Re: [secdir] Secdir review of draft-housley-ltans-oids-00

Jeffrey Hutzelman <> Mon, 15 July 2013 18:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 000FE1F0D3E; Mon, 15 Jul 2013 11:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UmMpFV+vSQw5; Mon, 15 Jul 2013 11:33:52 -0700 (PDT)
Received: from (SMTP02.SRV.CS.CMU.EDU []) by (Postfix) with ESMTP id 46AE721E8115; Mon, 15 Jul 2013 11:33:36 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.6/8.13.6) with ESMTP id r6FIXW45020921 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 15 Jul 2013 14:33:32 -0400 (EDT)
Message-ID: <>
From: Jeffrey Hutzelman <>
To: Tero Kivinen <>
Date: Mon, 15 Jul 2013 14:33:32 -0400
In-Reply-To: <>
References: <>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Scanned-By: mimedefang-cmuscs on
Subject: Re: [secdir] Secdir review of draft-housley-ltans-oids-00
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Jul 2013 18:33:59 -0000

On Sat, 2013-07-13 at 00:40 +0300, Tero Kivinen wrote:

> One odd thing is that all registries are marked as "Expert Review or
> IESG Approval", but which one of those is used? Is this supposed to
> mean that if IESG appoints a designed expert for these, then he does
> checks the updates, but if not, then IESG approval is needed? Or is it
> mean to say that even when there is designated expert, the IESG and
> ignore him and do the approval themselves (in which case I Would ask
> what is the point of having the designated expert)?

It means that either the "Expert Review" or "IESG Approval" methods can
be used.  Over the years, we've seen a number of cases where it turns
out to be desirable to assign a number under circumstances not foreseen
by the authors of the document that originally set up a registry, and
under which none of the policies attached to that registry can be
applied.  As defined in RFC5226, the "IESG Approval" policy is intended
to be an escape valve that allows the IESG to handle these exceptions,
rather than failing an allocation due to a policy bug when it clearly
should have been accepted.  Of course, in such a case one can always
publish an IETF consensus document to change the policy, but often that
introduces an unacceptable level of delay.

As Russ notes, when the defined policy is "Expert Review", the IESG can
likely handle exceptions by designating an expert, so perhaps the escape
valve is not necessary.  However, I don't think it's harmful.

However, I do note that this document uses the "Expert Review" policy
several times, but fails to specify the required level of documentation
or the review criteria to be used by the Designated Expert.  Without
this information, I don't think it's possible to make any meaningful
comment on the IANA registration policies.

-- Jeff