Re: [saag] keys under doormats: is our doormat ok?

Stephen Farrell <> Sat, 25 July 2015 13:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BAF921B2E33 for <>; Sat, 25 Jul 2015 06:20:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iNikvtV2q8lj for <>; Sat, 25 Jul 2015 06:20:31 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0B8CB1B2E27 for <>; Sat, 25 Jul 2015 06:20:27 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5DC83BE88; Sat, 25 Jul 2015 14:20:25 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 87IEMgytG0Dt; Sat, 25 Jul 2015 14:20:24 +0100 (IST)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id D94FEBE7B; Sat, 25 Jul 2015 14:20:23 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1437830424; bh=sWlp9vbCq5aK+PnqpN+1fj10TcCcz9pThmwnurv+MUo=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=brh50/Yo7bA2HDxvcq4CAfmzho9ctKpywd+4OgxEfMl5ysvhWF2kCILshcJoiuO51 Uk/LUnwIyO6yneKdyYTdE6bxk9wFBmKIoFcPs7y4XnhfqFSB69zYZCdopdI5lMUTbr alDXr2oPfidD0Ot/kHYOKwVTFrPLHZ2AYCYR0Eiw=
Message-ID: <>
Date: Sat, 25 Jul 2015 14:20:22 +0100
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Carsten Bormann <>, Yoav Nir <>
References: <> <> <> <> <> <>
In-Reply-To: <>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: Simon Josefsson <>, Paul Hoffman <>, "" <>
Subject: Re: [saag] keys under doormats: is our doormat ok?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 25 Jul 2015 13:20:33 -0000


On 12/07/15 19:10, Carsten Bormann wrote:
> Just as we elevated RFC 20 to STD, we could still elevate it to BCP -- a
> status that, IIRC, was just becoming available at the time RFC 1984 was
> published.

During the saag session in Prague we asked about this (more when I get
a chance to merge the good meeting notes we got). My conclusion from
that was that there seems to be a reasonable consensus among those who
were there and claimed to understand the issues to do as Carsten
suggests and there was almost no support for revising the text and
issuing a substantive update.

That means we try to upgrade RFC 1984 to BCP status in-place without
changes to the text or the RFC number.

I'm checking with the IESG and IAB to see if this plan causes them
angst and will report back in a week(ish) and take it from there. (So
get ready for, but please don't yet start, the potentially "fun"
process debate about the "C" in BCP - we'll undoubtedly do that in
an IETF last call;-)