify behavior that might be seen as undesirable e.g. it could specify > some extremely high rate of updates. Given that we allow application > specification to be defined in public documents from a variety of > sources, I don't see how we could define an enforceable review policy > for the application specifications. It is at the IANA codepoint > allocation that we have control - and certainly it seems within the > purview of an expert to say "I think your specification is flawed and I > won't approve the allocation of codepoints until the issues of concern > are addressed". > Yes, both "specification required" and "expert review" involve expert review. But they have significant differences in the scope of the review. "Specification required" means that the expert should review to make sure the specification is clear enough to be implemented in an interoperable fashion. It doesn't in any way indicate that the expert thinks the code point is "good", or that it conforms to the purpose of the registry. Certainly, the expert could offer advise on issues, but the registrant would not be under any obligation to follow the advise. "Expert Review" means that the expert should review a registration to make sure that it conforms to the criteria set forth in the document that defined the registry. I really think that is what you are looking for, particularly from your last sentence above about the expert being able to block allocation of a flawed code point. For example, RFC 3563 calls out "Expert Review", and sets a number of criteria, one of which is the assertion that registrations require standards actions, or that they require publications from ISO/IEC JTC1/SC6 that meant the normal requirements for an RFC. In your case, I think you need Expert Review, with criteria along the lines that registrants must meet the requirements of "specification required", that it must describe its expected rate of updates (and that this not be excessive), that it must address any security considerations, etc. > >> I note that while RFC3563, which established the IS-IS TLV Codepoint >> registry, says "Expert Review", the review criteria is pretty much >> equivalent to "standards action". I'm guessing the only reason it was >> not "standards action" was to allow ISO/IEC JTC1/SC6 to submit >> specifications, which are to be held to the same standard as a >> standards-track RFC, but do not actually get published as such. So for >> practical purposes, the proposed policy for GENINFO is significantly >> weaker than for the parent registry--more so than one might think from >> just looking at the registry itself. > > I am not clear on why "Expert Review" is seen as a stronger review > criteria than "Specification Required" - which includes expert review as > well as a requirement for a public specification. Actually, "expert review" doesn't have to be stronger than specification required. But it can be. It's all a matter of how you define the review criteria. The difference is, in "expert review" you get to define the criteria. In "specification required", the criteria is already defined, and fairly limited. RFC3563 has has quite strict criteria, thus my comment about it being "stronger". For all practical purposes, the policy for RFC 3563 is "standards action" with some very specific exceptions. [...] >>> >>> If the revised version of a GENINFO TLV is sent in an LSP with a >>> different number from the previous version there can be transient >>> windows where other systems have two copies of information regarding >> the >>> same application. This may be unavoidable. For completeness we >> specify >>> that the choice of what to do in such transient situations is >>> implementation specific (undefined). This section does specify ways >> to >>> minimize the occurrence/duration of such transient periods. >> >> Does leaving this undefined cause interop issues? If not, then no >> problem. > > There is no alternative. It is not possible to determine in a reliable > way which copy is "newer". Okay [...] >> >> Since the registration policy is not at least "RFC Required", there's >> no explicit requirement that the public document actually do this. If >> you wish to require them to do it, you will need to state something to >> that effect. (See previous comment about whether the registration >> policy actually enforces that sort of criteria.) > > I appreciate your point - but I don't see how we have the authority to > place a requirement on a document developed in another standards body. > You can set criteria for the codepoint allocation, though. Requiring the specification of a code point to address security seems to be a reasonable criteria.
- Gen-ART LC/Telechat Review of draft-ietf-isis-gen… Ben Campbell
- RE: Gen-ART LC/Telechat Review of draft-ietf-isis… Les Ginsberg (ginsberg)
- Re: Gen-ART LC/Telechat Review of draft-ietf-isis… Ben Campbell
- RE: Gen-ART LC/Telechat Review of draft-ietf-isis… Les Ginsberg (ginsberg)
- Re: Gen-ART LC/Telechat Review of draft-ietf-isis… Ben Campbell
- RE: Gen-ART LC/Telechat Review of draft-ietf-isis… Les Ginsberg (ginsberg)
- Re: Gen-ART LC/Telechat Review of draft-ietf-isis… Ben Campbell