IETF Logo Mail Archive

Re: Evolving Documents (nee "Living Documents") side meeting at IETF105.)

john heasley <heas@shrubbery.net> Thu, 18 July 2019 21:00 UTC

Return-Path: <heas@shrubbery.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDAC120124 for <ietf@ietfa.amsl.com>; Thu, 18 Jul 2019 14:00:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwW_2wpboDmK for <ietf@ietfa.amsl.com>; Thu, 18 Jul 2019 14:00:06 -0700 (PDT)
Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE42A1200EF for <ietf@ietf.org>; Thu, 18 Jul 2019 14:00:06 -0700 (PDT)
Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 9C10E217C2; Thu, 18 Jul 2019 21:00:06 +0000 (UTC)
Date: Thu, 18 Jul 2019 21:00:06 +0000
From: john heasley <heas@shrubbery.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: IETF discussion list <ietf@ietf.org>
Subject: Re: Evolving Documents (nee "Living Documents") side meeting at IETF105.)
Message-ID: <20190718210006.GE68884@shrubbery.net>
References: <6317584D-4C9B-46E9-8197-D2A488701868@fugue.com> <20190704140552.GE49950@hanna.meerval.net> <b0943792-1afc-0c94-51b7-f2d393ef39c5@network-heretics.com> <20190705205723.GI55957@shrubbery.net> <20190706185415.GB14026@mit.edu> <CABcZeBPgNr5UqQ0pLwwNu5wh0g9L9wCd6YyYKCUDO37SPru-_Q@mail.gmail.com> <20190708202612.GG60909@shrubbery.net> <9ae14ad1-f8d5-befb-64e4-fff063c88e02@network-heretics.com> <20190717004659.GC67328@shrubbery.net> <cf321f62-1359-26c6-39d5-595fa88c0103@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <cf321f62-1359-26c6-39d5-595fa88c0103@cs.tcd.ie>
X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/nsMsiVZxNWdR22dTykv1X99_BZc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 21:00:08 -0000

Wed, Jul 17, 2019 at 11:40:42AM +0100, Stephen Farrell:
> 
> Hiya,
> 
> On 17/07/2019 01:46, john heasley wrote:
> > Thus that BGP over TLS RFC does not need to be updated as TLS evolves or
> > TLS RFCs come/go, nor does it need to make recommendations about TLS
> > itself - something that the authors may not be qualified to comment about.
> 
> That is already true. Simply refer to BCP195 instead of
> RFC7525 and you get that bit.

BCP numbers are static?  An RFC that supersedes 7525 and becomes BCP
will also be 195?  I see no indication of this in 2026: thus I assume
it will receive a new number.  What have I missed?

> I understand the desire for more quickly moving things
> but IMO changing too quickly also has downsides so I'm
> ok with RFC7525 being the latest instance of BCP195 and
> for that RFC needing to be updated or the BCP having
> another RFC added to it for TLS1.3 (hopefully in the not
> too distant).

I am not; recommendations, esp. for security topics, need to move near the
speed of blackops, not at RFC speed - or worse, BCP speed, which I perceive
to be even slower and carry more weight.  I feel the same for other
technologies, security just has more inherent urgency.

The RFC itself says
" Community knowledge about the strength of various algorithms and
   feasible attacks can change quickly, and experience shows that a Best
   Current Practice (BCP) document about security is a point-in-time
   statement.  Readers are advised to seek out any errata or updates
   that apply to this document."

> I'd be against github-hosted evolving, living or dying
> documents. Github is ok for drafts as we do now, but even
> today leads to too much off-list discussion and decision
> making in my experience.

An SCM that is publicly available, of which I do not expect debate.  Which
and where, I expect will be debated ad nauseam.

> That said, I do like the idea of a WG nominating a draft
> (or set of drafts with additional commentary) as the
> current interop draft, but I think I'd be against such an
> artefact being a long-lived thing to which e.g. RFCs may
> normatively refer.

Think of it as a library or compatibility library.

v2.23.0 | Report a Bug | By Email